#!/bin/bash

. /var/lib/autoyast-cc/libcc

# note, the logic below is a white-list approach which first
# disables all services and then only enables those listed in
# this variable

# The following services must be enabled and we have an error if they
# are not present
REQUIRED="
auditd			# audit daemon
cron			# Vixie cron daemon
earlysyslog		# Syslog daemon
#haveged			# Daemon for generating more entropy -- currently not allowed by BSI
network			# Network configuration
#network-remotefs
random			# RNG seed inserted into /dev/random
syslog			# Syslog daemon
cgconfig		# cgroup
"

REQUIRED_x86_64="
kbd			# Keyboard configuration
"

# The following services are allowed - i.e. if the service is present
# and was enabled, we reenable it
ALLOWED="
atd		# AT scheduler daemon
acpid		# ACPI event handling daemon
dbus		# DBUS daemon
fbset		# Initial framebuffer setup
haldaemon	# HAL which is needed by libvirtd
irq_balancer	# configuration of IRQ balancing for SMP systems
kexec		# Allow kexec of current kernel
libvirtd	# libvirtd virtual machine manager
microcode.ctl	# CPU microcode updater
#nscd
postfix		# local MTA
smartd		# SMART daemon
splash		# Splash screen
splash_early	# Splash screen
sshd		# OpenSSH daemon
SuSEfirewall2_init	# IPTables packet filter settings
SuSEfirewall2_setup	# IPTables packet filter settings
"

# The following boot services must be enabled
BOOTENABLED_x86_64="
boot.cgroup	# control group file system
"

BOOTENABLED_x86_64="
boot.apparmor	# Load AppArmor policies during startup
"

######################################

OLDIFS=$IFS
IFS="
"

#Speed up process - remove comments
tmpALLOWED=""
tmpREQUIRED=""
tmpBOOTENABLED=""
eval ALLOWED_HOST=\$ALLOWED_$HOSTTYPE
for i in $ALLOWED $ALLOWED_HOST
do
	[ "#" = ${i:0:1} ] && continue
	i=$(echo $i | sed 's/#.*//')
	tmpALLOWED="$tmpALLOWED $i"
done
eval REQUIRED_HOST=\$REQUIRED_$HOSTTYPE
for i in $REQUIRED $REQUIRED_HOST
do
	[ "#" = ${i:0:1} ] && continue
	i=$(echo $i | sed 's/#.*//')
	tmpREQUIRED="$tmpREQUIRED $i"
done
eval BOOTENABLED_HOST=\$BOOTENABLED_$HOSTTYPE
for i in $BOOTENABLED $BOOTENABLED_HOST
do
	[ "#" = ${i:0:1} ] && continue
	i=$(echo $i | sed 's/#.*//')
	tmpBOOTENABLED="$tmpBOOTENABLED $i"
done


IFS=$OLDIFS

enabled=$(chkconfig --level 3 | cut -f1 -d" ")

# Sanity check to verify that all required services are also present
# on the system - exit with error code if one required service is not
# found
for i in $tmpREQUIRED
do
	found=0
	for j in $enabled
	do
		[ "$i" = "$j" ] && {
			found=1
			break
		}
	done
	[ "$found" = "0" ] && {
		cc_echo "Required service $i not found"
		cc_exit 1
	}
done

# clear all runlevel links unless in ALLOWED or REQUIRED
for i in $enabled
do
	# skip allowed services - we do not touch them
	afound=0
	rfound=0
	for j in $tmpALLOWED
	do
		[ "$i" = "$j" ] && {
			cc_echo "Leave service $i untouched"
			afound=1
			break
		}
	done
	# if the current service matches one of the ALLOWED services
	# forward to the next service name and leave the setting for
	# the current service unchanged
	[ "$afound" = "1" ] && continue

	for j in $tmpREQUIRED
	do
		[ "$i" = "$j" ] && {
			cc_echo "Turn on service $i"
			rfound=1
			break
		}
	done
	# if the current service matches one of the REQUIRED services,
	# enable it and forward to the next service name
	[ "$rfound" = "1" ] && {
		# We suppress error messages which can occur if you try to
		# enable an already enabled vital system service
		cc_exec_log chkconfig --level 3 $i on >/dev/null 2>&1
		[ "$?" = "0" ] || {
			[ $(chkconfig --level 3 $i | awk '{print $2}') != "on" ] && \
				cc_echo "WARNING: Could  not enable service $i"
		}
		continue
	}

	# Disable service as it is neither in ALLOWED or in REQUIRED
	cc_echo "Disable service $i"
	cc_exec_log chkconfig --level 3 $i off || cc_exit $?
done

# Boot scripts are handled separately
for i in $tmpBOOTENABLED;
do
	cc_echo "Enable Boot service $i"
	cc_exec_log chkconfig $i on || cc_exit $?
done

