SecureCheck/securecheck/catalog.py

from __future__ import annotations

from .models import Scenario, TaskDefinition
from .tasks import (
    automatic_updates,
    bind,
    docker_setup,
    firewall_setup,
    log_rotation,
    lynis_audit,
    rootkit_check,
    system_hardening,
    system_update,
    utilities_setup,
    zram_setup,
    zsh_setup,
)


def task_catalog() -> list[TaskDefinition]:
    base = [
        TaskDefinition(
            key="system_update",
            label="Mise à jour système",
            description="Met à jour le système et nettoie les paquets obsolètes.",
            category="Maintenance",
            handler=lambda context: None,  # replaced by bind()
            default_selected=True,
        ),
        TaskDefinition(
            key="automatic_updates",
            label="Mises à jour automatiques",
            description="Configure unattended-upgrades ou dnf-automatic.",
            category="Maintenance",
            handler=lambda context: None,
            default_selected=True,
        ),
        TaskDefinition(
            key="lynis_audit",
            label="Audit Lynis",
            description="Lance un audit sécurité automatisé avec Lynis.",
            category="Sécurité",
            handler=lambda context: None,
            default_selected=True,
        ),
        TaskDefinition(
            key="rootkit_check",
            label="Vérification rootkits",
            description="Exécute rkhunter et chkrootkit.",
            category="Sécurité",
            handler=lambda context: None,
            default_selected=True,
        ),
        TaskDefinition(
            key="log_rotation",
            label="Rotation des logs",
            description="Installe et configure logrotate pour SecureCheck.",
            category="Maintenance",
            handler=lambda context: None,
            default_selected=True,
        ),
        TaskDefinition(
            key="zsh_setup",
            label="Installation et configuration zsh",
            description="Installe zsh et applique une configuration utilisateur propre.",
            category="Poste",
            handler=lambda context: None,
            default_selected=True,
        ),
        TaskDefinition(
            key="utilities_setup",
            label="Utilitaires pratiques",
            description="Installe les outils usuels de maintenance et sécurité.",
            category="Poste",
            handler=lambda context: None,
            default_selected=True,
        ),
        TaskDefinition(
            key="zram_setup",
            label="zram auto-configuré",
            description="Déploie un service zram dimensionné automatiquement.",
            category="Performance",
            handler=lambda context: None,
            default_selected=True,
        ),
        TaskDefinition(
            key="firewall_setup",
            label="Vérification / autoconfig du firewall",
            description="Active et sécurise UFW ou firewalld.",
            category="Sécurité",
            handler=lambda context: None,
            default_selected=True,
        ),
        TaskDefinition(
            key="docker_setup",
            label="Installation / check Docker",
            description="Installe Docker et configure la rotation de ses logs.",
            category="Services",
            handler=lambda context: None,
            default_selected=False,
        ),
        TaskDefinition(
            key="system_hardening",
            label="Durcissement système (hardening)",
            description="Applique un durcissement complet : sysctl, SSH, PAM, modules noyau, permissions, AIDE, bannières, limites de sécurité.",
            category="Sécurité",
            handler=lambda context: None,
            default_selected=False,
        ),
    ]

    handlers = {
        "system_update": system_update,
        "automatic_updates": automatic_updates,
        "lynis_audit": lynis_audit,
        "rootkit_check": rootkit_check,
        "log_rotation": log_rotation,
        "zsh_setup": zsh_setup,
        "utilities_setup": utilities_setup,
        "zram_setup": zram_setup,
        "firewall_setup": firewall_setup,
        "docker_setup": docker_setup,
        "system_hardening": system_hardening,
    }
    return [bind(task, handlers[task.key]) for task in base]


def builtin_scenarios() -> list[Scenario]:
    return [
        Scenario(
            name="baseline_workstation",
            description="Socle poste Linux durci et outillé.",
            task_keys=[
                "system_update",
                "automatic_updates",
                "log_rotation",
                "zsh_setup",
                "utilities_setup",
                "zram_setup",
                "firewall_setup",
            ],
            builtin=True,
        ),
        Scenario(
            name="security_audit",
            description="Audit et vérifications de sécurité.",
            task_keys=[
                "system_update",
                "lynis_audit",
                "rootkit_check",
                "firewall_setup",
                "log_rotation",
            ],
            builtin=True,
        ),
        Scenario(
            name="docker_host",
            description="Socle serveur avec Docker et pare-feu.",
            task_keys=[
                "system_update",
                "automatic_updates",
                "firewall_setup",
                "docker_setup",
                "log_rotation",
            ],
            builtin=True,
        ),
    ]