#!/bin/bash

# Pull in common software
if [[ -f "ultimate-common" ]]; then
	source ultimate-common
elif [[ -f "/usr/share/ultimate_edition/ultimate-common" ]]; then
	source /usr/share/ultimate_edition/ultimate-common
else
	echo "No Ultimate Edition common source. Please install ultimate-edition-common."
	exit 0;
fi

WEBPAGE="/srv/http/index.html"
#sudo cp index.html "${WEBPAGE}"
declare -a SERVICES=( "nasup.service" "ums-web.service" "uno.service" "scandrives.service" "iventoy.service" "nmb.service" "smb.service" "avahi-daemon.service" "fail2ban.service" "vsftpd.service" "ventoy-web.service" "smartd.service" "ntpd.service" "sddm.service" "httpd.service" "cockpit.socket" "NetworkManager.service" "bluetooth.service" "blueman-mechanism.service" "bluetooth-mesh.service" "netdata.service" "minidlna.service" "jellyfin.service" "sshd.service" "plank.service" "gala.service" "io.elementary.wingpanel" "mysqld" "winbind.service" "reflector.service" "libvirtd.service" "firewalld.service" "rpcbind.service" "nfsv4-server.service" "nfs-server.service" )

declare -a ENABLEDSERVICES=();

PIXMAPS () {
	## Remove Arch Linux artworks
	imgs=('archlinux.png' 'archlinux.svg' 'archlinux-logo.png' 'archlinux-logo.svg')

	for img in "${imgs[@]}";
	do
		if [[ -e "/usr/share/pixmaps/${img}" ]]; then
			rm -rf "/usr/share/pixmaps/${img}"
			if [[ -e "/usr/share/pixmaps/uearch-logo.png" ]]; then
				Encapsulate "Setting ${img} to: Ultimate Edition Arch"
				cp "/usr/share/pixmaps/uearch-logo.png" "/usr/share/pixmaps/${img}"
			else
				Error "Error Default icon theme not found."
			fi
		fi
	done
	#plasma-apply-wallpaperimage "/usr/share/wallpapers/Ultimate_Edition_Arch.png"
	INSTALLED=$(type -p kwriteconfig5)
	if [[ "${INSTALLED}" ]]; then
		if [[ -f "/usr/share/wallpapers/Ultimate_Edition_Arch.png" ]]; then
			Encapsulate "Setting Default lock screen to: Ultimate Edition Arch for #SESSION"
			kwriteconfig5 --file kscreenlockerrc --group Greeter --group Wallpaper --group org.kde.image --group General --key Image file:///usr/share/wallpapers/Ultimate_Edition_Arch.png
		else
			Error "Error Default Ultimate Edition Arch theme not found."
		fi
	fi
}

