# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_almalinux
# Remediation is applicable only in certain platforms
if dpkg-query --show --showformat='${db:Status-Status}' 'auditd' 2>/dev/null | grep -q '^installed$' && dpkg-query --show --showformat='${db:Status-Status}' 'linux-base' 2>/dev/null | grep -q '^installed$'; then

var_audispd_remote_server='(bash-populate var_audispd_remote_server)'


AUDITCONFIG=/etc/audit/audisp-remote.conf


AUREMOTECONFIG=/etc/audit/plugins.d/au-remote.conf

if [ -e "$AUREMOTECONFIG" ] ; then
    
    LC_ALL=C sed -i "/^\s*active\s*=\s*/Id" "$AUREMOTECONFIG"
else
    printf '%s\n' "Path '$AUREMOTECONFIG' wasn't found on this system. Refusing to continue." >&2
    return 1
fi
# make sure file has newline at the end
sed -i -e '$a\' "$AUREMOTECONFIG"

cp "$AUREMOTECONFIG" "$AUREMOTECONFIG.bak"
# Insert at the end of the file
printf '%s\n' "active = yes" >> "$AUREMOTECONFIG"
# Clean up after ourselves.
rm "$AUREMOTECONFIG.bak"


if [ -e "$AUDITCONFIG" ] ; then
    
    LC_ALL=C sed -i "/^\s*remote_server\s*=\s*/Id" "$AUDITCONFIG"
else
    printf '%s\n' "Path '$AUDITCONFIG' wasn't found on this system. Refusing to continue." >&2
    return 1
fi
# make sure file has newline at the end
sed -i -e '$a\' "$AUDITCONFIG"

cp "$AUDITCONFIG" "$AUDITCONFIG.bak"
# Insert at the end of the file
printf '%s\n' "remote_server = $var_audispd_remote_server" >> "$AUDITCONFIG"
# Clean up after ourselves.
rm "$AUDITCONFIG.bak"

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi