#!/bin/sh
# erase database and other meta information
# database size over 500mb drastically affects perfomance

miscdir='/var/osquery/'
logdir='/var/log/osquery/'
dbdir='/usr/share/osquery/osquery.dbq'
#/usr/bin/env bash -c "/usr/bin/env find $miscdir -mindepth 1 -delete || /usr/bin/env true"
/usr/bin/env bash -c "/usr/bin/env find $logdir -mindepth 1 -delete 2>/dev/null || /usr/bin/env true"
/usr/bin/env bash -c "/usr/bin/env find $dbdir -mindepth 1 -delete 2>/dev/null || /usr/bin/env true"

case "$1" in
  configure|2)
    if which /bin/systemctl >/dev/null && pidof systemd-journald >/dev/null 2>&1 ; then
        /bin/systemctl mask systemd-journald-audit.socket > /dev/null 2>&1 #mask audit socket
        /bin/systemctl restart systemd-journald-audit.socket > /dev/null 2>&1 #same
    	/bin/systemctl daemon-reload >/dev/null 2>&1
    	/bin/systemctl enable osqueryd >/dev/null 2>&1
    	/bin/systemctl stop osqueryd >/dev/null 2>&1
        /usr/bin/find /tmp -type f -name "osqueryd*" -delete >/dev/null 2>&1
        if test -f "/var/osquery/osquery.db/"; then
            /usr/bin/find /var/osquery/osquery.db/ -type f -delete >/dev/null 2>&1
        fi
        /bin/systemctl restart osqueryd || exit $?
    elif which invoke-rc.d >/dev/null && which update-rc.d >/dev/null 2>&1 ; then
    	update-rc.d osqueryd defaults >/dev/null 2>&1
        invoke-rc.d osqueryd stop >/dev/null 2>&1
        /usr/bin/find /tmp -type f -name "osqueryd*" -delete >/dev/null 2>&1
        /usr/bin/find /var/osquery/osquery.db/ -type f -delete >/dev/null 2>&1
    	invoke-rc.d osqueryd restart || exit $?
    elif which initctl >/dev/null 2>&1 ; then
    	initctl reload-configuration >/dev/null 2>&1
        initctl stop osqueryd >/dev/null 2>&1
        /usr/bin/find /tmp -type f -name "osqueryd*" -delete >/dev/null 2>&1
        /usr/bin/find /var/osquery/osquery.db/ -type f -delete >/dev/null 2>&1
    	initctl restart osqueryd || exit $?
    else
        service osqueryd stop >/dev/null 2>&1
        /usr/bin/find /tmp -type f -name "osqueryd*" -delete >/dev/null 2>&1
        /usr/bin/find /var/osquery/osquery.db/ -type f -delete >/dev/null 2>&1
        service osqueryd restart || exit $?
    fi
    ;;
  *)
    exit 0
    ;;
esac

exit 0