GRUBUP () {
	## Fix GRUB_DISTRIBUTOR for Ultimate Arch Edge
	sed -i -e 's/GRUB_DISTRIBUTOR=.*/GRUB_DISTRIBUTOR="Ultimate Arch #DISTTYPEUPPER"/g' /etc/default/grub
	sed -i -e 's/#GRUB_DISABLE_OS_PROBER=false/GRUB_DISABLE_OS_PROBER="false"/g' /etc/default/grub
	cat /etc/grub.d/10_linux | grep 'OS="${GRUB_DISTRIBUTOR} Linux"' &>/dev/null
	if [[ "$?" == 0 ]]; then
		sed -i -e 's/OS="${GRUB_DISTRIBUTOR} Linux"/OS="${GRUB_DISTRIBUTOR}"/g' /etc/grub.d/10_linux
	fi
	FullBar
	Encapsulate "Scanning for services."
	FullBar
	for SERVICE in "${SERVICES[@]}"
	do
		EXISTS=$(systemctl list-unit-files | grep "${SERVICE}")
		if [[ "${EXISTS}" ]];then
			sudo systemctl enable "${SERVICE}"
			SERVICEOUTPUT+="&quot;${SERVICE}&quot; "
			ENABLEDSERVICES+=("${SERVICE}")
		fi
	done
	INSTALLED=$(type -p plymouth)
	if [[ "${INSTALLED}" ]]; then
		FullBar
		Encapsulate "Setting Default Plymouth theme to: Ultimate Edition Arch"
		FullBar
		sudo plymouth-set-default-theme Ultimate_Edition_Arch
	fi
	INSTALLED=$(type -p lightdm)
	if [[ "${INSTALLED}" ]]; then
		Encapsulate "Light DM detected setting auto login."
		#sudo lightdm-set-defaults --autologin "ultimate"
		#groupadd -r nopasswdlogin
		#groupadd -r autologin
		sudo gpasswd -a ultimate nopasswdlogin
		#sudo gpasswd -a ultimate autologin
		#sudo groupadd -r autologin
		sudo gpasswd -a ultimate autologin
		Center "Do not worry user ultimate will be removed during installation."
	fi
	INSTALLED=$(type -p grub-mkconfig)
	if [[ "${INSTALLED}" ]]; then
		if [[ -f "/boot/grub/grub.cfg" ]]; then
			FullBar
			Encapsulate "Updating Grub."
			grub-mkconfig -o /boot/grub/grub.cfg
			FullBar
		fi
	fi
	if [[ -f "/usr/share/xsessions/kodi.desktop" ]]; then
		mv "/usr/share/xsessions/kodi.desktop" "/usr/share/xsessions/kodi.desktop.bak"
	fi
	FullBar
	#plasma-apply-wallpaperimage "/usr/share/wallpapers/Ultimate_Edition_Arch.png"
	INSTALLED=$(type -p kwriteconfig5)
	if [[ "${INSTALLED}" ]]; then
		if [[ -f "/usr/share/wallpapers/Ultimate_Edition_Arch.png" ]]; then
			Encapsulate "Setting Default lock screen to: Ultimate Edition Arch for KDE"
			kwriteconfig5 --file kscreenlockerrc --group Greeter --group Wallpaper --group org.kde.image --group General --key Image file:///usr/share/wallpapers/Ultimate_Edition_Arch.png
		else
			Error "Error Default Ultimate Edition Arch theme not found."
		fi
	fi
	local file=/etc/lsb-release

	if [[ -z "`grep "^DISTRIB_RELEASE=" $file`" ]] ; then
		# add missing DISTRIB_RELEASE=
		echo "DISTRIB_RELEASE=rolling" >> "$file"
	fi
	sed -i "$file" \
		-e 's|^DISTRIB_ID=.*$|DISTRIB_ID=ultimate|' \
		-e 's|^DISTRIB_RELEASE=.*$|DISTRIB_RELEASE=rolling|' \
		-e 's|^DISTRIB_DESCRIPTION=.*$|DISTRIB_DESCRIPTION=\"Ultimate Arch #DISTTYPEUPPER\"|'
	local file=/usr/lib/os-release

	sed -i "$file" \
		-e 's|^NAME=.*$|NAME=\"Ultimate Arch #DISTTYPEUPPER\"|' \
		-e 's|^PRETTY_NAME=.*$|PRETTY_NAME=\"Ultimate Arch #DISTTYPEUPPER\"|' \
		-e 's|^ID=.*$|ID=ultimate|' \
		-e 's|^ID_LIKE=.*$|ID_LIKE=arch|' \
		-e 's|^BUILD_ID=.*$|BUILD_ID=rolling|' \
		-e 's|^HOME_URL=.*$|HOME_URL=\"https://ultimateedition.info\"|' \
		-e 's|^DOCUMENTATION_URL=.*$|DOCUMENTATION_URL=\"https://ultimateedition.info\"|' \
		-e 's|^SUPPORT_URL=.*$|SUPPORT_URL=\"https://ultimateedition.info\"|' \
		-e 's|^BUG_REPORT_URL=.*$|BUG_REPORT_URL=\"https://ultimateedition.info\"|' \
		-e 's|^LOGO=.*$|LOGO=uelogo|'
	INSTALLED=$(type -p dracut)
	if [[ "${INSTALLED}" ]]; then
		Encapsulate "Dracut detected: generating InitRamfs"
		dracut -f --regenerate-all
	fi
	if [ -z "$(grep "^ID_LIKE=" $file)" ] && [ -n "$(grep "^ID=" $file)" ] ; then
		# add missing ID_LIKE=
		sed -i $file -e '/^ID=/a \ID_LIKE=arch'
	fi

	# fix issue file
	sed -i 's|Arch Linux|Ultimate Arch #DISTTYPEUPPER|g' /etc/issue /usr/share/factory/etc/issue
}

LOGS () {
	Encapsulate "Creating Log Files."
	sudo mkdir -p "/var/log/apache2/" "/var/log/squid/" "/var/log/minidlna/"
	sudo touch "/var/log/apache2/access.log" "/var/log/squid/access.log"
}
PIXMAPS
GRUBUP


