# /bin/bash
#create settings folder not exist, create it
if [ ! -d '/etc/atera-agent' ]; then
       sudo mkdir '/etc/atera-agent'
else
       #check if agent from different account, then uninstall
      if [ -f '/etc/atera-agent/.settings.json' ]; then
               #check account changed
              installedAccountId=$(grep -o '"AccountId":"[^"]*' '/etc/atera-agent/.settings.json' | grep -o '[^"]*$')
              if [ "${installedAccountId}" != 'S1zOy1YpEc6bBg2LnTYX67vmjcpAdX6CfiwGRRfDdnc=' ]; then
                      echo "detected different account id, performing uninstalling, was: ${installedAccountId}, new: 'S1zOy1YpEc6bBg2LnTYX67vmjcpAdX6CfiwGRRfDdnc='"
                       sudo bash '/usr/lib/atera-agent/uninstall.sh'
               fi
       fi
fi
#check if agent is running
if [ -f '/etc/systemd/system/AteraAgent.service' ]; then
       echo 'detected atera agent already installed, preforming upgrade'
      sudo systemctl disable AteraAgent.service
      sudo systemctl stop AteraAgent.service
fi
#if agent directory doesn't exist
if [ ! -d '/usr/lib/atera-agent' ]; then
      sudo mkdir /usr/lib/atera-agent
fi
#install dotnet
wget -O - https://dot.net/v1/dotnet-install.sh | sudo bash -s -- -Runtime dotnet -Channel 8.0 -InstallDir '/usr/lib/atera-agent/.dotnet'
#download agent
sudo wget -O '/usr/lib/atera-agent/AteraLinuxAgent.tar.gz' 'https://packagesstore.blob.core.windows.net/installers/Agents/Linux/2.0.7/AteraAgent-2.0.7.tar.gz'
if [ $? -ne 0 ]; then
       echo 'failed downloading agent'
       exit 1
fi
#extract agent
if [ ! -d '/usr/lib/atera-agent/bin' ]; then
      sudo mkdir /usr/lib/atera-agent/bin
fi
sudo tar --extract --overwrite --file='/usr/lib/atera-agent/AteraLinuxAgent.tar.gz' --directory='/usr/lib/atera-agent/bin'
if [ $? -ne 0 ]; then
       echo 'failed extracting agent'
      sudo rm -rf '/usr/lib/atera-agent/AteraLinuxAgent.tar.gz'
exit 1
fi
#delete agent archive
sudo rm -rf '/usr/lib/atera-agent/AteraLinuxAgent.tar.gz'
#move uninstall file to agent directory
sudo mv '/usr/lib/atera-agent/bin/uninstall.sh' '/usr/lib/atera-agent/uninstall.sh'
sudo chown root:root '/usr/lib/atera-agent/uninstall.sh'
sudo chmod +x '/usr/lib/atera-agent/uninstall.sh'
#create certificate folder if not exist
if [ ! -d '/etc/ssl/certs/atera-agent' ]; then
      sudo mkdir -p /etc/ssl/certs/atera-agent
fi
# check if OS is Red Hat-based
os_type=$(grep -i "Red Hat" /etc/os-release)
if [[ $os_type != "" ]]; then
       echo 'this system is running Red Hat Linux.'
       #check if SELinux is in enforcing mode
       sestatus_output=$(sestatus | grep "Current mode:")
       if [[ $sestatus_output != *"enforcing"* ]]; then
               echo "no need to apply policies the selinux isn't in enforcing mode"
       else
               echo 'creating atera policies...'
               #enable http connection
               sudo setsebool -P nis_enabled 1
              if [ ! -d '/var/spool/atera-agent' ]; then
                       sudo mkdir /var/spool/atera-agent
               fi
               #define policies for agent healthy running
               sudo cat > atera_custom_policy.te << EOF
module atera_custom_policy 1.0;
require {
type var_spool_t;
type init_t;
type tmp_t;
class process { execmem getsession };
class sock_file { create unlink };
class fifo_file { create open read unlink };
class file { create setattr unlink write };
}
#============= init_t ==============
allow init_t self:process { execmem getsession };
allow init_t tmp_t:fifo_file { create open read unlink };
allow init_t tmp_t:sock_file { create unlink };
allow init_t var_spool_t:file { create setattr unlink write };
EOF
               #apply policies
               sudo checkmodule -M -m -o atera_custom_policy.mod atera_custom_policy.te
               semodule_package -o atera_custom_policy.pp -m atera_custom_policy.mod
               sudo semodule -i atera_custom_policy.pp
              sudo semanage fcontext -a -t bin_t '/usr/lib/atera-agent(/.*)?'
              sudo restorecon -Rv /usr/lib/atera-agent
              sudo semanage fcontext -a -t systemd_unit_file_t '/etc/atera-agent(/.*)?'
              sudo restorecon -Rv /etc/atera-agent
              sudo semanage fcontext -a -t systemd_unit_file_t '/etc/ssl/certs/atera-agent(/.*)?'
              sudo restorecon -Rv /etc/ssl/certs/atera-agent
               sudo rm -f atera_custom_policy.te atera_custom_policy.mod atera_custom_policy.pp
               echo 'atera policies are created'
       fi
fi
#create settings file if not exist
if [ ! -f '/etc/atera-agent/.settings.json' ]; then
       #create settings file
      sudo '/usr/lib/atera-agent/.dotnet/dotnet' '/usr/lib/atera-agent/bin/Atera.Agent.Linux.dll' init-settings --account-id 'S1zOy1YpEc6bBg2LnTYX67vmjcpAdX6CfiwGRRfDdnc=' --environment 'Production' --customer-id 133
fi
#create daemon
sudo mv -f '/usr/lib/atera-agent/bin/AteraAgent.service' '/etc/systemd/system/AteraAgent.service'
sudo systemctl daemon-reload
sudo systemctl enable AteraAgent.service
sudo systemctl start AteraAgent.service