#!/usr/bin/python
#
# Copyright (c) 2016 Red Hat
# Luke Hinds (lhinds@redhat.com)
# This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# 0.1: This script installs OpenSCAP on the remote host, and scans the
# nominated node. Post scan a report is downloaded and if '--clean' is passed
# all trace of the scan is removed from the remote system.

import os
import datetime
import argparse

__version__ = 0.1
__author__ = 'Luke Hinds (lhinds@redhat.com)'
__url__ = 'https://wiki.opnfv.org/display/functest/Functest+Security'

'''
Example Run:
    python ./OpenSCAP.py --host 192.168.0.24 --port 22 --user root --password
    p6ssw0rd oval --secpolicy
    /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml --report report.html
    --results results.xml

'''

# Variables needed..
pwd = os.getcwd()
oscap = '/bin/oscap'
currenttime = datetime.datetime.now().strftime('%Y-%m-%d_%H-%M-%S')

# Set up the main parser
parser = argparse.ArgumentParser(description='OpenSCAP Python Scanner')

# Main args
# Todo  add required = True
parser.add_argument('--user',
                    action='store',
                    dest='user',
                    help='user')
parser.add_argument('--password',
                    action='store',
                    dest='password',
                    help='Password')
parser.add_argument('--host',
                    action='store',
                    dest='host',
                    help='host',
                    required=True)
parser.add_argument('--port',
                    action='store',
                    dest='port"',
                    help='port',
                    required=True)
parser.add_argument('--dist',
                    action='store',
                    dest='dist',
                    help='Distribution')
parser.add_argument('--clean',
                    action='store_true',
                    dest='clean',
                    help='Clean all files from host')

# And the subparser
subparsers = parser.add_subparsers(
    title='subcommands',
    description='valid subcommands',
    help='additional help')


parser_xccdf = subparsers.add_parser('xccdf')
parser_xccdf.set_defaults(which='xccdf')

parser_oval = subparsers.add_parser('oval')
parser_oval.set_defaults(which='oval')

parser_oval_collect = subparsers.add_parser('oval-collect')
parser_oval_collect.set_defaults(which='oval-collect')

parser_xccdf.add_argument(
    '--profile',
    action='store',
    dest='profile',
    help='xccdf profile')

parser_oval.add_argument(
    '--results',
    action='store',
    dest='results',
    help='Report name (inc extension (.html)')

parser_oval.add_argument(
    '--report',
    action='store',
    dest='report',
    help='Report name (inc extension (.html)')

parser_oval.add_argument(
    '--secpolicy',
    action='store',
    dest='secpolicy',
    help='Security Policy')

parserout = parser.parse_args()
args = vars(parser.parse_args())


def createfiles():
    import connect
    global tmpdir
    localpath = os.getcwd() + '/scripts/createfiles.py'
    remotepath = '/tmp/createfiles.py'
    com = 'python /tmp/createfiles.py'
    connect = connect.connectionManager(parserout.host,
                                        parserout.user,
                                        parserout.password,
                                        localpath,
                                        remotepath,
                                        com)
    tmpdir = connect.remotescript()


def install_pkg():
    import connect
    com = 'yum -y install openscap-scanner scap-security-guide'
    connect = connect.connectionManager(parserout.host,
                                        parserout.user,
                                        parserout.password,
                                        com)
    install_pkg = connect.remotecmd()
    print install_pkg


def run_scanner():
    import connect

    if args['which'] == 'xccdf':
        print 'xccdf'
        com = '{0} xccdf eval'.format(oscap)
        connect = connect.connectionManager(parserout.host,
                                            parserout.user,
                                            parserout.password,
                                            com)
    elif args['which'] == 'oval':
        com = ('{0} oval eval --results {1}/{2}' +
               ' --report {1}/{3} {4}'.format(oscap,
                                              tmpdir.rstrip(),
                                              parserout.results,
                                              parserout.report,
                                              parserout.secpolicy))
        connect = connect.connectionManager(parserout.host,
                                            parserout.user,
                                            parserout.password,
                                            com)
        run_tool = connect.remotecmd()
    else:
        com = '{0} oval-collect '.format(oscap)
        connect = connect.connectionManager(parserout.host,
                                            parserout.user,
                                            parserout.password,
                                            com)
        run_tool = connect.remotecmd()
        print run_tool


def post_tasks():
    import connect
    dl_folder = os.path.join(os.getcwd(), parserout.host +
                             datetime.datetime.now().
                             strftime('%Y-%m-%d_%H-%M-%S'))
    os.mkdir(dl_folder, 0755)
    reportfile = '{0}/{1}'.format(tmpdir.rstrip(), parserout.report)
    connect = connect.connectionManager(parserout.host,
                                        parserout.user,
                                        parserout.password,
                                        dl_folder,
                                        reportfile,
                                        parserout.report,
                                        parserout.results)
    run_tool = connect.download_reports()
    print run_tool


def removepkg():
    import connect
    com = 'yum -y remove openscap-scanner scap-security-guide'
    connect = connect.connectionManager(parserout.host,
                                        parserout.user,
                                        parserout.password,
                                        com)
    yumremove = connect.remotecmd()
    print yumremove


def cleandir():
    import connect
    com = 'rm -r {0}'.format(tmpdir.rstrip())
    connect = connect.connectionManager(parserout.host,
                                        parserout.user,
                                        parserout.password,
                                        com)
    deldir = connect.remotecmd()
    print deldir


if __name__ == '__main__':
    print 'Creating temp file structure...\n'
    createfiles()
    print 'Install OpenSCAP scanner...\n'
    install_pkg()
    print 'Running scan...\n'
    run_scanner()
    print 'Post installation tasks...\n'
    post_tasks()
    if parserout.clean:
        print 'Cleaning down environment...\n'
        print 'Removing OpenSCAP...\n'
        removepkg()
        print 'Deleting tmp file and reports (remote)...\n'
        cleandir()