DISTYPE="#DISTTYPEUPPER"
INSTALLED=$(type -p expac)
FullBar
if [[ "${INSTALLED}" ]]; then
	Encapsulate "Generating list of Package files."
	expac -H M "<li>%011m\t%-20n\t%10d</li>" $(comm -23 <(pacman -Qqen | sort) <({ pacman -Qqg xorg; expac -l '\n' '%E' base; } | sort -u)) | sort -n >> "${WEBPAGE}" &Spinner
	echo '</ul>
<p>Other Applications that may or may not have been installed include:</p>
<ul>
<li><a href="file:///srv/http/uno.pdf">UNO</a></li>
<li><a href="file:///srv/http/repostorm.pdf">RepoStorm</a></li>
<li><a href="file:///srv/http/nasup.pdf">Nasup</a></li>
<li><a href="file:///srv/http/ram-booter.pdf">Ram Booter</a></li>
<li><a href="file:///srv/http/ue-tweaker.pdf">Ultimate Edition Tweaker</a></li>
</ul>
</div>
<hr>' >> "${WEBPAGE}"
fi
INSTALLED=$(type -p steam)
if [[ "${INSTALLED}" ]]; then
	Encapsulate "Give me Steam!"
	if [[ -f "/usr/share/ultimate_edition/arch/steamdeck/airootfs/usr/share/xsessions/steam.desktop" ]]; then
		cp "/usr/share/ultimate_edition/arch/steamdeck/airootfs/usr/share/xsessions/steam.desktop" "/usr/share/xsessions/"
		Encapsulate "Steam big picture support installed."
	else
		if ! [[ -f "/usr/share/xsessions/steam.desktop" ]]; then
			Error "No steam for you."
		else
			Encapsulate "Steam big picture support installed."
		fi
	fi
else
	Error "No steam for you."
fi
if [[ -d "/var/cache/pacman/pkg/" ]]; then
	Encapsulate "Clearing Mass cache."
	#sudo rm "/var/cache/pacman/pkg/*"
	Encapsulate "Done."
fi
Encapsulate "Service detection."
#SERVICES=( "nasup.service" "ums-web.service" "uno.service" "scandrives.service" "iventoy.service" "nmb.service" "smb.service" "avahi-daemon.service" "fail2ban.service" "vsftpd.service" "ventoy-web.service" "smartd.service" "ntpd.service" "sddm.service" "httpd.service" "cockpit.socket" "NetworkManager.service" "bluetooth.service" "blueman-mechanism.service" "bluetooth-mesh.service" "netdata.service" "minidlna.service" "jellyfin.service" "sshd.service" "plank.service" "gala.service" "io.elementary.wingpanel" "mysqld" "winbind.service" "reflector.service" "libvirtd.service" "firewalld.service" "rpcbind.service" "nfsv4-server.service" "nfs-server.service" )
declare -a PACKAGENAMES=( "ultimate-edition-nas-tools" "ums" "ultimate-edition-optimizer" "ultimate-edition-optimizer" "ventoy" "nmb" "smb" "avahi-daemon" "fail2ban" "vsftpd" "ventoy" "smartd" "ntpd" "sddm" "httpd" "cockpit" "networkmanager" "bluetooth" "bluez" "ultimate-edition-conky-builder" "ultimate-edition-conky-builder" "netdata" "minidlna" "jellyfin" "sshd" "plank" "gala" "io.elementary.wingpanel" "mysqld" "winbind" "reflector" "libvirtd" "firewalld" "rpcbind" "nfsv4-server.service" "nfs-server.service" )
declare -a LONGNAME=( "Ultimate Edition NAS Tools (Nasup)" "Universal Media Server (UMS)" "Ultimate Network Optimizer (UNO)" "Scandrives Service" "Iventoy Service" "NMB Service" "SMB Service" "Avahi daemon" "Fail2Ban" "VSFTPd" "Ventoy" "Smartd" "ntpd" "SDDM" "Httpd" "Cockpit" "NetworkManager" "Bluetooth Service" "bluez" "Conky Builder" "Conky" "NetData" "MiniDLNA" "JellyFin" "SSHD Service" " Plank Service" "Gala Service" "IO Elementary Wingpanel" "MySQL" "WinBind" "Reflector Service" "Libvirtd" "Firewalld" "RPC Bind" "NFS v4 server" "NFS Server" )
declare -a SERVICEDESC=( 'Ultimate Edition NAS Tools (Nasup) nasup - A collection of useful scripts that extends Seagate™ Goflex NAS (Network Attached Storage), and Western Digital™ My Cloud. Both NFS (Network File System) and CIFS (Common Internet File System) are supported.' 'Universal Media Server (UMS) is a DLNA-compliant UPnP media server that allows you to stream or transcode various media formats, including video, audio, and images, across different devices on your network. If enabled you can access the web interface <a href="http://127.0.0.1:9001">here</a>.' 'Automatically Optimizes Network Connection(s) & increase network security. &nbsp; Read the <a href="file:///srv/http/uno.pdf">UNO</a> manual for further info.' 'Automatically detects scans fstype and auto mounts drive(s).' 'iVentoy is an enhanced version of the PXE server. With iVentoy you can boot and install OS on multiple machines at the same time through the network. iVentoy is extremely easy to use, without complicated configuration, just put the ISO file in the specified location and select PXE boot in the client machine. You can access the web GUI if enabled <a href="http://127.0.0.1:26000">here</a>.' 'The term "nmb service" can refer to either the NetBIOS Message Block (NMB) service, which facilitates name resolution and browsing on SMB networks,' 'SMB (Server Message Block) is a network protocol that allows computers to share files, printers, and other resources across a network, facilitating communication and collaboration between devices.' 