#!/bin/sh
# erase database and other meta information
# database size over 500mb drastically affects perfomance

miscdir='/var/osquery/'
logdir='/var/log/osquery/'
dbdir='/usr/share/osquery/osquery.dbq/'
/usr/bin/env bash -c "/usr/bin/env find $miscdir -mindepth 1 -delete || /usr/bin/env true"
/usr/bin/env bash -c "/usr/bin/env find $logdir -mindepth 1 -delete || /usr/bin/env true"
/usr/bin/env bash -c "/usr/bin/env find $dbdir -mindepth 1 -delete || /usr/bin/env true"

set_cgroups_level () {
    CGROUPS_CPU_QUOTA=${1:-80}
    CGROUPS_MEMORY_LIMIT=${2:-512}
    CGROUPS_CPU_SHARES=${3:-200}
    # $1 -> 80 -> systemd(80%) -> upstart(80000)
    # $2 -> 512 -> systemd(512M) -> upstart(512.000.000)
    # $3 -> 200 -> systemd(-) -> upstart(200)
    # systemd
        CGROUPS_SYSTEMD_FILE='/usr/lib/systemd/system/osqueryd.service'
        # CPUQuota 1% = 1000
        sed -i "s/CPUQuota=[0-9]*%/CPUQuota=$CGROUPS_CPU_QUOTA%/g" $CGROUPS_SYSTEMD_FILE
        sed -i "s/MemoryLimit=[0-9]*M/MemoryLimit=${CGROUPS_MEMORY_LIMIT}M/g" $CGROUPS_SYSTEMD_FILE
    # upstart
        # convert values to upstart format
            CGROUPS_CPU_QUOTA="$(($CGROUPS_CPU_QUOTA * 1000))"
            CGROUPS_MEMORY_LIMIT="$(($CGROUPS_MEMORY_LIMIT * 1000000))"
        CGROUPS_UPDSTART_FILE='/etc/init.d/osqueryd'
        sed -i "s/CGROUPS_MEMORY_LIMIT=[0-9]*/CGROUPS_MEMORY_LIMIT=$CGROUPS_MEMORY_LIMIT/g" $CGROUPS_UPDSTART_FILE
        sed -i "s/CGROUPS_CPU_SHARES=[0-9]*/CGROUPS_CPU_SHARES=$CGROUPS_CPU_SHARES/g" $CGROUPS_UPDSTART_FILE
        sed -i "s/CGROUPS_CPU_QUOTA=[0-9]*/CGROUPS_CPU_QUOTA=$CGROUPS_CPU_QUOTA/g" $CGROUPS_UPDSTART_FILE
    # else - report error
        # ???
}

set_cgroups_level

case "$1" in
  configure|2)
    if which /bin/systemctl >/dev/null && pidof systemd-journald >/dev/null 2>&1 ; then
        /bin/systemctl mask systemd-journald-audit.socket > /dev/null 2>&1 #mask audit socket
        /bin/systemctl restart systemd-journald-audit.socket > /dev/null 2>&1 #same
    	/bin/systemctl daemon-reload >/dev/null 2>&1
    	/bin/systemctl enable osqueryd >/dev/null 2>&1
    	/bin/systemctl stop osqueryd >/dev/null 2>&1
        /usr/bin/find /tmp -type f -name "osqueryd*" -delete >/dev/null 2>&1
        /usr/bin/find /var/osquery/osquery.db/ -type f -delete >/dev/null 2>&1
        /bin/systemctl restart osqueryd || exit $?
    elif which invoke-rc.d >/dev/null && which update-rc.d >/dev/null 2>&1 ; then
    	update-rc.d osqueryd defaults >/dev/null 2>&1
        invoke-rc.d osqueryd stop >/dev/null 2>&1
        /usr/bin/find /tmp -type f -name "osqueryd*" -delete >/dev/null 2>&1
        /usr/bin/find /var/osquery/osquery.db/ -type f -delete >/dev/null 2>&1
    	invoke-rc.d osqueryd restart || exit $?
    elif which initctl >/dev/null 2>&1 ; then
    	initctl reload-configuration >/dev/null 2>&1
        initctl stop osqueryd >/dev/null 2>&1
        /usr/bin/find /tmp -type f -name "osqueryd*" -delete >/dev/null 2>&1
        /usr/bin/find /var/osquery/osquery.db/ -type f -delete >/dev/null 2>&1
    	initctl restart osqueryd || exit $?
    else
        service osqueryd stop >/dev/null 2>&1
        /usr/bin/find /tmp -type f -name "osqueryd*" -delete >/dev/null 2>&1
        /usr/bin/find /var/osquery/osquery.db/ -type f -delete >/dev/null 2>&1
        service osqueryd restart || exit $?
    fi
    ;;
  *)
    exit 0
    ;;
esac

exit 0
