Linux_frogg-profile.d/inc/services.sh

#!/bin/bash

status_text()
{
    local type="$1"
    local msg="$2"

    case "$type" in
        ok|success)
            echo "${GREEN}✅ ${msg}${NC}"
            ;;
        warn|warning)
            echo "${YELLOW}⚡ ${msg}${NC}"
            ;;
        error|err)
            echo "${RED}❌ ${msg}${NC}"
            ;;
        *)
            echo "${msg}"
            ;;
    esac
}

format_line()
{
    local label="$1"
    local status="$2"
    local width=16

    local len=${#label}
    local dots=""
    local i

    while [ "$len" -lt "$width" ]; do
        dots="${dots}."
        len=$((len + 1))
    done

    printf "%s%s: %b\n" "$label" "$dots" "$status"
}


check_service()
{
    local svc="$1"
    local label="$2"
    local status

    if ! command -v systemctl >/dev/null 2>&1; then
        status=$(status_text error "systemctl indisponible")
        format_line "$label" "$status"
        return
    fi

    if sudo -n systemctl is-active --quiet "$svc" 2>/dev/null; then
        status=$(status_text success "actif")

    elif sudo -n systemctl status "$svc" >/dev/null 2>&1; then
        status=$(status_text error "arrêté")

    else
        status=$(status_text error "non installé")
    fi

    format_line "$label" "$status"
}


get_systemd_status()
{
    local failed_output failed_count status

    # On capture la sortie ET on vérifie si la commande réussit
    # 2>/dev/null est crucial ici pour ne pas polluer l'affichage
    if failed_output=$(systemctl --failed --no-legend --no-pager 2>/dev/null); then
        # La commande a fonctionné, on compte les lignes vides ou non
        failed_count=$(echo "$failed_output" | grep -c '[^[:space:]]')

        if [ "$failed_count" -gt 0 ]; then
            status=$(status_text error "État critique (${failed_count} problème(s))")
        else
            status=$(status_text success "système OK")
        fi
    else
        # La commande a échoué (probablement un problème de sudo/permissions)
        status=$(status_text warning "Erreur accès (relancer avec sudo)")
    fi

    format_line "Systemd" "$status"
}


get_fail2ban_status()
{
    local banned status jails count total=0

    if ! command -v fail2ban-client >/dev/null 2>&1; then
        status=$(status_text error "non installé")
        format_line "Fail2Ban" "$status"
        return
    fi

    if ! fail2ban-client ping >/dev/null 2>&1; then
        status=$(status_text error "service indisponible")
        format_line "Fail2Ban" "$status"
        return
    fi

    jails=$(fail2ban-client status 2>/dev/null | sed -n 's/.*Jail list:\s*//p' | tr ',' ' ')

    for jail in $jails; do
        count=$(fail2ban-client status "$jail" 2>/dev/null | awk '/Currently banned/ {print $NF}')
        total=$((total + ${count:-0}))
    done

    status=$(status_text success "actif (${total} IPs bannies)")
    format_line "Fail2Ban" "$status"
}

get_apparmor_status()
{
    local enforce status

    if [ ! -d /sys/kernel/security/apparmor ]; then
        status=$(status_text error "non disponible")
        format_line "AppArmor" "$status"
        return
    fi

    enforce=$(aa-status 2>/dev/null | awk '/profiles are in enforce mode/ {print $1}')

    if [ -z "$enforce" ] || [ "$enforce" -eq 0 ]; then
        status=$(status_text error "aucun profil renforcé")
    else
        status=$(status_text success "${enforce} profils renforcés")
    fi

    format_line "AppArmor" "$status"
}

get_ufw_status()
{
    local status rules raw

    if ! command -v ufw >/dev/null 2>&1; then
        status=$(status_text error "non installé")
        format_line "Firewall (UFW)" "$status"
        return
    fi

    raw=$(ufw status 2>/dev/null | head -n 1)

    if echo "$raw" | grep -q "active"; then
        rules=$(ufw status 2>/dev/null | grep -cE "ALLOW|DENY")
        status=$(status_text success "actif (${rules} règles)")
    else
        status=$(status_text error "inactif")
    fi

    format_line "Firewall (UFW)" "$status"
}


# ---- DISPLAY

echo -e $(get_systemd_status)
echo -e $(get_fail2ban_status)
echo -e $(get_apparmor_status)
echo -e $(get_ufw_status)

echo -e $(check_service "zabbix-server" "Zabbix Server")
echo -e $(check_service "mysql" "MySQL")
echo -e $(check_service "apache2" "Apache Web")