'Avahi-daemon is a service on Linux systems that facilitates local network discovery using the mDNS/DNS-SD protocol, allowing devices to find each other and services like printers and file shares without manual configuration. ' 'Fail2Ban is a log-parsing application that protects Linux servers against security threats like brute-force attacks by monitoring log files for suspicious activity and automatically blocking IP addresses that exceed the allowed number of failed login attempts.' 'vsftpd, short for "Very Secure FTP Daemon," is a popular, open-source FTP (File Transfer Protocol) server software, often used as the default FTP server on Linux distributions, known for its security and performance.' 'Ventoy is a free, open-source tool that allows you to create a bootable USB drive capable of booting multiple ISO, WIM, IMG, VHD(x), and EFI files without needing to reformat the drive each time you add a new image. You can access the service <a href="http://127.0.0.1:24680/">here</a> if it is enabled.' 'smartd is a daemon that monitors the Self-Monitoring, Analysis and Reporting Technology (SMART) system built into many ATA-3 and later ATA, IDE and SCSI-3 ...' 'In Linux, the ntpd service, short for Network Time Protocol daemon, is a program that synchronizes the system clock with NTP servers, ensuring accurate timekeeping.' 'SDDM, or Simple Desktop Display Manager, is a modern, free, and open-source display manager for Linux and other Unix-like platforms, particularly recommended for KDE Plasma and LXQt desktop environments, supporting both X11 and Wayland.' '"httpd" refers to the Apache Hypertext Transfer Protocol (HTTP) server program, often referred to as the Apache Web Server, which is a software that runs in the background, listening for network requests and serving web content.' 'Cockpit is a system administration tool that provides a user interface for monitoring and administering servers through a web browser. It allows you to monitor current values and adjust limits on system resources, control life cycle on container instances, and manipulate container images. If enabled you can access the web interface <a href="http://127.0.0.1:9090/">here</a>.' 'NetworkManager is a standard Linux network configuration tool suite that manages and configures network connections, including wired, wireless, and VPN connections, and is used by most current Linux distributions.' 'In Linux, Bluetooth is managed by the BlueZ project, which provides a protocol stack and tools for enabling Bluetooth functionality, allowing devices to connect and communicate wirelessly.' 'BlueZ is the official Bluetooth protocol stack that provides the core functionality to manage Bluetooth devices on your system. Its the fundamental software required to use Bluetooth, handling the complex Bluetooth protocols and integrating with your systems hardware and other applications.' 'Conky-builder is a tool, often a graphical user interface (GUI), that simplifies the process of creating and managing Conky configurations for Linux desktop environments, allowing users to easily design and customize their system monitors without having to edit complex text files directly.' 'Conky is a lightweight, highly configurable system monitor for the X Window System (and Wayland support is a work in progress) that allows users to display system information like CPU usage, memory, and network activity on their desktop. ' 'Netdata is a partially open source tool designed to collect real-time metrics, such as CPU usage, disk activity, bandwidth usage, website visits, etc., and then display them in live, easy-to-interpret charts.' 'MiniDLNA (now also known as ReadyMedia) is a simple, open-source media server software that allows you to stream music, video, and photos from a computer to DLNA/UPnP-AV compatible devices over a network. ' 'Jellyfin is a free and open-source media server and suite of multimedia applications that allows users to organize, manage, and stream their digital media files to networked devices, offering an alternative to proprietary solutions like Plex and Emby.  If enabed, you can access the web interface <a href="http://127.0.0.1:8200">here</a>.' '"sshd" refers to the OpenSSH server process, which listens for incoming SSH connections, handles user authentication, encryption, and secure communication,> acting as the server-side component of the SSH protocol.' 'In Linux, "Plank" refers to a lightweight and simple dock application that allows users to start applications and manage windows, similar to the dock on macOS or the taskbar on Windows. ' 'In the Linux Pantheon desktop environment, "Gala" is the window manager and compositing manager, based on libmutter, designed by elementary for use with Pantheon.' 'In the context of the elementary OS desktop environment, "Wingpanel" is the stylish top panel that holds indicators and spawns the application launcher, similar in function to the GNOME Shells top panel.' 'MySQL is a popular, open-source relational database management system (RDBMS) that uses the Structured Query Language (SQL) to store and manage data, known for its reliability, performance, and scalability.' 