#!/bin/bash
# Privacy monitoring script
# Monitors and reports on privacy settings status
# Generated by Algo VPN privacy role

set -euo pipefail

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

echo -e "${GREEN}Algo VPN Privacy Status Monitor${NC}"
echo "========================================"

# Check log rotation settings
echo -e "\n${YELLOW}Log Rotation Status:${NC}"
if [ -f /etc/logrotate.d/99-privacy-enhanced ]; then
    echo -e "  ${GREEN}✓${NC} Privacy log rotation configured"
else
    echo -e "  ${RED}✗${NC} Privacy log rotation not found"
fi

# Check rsyslog filtering
echo -e "\n${YELLOW}Log Filtering Status:${NC}"
if [ -f /etc/rsyslog.d/49-privacy-vpn-filter.conf ]; then
    echo -e "  ${GREEN}✓${NC} VPN log filtering enabled"
else
    echo -e "  ${RED}✗${NC} VPN log filtering not configured"
fi

# Check history clearing
echo -e "\n${YELLOW}History Clearing Status:${NC}"
if [ -f /etc/bash.bash_logout ]; then
    echo -e "  ${GREEN}✓${NC} Logout history clearing configured"
else
    echo -e "  ${RED}✗${NC} Logout history clearing not configured"
fi

# Check auto cleanup
echo -e "\n${YELLOW}Auto Cleanup Status:${NC}"
if [ -f /usr/local/bin/privacy-auto-cleanup.sh ]; then
    echo -e "  ${GREEN}✓${NC} Auto cleanup script installed"
    if crontab -l | grep -q "privacy-auto-cleanup"; then
        echo -e "  ${GREEN}✓${NC} Auto cleanup scheduled"
    else
        echo -e "  ${YELLOW}!${NC} Auto cleanup script exists but not scheduled"
    fi
else
    echo -e "  ${RED}✗${NC} Auto cleanup not configured"
fi

# Check current log sizes
echo -e "\n${YELLOW}Current Log Status:${NC}"
total_log_size=$(du -sh /var/log 2>/dev/null | cut -f1 || echo "Unknown")
echo "  Total log directory size: $total_log_size"

if [ -f /var/log/auth.log ]; then
    auth_size=$(du -h /var/log/auth.log | cut -f1)
    echo "  Auth log size: $auth_size"
fi

if [ -f /var/log/syslog ]; then
    syslog_size=$(du -h /var/log/syslog | cut -f1)
    echo "  Syslog size: $syslog_size"
fi

# Check systemd journal status
echo -e "\n${YELLOW}Journal Status:${NC}"
if [ -d /var/log/journal ]; then
    journal_size=$(du -sh /var/log/journal 2>/dev/null | cut -f1 || echo "Unknown")
    echo "  Journal size: $journal_size"
else
    echo -e "  ${GREEN}✓${NC} Persistent journal disabled (using volatile storage)"
fi

# Privacy configuration summary
echo -e "\n${YELLOW}Privacy Configuration Summary:${NC}"
echo "  Log retention: {{ privacy_log_rotation.max_age }} days"
echo "  Max log size: {{ privacy_log_rotation.max_size }}MB"
echo "  VPN log filtering: {{ privacy_log_filtering.exclude_vpn_logs | bool }}"
echo -e "  History clearing: {{ privacy_history_clearing.clear_bash_history | bool }}"

echo -e "\n${GREEN}Privacy monitoring complete${NC}"