#!/bin/sh
#
# setup_synterloper.sh
#
# Sets up a background packet capture service for a specified TCP port (default 22).
# Designed for automated execution on first-boot via cloud-init or user data.
#

# --- Configuration ---
LOG_DIR="/var/log/synterloper"
CAPTURE_PORT="22"
ROTATE_SECONDS="3600" # 3600 seconds = 1 hour
RETENTION_DAYS="7"
SNAP_LEN="128" # Bytes to capture per packet

# --- Script Logic ---

# Ensure script is run as root
if [ "$(id -u)" -ne 0 ]; then
  echo "Error: This script must be run as root." >&2
  exit 1
fi

# Detect OS and install dependencies
OS_TYPE=$(uname)
echo "Initializing SYNterloper setup for OS: ${OS_TYPE}"

if [ "${OS_TYPE}" = "Linux" ]; then
  echo "Installing dependencies (tcpdump) using apt..."
  export DEBIAN_FRONTEND=noninteractive
  if ! apt-get update >/dev/null; then echo "Error: apt-get update failed."; exit 1; fi
  if ! apt-get install -y tcpdump >/dev/null; then echo "Error: apt-get install failed."; exit 1; fi
elif [ "${OS_TYPE}" = "FreeBSD" ]; then
  echo "Installing dependencies (tcpdump) using pkg..."
  if ! pkg install -y tcpdump >/dev/null; then echo "Error: pkg install failed."; exit 1; fi
else
  echo "Error: Unsupported OS type '${OS_TYPE}'" >&2
  exit 1
fi
echo "Dependency installation complete."

# Create log directory with appropriate permissions
echo "Creating log directory: ${LOG_DIR}"
mkdir -p "${LOG_DIR}"
chown root:root "${LOG_DIR}"
chmod 700 "${LOG_DIR}"

# Create the system service
if [ "${OS_TYPE}" = "Linux" ]; then
  # Systemd Service for Linux (Debian/Ubuntu)
  echo "Creating systemd service: synterloper.service"
  cat > /etc/systemd/system/synterloper.service <<EOF
[Unit]
Description=SYNterloper - TCP Port Connection Logger
After=network.target

[Service]
Type=simple
ExecStart=/bin/sh -c 'exec /usr/sbin/tcpdump -i \$(ip -4 route get 1.1.1.1 | grep -oP "dev \\K\\S+") -s ${SNAP_LEN} -w ${LOG_DIR}/capture-%Y-%m-%d_%H-%M.pcap -G ${ROTATE_SECONDS} "tcp port ${CAPTURE_PORT}"'
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

  echo "Enabling and starting synterloper service (systemd)..."
  systemctl daemon-reload
  systemctl enable synterloper.service
  systemctl start synterloper.service

elif [ "${OS_TYPE}" = "FreeBSD" ]; then
  # rc.d Service for FreeBSD
  echo "Creating rc.d script: /usr/local/etc/rc.d/synterloper"
  cat > /usr/local/etc/rc.d/synterloper <<'EOF'
#!/bin/sh
#
# PROVIDE: synterloper
# REQUIRE: NETWORKING
# KEYWORD: shutdown
#
. /etc/rc.subr
name="synterloper"
rcvar="synterloper_enable"
load_rc_config \$name
: \${synterloper_enable:="NO"}
: \${synterloper_port:="22"}
: \${synterloper_logdir:="/var/log/synterloper"}
: \${synterloper_rotate_sec:="3600"}
: \${synterloper_snaplen:="128"}
default_iface=\$(route -n get default | grep 'interface:' | awk '{print \$2}')
command="/usr/sbin/tcpdump"
command_args="-i \${default_iface} -s \${synterloper_snaplen} -w \${synterloper_logdir}/capture-%Y-%m-%d_%H-%M.pcap -G \${synterloper_rotate_sec} \"tcp port \${synterloper_port}\""
pidfile="/var/run/\${name}.pid"
start_cmd="daemon -p \${pidfile} \${command} \${command_args}"
run_rc_command "\$1"
EOF
  chmod +x /usr/local/etc/rc.d/synterloper

  echo "Enabling and starting synterloper service (rc.d)..."
  sysrc synterloper_enable=YES
  sysrc synterloper_port="${CAPTURE_PORT}"
  sysrc synterloper_logdir="${LOG_DIR}"
  sysrc synterloper_rotate_sec="${ROTATE_SECONDS}"
  sysrc synterloper_snaplen="${SNAP_LEN}"
  service synterloper start
fi
echo "Service configuration complete."

# Create the log rotation cron job
echo "Creating daily log cleanup cron job..."
cat > /etc/cron.daily/synterloper-cleanup <<EOF
#!/bin/sh
# Deletes SYNterloper capture files older than ${RETENTION_DAYS} days.
find "${LOG_DIR}" -name "*.pcap" -type f -mtime +${RETENTION_DAYS} -delete
EOF
chmod +x /etc/cron.daily/synterloper-cleanup

echo ""
echo "--- SYNterloper Setup Complete ---"
echo "Service is now logging TCP port ${CAPTURE_PORT} to ${LOG_DIR}"
echo "----------------------------------"