'Winbind is a client-side service, part of the Samba suite, that allows Linux/Unix systems to resolve user and group information from Windows NT/Active Directory servers, enabling domain users to appear and operate as UNIX users on those systems.' 'In the context of Linux, particularly Ultimate Arch Linux, "reflector" is a tool used to automatically update and select the fastest and most reliable mirrorlist for package downloads and updates, improving package download speeds and ensuring a smoother user experience.' 'libvirtd is the server-side daemon component of the libvirt virtualization management system, running on host servers to manage virtualized guests, including starting, stopping, and migrating them, as well as managing networking and storage.' 'Firewalld provides a dynamically managed firewall with support for network/firewall zones that define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings, ethernet bridges and IP sets. There is a separation of runtime and permanent configuration options. It also provides an interface for services or applications to add firewall rules directly.' 'rpcbind service (formerly known as portmap) acts as a translator for Remote Procedure Call (RPC) services. It maps RPC program numbers to the network addresses (specifically, ports) where those services are listening. Think of it as a phone book for RPC services: when a client wants to use an RPC service, it first consults rpcbind to find the correct port to connect to.' 'In Linux, the NFS v4 server service, typically named nfsd, allows clients to access files and directories over a network as if they were local. It implements the Network File System version 4 protocol, providing features like lease-based file locking and security enhancements. The primary port used by NFSv4 is 2049, and its the only port required for NFSv4, unlike older versions.' 'The NFS (Network File System) server service in Linux enables a system to share its directories and files over a network with other Linux clients. This allows users and programs on client machines to access remote files as if they were stored locally.
' )
Encapsulate "Scanning for enabled services."
echo '<hr>
<h2><a class="onwhite" name="services"></a><strong><span style="text-decoration: underline;"><a href="#contents">Services &amp; Networking</span></strong></a></h2>
<p>
  <div class="content_section_text">
  <p>The following services are enabed &amp; configured for you: ' >> "${WEBPAGE}"
FullBar
echo "${SERVICEOUTPUT}" >> "${WEBPAGE}"
	echo "</p>
<hr>" >> "${WEBPAGE}"
for EACH in "${SERVICES[@]}"
do
	STATUS="Disabled"
	for SERVICE in "${ENABLEDSERVICES[@]}"
	do
		INSTALLED=$(LC_ALL=C.UTF-8 pacman -Qi | awk '/^Name/{name=$3} /^Installed Size/{print $4$5, name}' | LC_ALL=C.UTF-8 sort -h | grep "${PACKAGENAMES[${INDEX}]}" 2>/dev/null)
		#echo "Comparing :${EACH} to ${SERVICE} | ${INSTALLED} | ${STATUS}"
		if [[ "${EACH}" == "${SERVICE}" ]]; then
			STATUS="Enabled"
			#if [[ "${INSTALLED}" ]]; then
			#	APPINSTALLED = "${PACKAGENAMES[${INDEX}]}"
			#fi
			if [[ "${INSTALLED}" ]]; then
				Encapsulate "Enabled Service: ${SERVICE} generating HTML for the section."
				echo -n '<p><a href="http://#services/">' >> "${WEBPAGE}"
				echo -n "${LONGNAME[${INDEX}]}" >> "${WEBPAGE}"
				echo -n "</a></p>" >> "${WEBPAGE}"
				echo "<p>" >> "${WEBPAGE}"
				echo "${SERVICEDESC[${INDEX}]}" >> "${WEBPAGE}"
				echo "</p>" >> "${WEBPAGE}"
				if [[ "${INSTALLED}" ]]; then
					echo "<p>Status: Installed, ${STATUS} &amp; pre-configured.</p>" >> "${WEBPAGE}"
				else
					echo "<p>Not installed, to install: sudo pacman -Syuu ${PACKAGENAMES[${INDEX}]}</p>" >> "${WEBPAGE}"
				fi
				echo "<hr>" >> "${WEBPAGE}"
			fi
		fi
	done
	if [[ "${STATUS}" == "Disabled" ]]; then
			Encapsulate "Disabled Service: ${EACH}."
			echo -n '<p><a href="http://#services/">' >> "${WEBPAGE}"
			echo -n "${LONGNAME[${INDEX}]}" >> "${WEBPAGE}"
			echo -n "</a></p>" >> "${WEBPAGE}"
			echo "<p>" >> "${WEBPAGE}"
			echo "${SERVICEDESC[${INDEX}]}" >> "${WEBPAGE}"
			echo "</p>" >> "${WEBPAGE}"
			echo "<p>Not installed, to install: sudo pacman -Syuu ${PACKAGENAMES[${INDEX}]}</p>" >> "${WEBPAGE}"
			echo "<hr>" >> "${WEBPAGE}"
	fi
	INDEX=$(( INDEX + 1 ))
	#ENABLEDSERVICE=$(grep -i "${SERVICEOUT}"
done
echo '</div>
<hr>' >> "${WEBPAGE}"
Encapsulate "Service Index is done."
INDEX=0
declare -a APPS=( 'netdata' 'cockpit-bridge' 'php' 'ums' 'ventoy-web' 'minidlnad' )
declare -a URLS=( '"http://localhost:19999">Netdata' '"http://127.0.0.1:9090/">Cockpit (username: ultimate password: leave blank. Your username and password once installed.)' '"http://127.0.0.1/phpinfo.php">PHP Info' '"http://127.0.0.1:9001/">Ultimate Arch Universal Media Server' '<a href="http://127.0.0.1:24680/">here</a>' '"http://127.0.0.1:8200/">MiniDLNA Media Server' )

echo '<hr>
<h2><a class="onwhite" name="stats"></a><strong><span style="text-decoration: underline;"><a href="#contents">Stats &amp; Monitoring</span></strong></a></h2>
<p>
  <div class="content_section_text">
<ul>
<li><a href="http://127.0.0.1/linux-dash/">linux-dash</a></li>' >> "${WEBPAGE}"
for EACH in "${APPS[@]}"
do
	INSTALLED=$(type -p "${EACH}")
	if [[ "${INSTALLED}" ]]; then
		echo "<li><a href=${URLS[${INDEX}]}</a></li>" >> "${WEBPAGE}"
	fi
	INDEX=$((INDEX + 1))
done
echo '</ul>
<p>This is very impressive, once installed.  Carries your credentials to that server / Operating System.
To each service FTP, SSH, NFS, Samba as well all the above.</p>

<p>I almost forgot to mention. <a href="file:///srv/http/repostorm.pdf"> RepoStorm</a> another application I wrote at least 20 years ago.  Repostorm has fixed many packages in this Operating System, jacking the level of security way beyond any on this planet.</p>
</div>
<hr>' >> "${WEBPAGE}"
Encapsulate "Setting UID Bit for special apps & folders"
if [[ -f "/usr/bin/sudo" ]]; then
	sudo chmod 4755 "/usr/bin/sudo"
fi
if [[ -f "/usr/bin/passwd" ]]; then
	sudo chmod 4755 "/usr/bin/passwd"
fi
if [[ -f "/usr/bin pkexec" ]]; then
	sudo chmod u+s "/usr/bin/pkexec"
fi
if [[ -d "/etc/cryptsetup-keys.d/" ]]; then
	sudo chmod 700 "/etc/cryptsetup-keys.d/"
fi
if [[ -d "/var/lib/udisks2/" ]]; then
	sudo chmod 700 "/var/lib/udisks2/"
fi
if [[ -d "/etc/samba/private/" ]]; then
	sudo chmod 700 "/etc/samba/private/"
fi
if [[ -d "/var/lib/samba/bind-dns/" ]]; then
	sudo chmod 770 "/var/lib/samba/bind-dns/"
fi
if [[ -d "/var/lib/samba/private/" ]]; then
	sudo chmod 700 "/var/lib/samba/private/"
fi
if [[ -d "/var/spool/samba/" ]]; then
	sudo chmod 1777 "/var/spool/samba/"
fi
if [[ -d "/var/db/sudo/" ]]; then
	sudo chmod 711 "/var/db/sudo/"
fi
if [[ -d "/var/db/sudo/lectured/" ]]; then
	sudo chmod 711 "/var/db/sudo/lectured/"
fi

