From 437b1ed172231d02e8337f054b3728e50d080b2e Mon Sep 17 00:00:00 2001
From: Admin MPCZ <admin@mpcz.fr>
Date: Mon, 27 Apr 2026 23:53:15 +0200
Subject: [PATCH] feat(qualys/agents): ajout checks espace disque +
 connectivite console Qualys (qualysagent/qualysguard.qualys.eu)

---
 app/services/realtime_audit_service.py | 23 +++++++++++++++++++++++
 app/templates/qualys_agent_audit.html  | 12 ++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/app/services/realtime_audit_service.py b/app/services/realtime_audit_service.py
index 8fefe13..9151e4f 100644
--- a/app/services/realtime_audit_service.py
+++ b/app/services/realtime_audit_service.py
@@ -594,6 +594,29 @@ QUALYS_AGENT_CMDS = {
         "done; "
         "echo 'log Qualys introuvable. Chemins testes: /var/log/qualys/*, /var/log/qualys-cloud-agent/*, /usr/local/qualys/cloud-agent/log/*, /var/log/qualysagent/*'"
     ),
+    "disk_space": (
+        "echo '=== Disque global ==='; "
+        "df -h 2>/dev/null | grep -vE '^(tmpfs|devtmpfs|Filesystem|overlay|/dev/loop)' | head -15; "
+        "echo; echo '=== /var/log (partition agent) ==='; "
+        "df -h /var/log 2>/dev/null | tail -1; "
+        "echo; echo '=== Top 5 dossiers /var/log ==='; "
+        "(du -sh /var/log/* 2>/dev/null | sort -rh | head -5) || (sudo -n du -sh /var/log/* 2>/dev/null | sort -rh | head -5) || echo '(non lisible)'"
+    ),
+    "qualys_connectivity": (
+        "for url in https://qualysagent.qualys.eu https://qualysguard.qualys.eu; do "
+        "  echo \"=== $url ===\"; "
+        "  if command -v curl >/dev/null 2>&1; then "
+        "    curl --connect-timeout 5 -sS -o /dev/null -w 'HTTP %{http_code} | IP %{remote_ip} | %{time_total}s\\n' \"$url\" 2>&1 || echo 'CONNEXION ECHEC (timeout / DNS / firewall ?)'; "
+        "  elif command -v wget >/dev/null 2>&1; then "
+        "    wget --timeout=5 --tries=1 --spider \"$url\" 2>&1 | grep -E 'response|connecting|failed' | head -3; "
+        "  elif command -v openssl >/dev/null 2>&1; then "
+        "    host=${url#https://}; "
+        "    timeout 5 openssl s_client -connect \"$host:443\" -servername \"$host\" </dev/null 2>&1 | grep -E 'CONNECTED|verify return|subject=' | head -3 || echo 'openssl FAIL'; "
+        "  else "
+        "    echo '(ni curl, ni wget, ni openssl disponibles)'; "
+        "  fi; "
+        "done"
+    ),
     "system_log": (
         "if command -v journalctl >/dev/null 2>&1; then "
         "  out=$(journalctl -u qualys-cloud-agent --no-pager -n 50 2>/dev/null || sudo -n journalctl -u qualys-cloud-agent --no-pager -n 50 2>/dev/null); "
diff --git a/app/templates/qualys_agent_audit.html b/app/templates/qualys_agent_audit.html
index bdace56..f774113 100644
--- a/app/templates/qualys_agent_audit.html
+++ b/app/templates/qualys_agent_audit.html
@@ -78,6 +78,18 @@
     <pre style="background:#0b0f1a;color:#e5e7eb;padding:10px;border-radius:4px;font-size:11px;overflow-x:auto;white-space:pre-wrap">{{ audit.agent_version or '(vide)' }}</pre>
 </div>
 
+<!-- Espace disque -->
+<div class="card p-4 mb-4">
+    <h3 class="text-sm font-bold text-cyber-accent mb-2">Espace disque</h3>
+    <pre style="background:#0b0f1a;color:#e5e7eb;padding:10px;border-radius:4px;font-size:11px;overflow-x:auto;white-space:pre-wrap">{{ audit.disk_space or '(vide)' }}</pre>
+</div>
+
+<!-- Connectivité console Qualys -->
+<div class="card p-4 mb-4">
+    <h3 class="text-sm font-bold text-cyber-accent mb-2">Connectivité console Qualys</h3>
+    <pre style="background:#0b0f1a;color:#e5e7eb;padding:10px;border-radius:4px;font-size:11px;overflow-x:auto;white-space:pre-wrap">{{ audit.qualys_connectivity or '(vide)' }}</pre>
+</div>
+
 <!-- Log agent Qualys -->
 <div class="card p-4 mb-4">
     <h3 class="text-sm font-bold text-cyber-accent mb-2">Log agent Qualys (50 dernières lignes)</h3>