if [[ -f "/var/lib/aide/aide.db.new.gz" ]]; then
	Encapsulate "Moving Aide database."
	mv "/var/lib/aide/aide.db.new.gz" "/var/lib/aide/aide.db.gz"
fi
INSTALLED=$(type -p lynis)
if [[ "${INSTALLED}" ]]; then
	Encapsulate "Detecting security power... Please wait."
	CSECURITY=$(sudo lynis audit system 2>/dev/null | grep "Hardening" | grep "index" | cut -d ":" -f2 | cut -d " " -f2 | sed 's/\x1B\[[0-9;]*m//g')
	SECURITY=${CSECURITY//[^[:ascii:]]/}
	Encapsulate "Security Power: ${SECURITY}%"
echo '<h2><a class="onwhite" name="security"></a><strong><span style="text-decoration: underline;"><a href="#contents">Security</span></strong></a></h2>
<p>
  <div class="content_section_text">
	<p>
		  typing:</p>
		  sudo lynis audit system<br><br>
		  Will tell you where you sit at time of build: ' >> "${WEBPAGE}"
echo "${SECURITY}%.<br><br>
I did not by default jack up the security level in the O/S, I leave that up to you. Carries a high security rating out of the box, way higher than any O/S I have seen off the snap.
		  " >> "${WEBPAGE}"
echo '<p>sudo <a href="file:///srv/http/uno.pdf">uno</a> --security</p><br><br>
		  Will jack security up further, I &amp; so can you push it way higher.<br><br>
	</p>
	<p>Ever wonder why I ask to get hacked, my wife hates it when I do so.  Massive traffic comes my way trying to find a hole.  If they can find it I write software to close it.  I have never turned in the hacker.  They love my hacking challenges. You benefit from my wifes loses &amp; I. I have done that too for years. I am not just an O/S architect, a programmer &amp; former hacker. Proper term is &quot;Cracker&quot;</p>
	<p>  I really have turned over a new leaf &amp; help people. I do get accused anytime something bad happens.
</p>
</div>' >> "${WEBPAGE}"
fi
Encapsulate "Closing out Index."
echo '</h2><hr>
			<h2><a class="onwhite" name="conclusion"></a><strong><span style="text-decoration: underline;"><a href="#contents">Conclusion</span></strong></a></h2>
			<p>PLACEHOLDER</p>
			<p>Enjoy,</p>
			<p>Glenn Cady</p><br>
	<p>CEO</p>
	<p>Leading Programmer</p>
	<p>WebMaster</p>
	<p>Ultimate Edition Arch Linux</p>
	<p>Ultimate Edition Linux</p>
	<p><a href="mailto:theemahn@archultimateedition.com">TheeMahn</a></p>
			</div>
			</body>
			</html>' >> "${WEBPAGE}"
CURRENT="${PWD}"
cd "/lib"
if ! [[ -f libkpmcore.so.13 ]]; then
	Encapsulate "Setting Symlinks for libkpmcore."
	ln -s libkpmcore.so.13 libkpmcore.so.12
	ln -s libboost_python313.so.1.88.0 libboost_python313.so.1.87.0
else
	Encapsulate "KPM Core Symlinks already set."
fi
if ! [[ -f libboost_python313.so.1.87.0 ]]; then
	Encapsulate "Setting Symlinks for libboost."
	ln -s libboost_python313.so.1.88.0 libboost_python313.so.1.87.0
else
	Encapsulate "LibBoost Symlinks already set."
fi
LOGS
