From 4c5c0858328481e0f015db4ca6c5df3e3e404d00 Mon Sep 17 00:00:00 2001
From: benya <benya@daemonlord.ru>
Date: Sat, 7 Feb 2026 23:57:50 +0300
Subject: [PATCH] Expand security status details

---
 system_checks.py | 45 ++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 42 insertions(+), 3 deletions(-)

diff --git a/system_checks.py b/system_checks.py
index 43b2934..1dca74c 100644
--- a/system_checks.py
+++ b/system_checks.py
@@ -19,10 +19,49 @@ def security() -> str:
     if not out or "ERROR:" in out:
         return "🔐 Security\n\n⚠️ permitrootlogin not found"
 
-    if "no" in out.lower():
-        return "🔐 Security\n\n🟢 Root login disabled"
+    lines = ["🔐 Security\n"]
 
-    return "🔐 Security\n\n🔴 Root login ENABLED"
+    if "no" in out.lower():
+        lines.append("🟢 Root login disabled")
+    else:
+        lines.append("🔴 Root login ENABLED")
+
+    pass_auth = _cmd("sshd -T | grep -i '^passwordauthentication'")
+    if pass_auth and "ERROR:" not in pass_auth:
+        lines.append("🔴 Password auth enabled" if "yes" in pass_auth.lower() else "🟢 Password auth disabled")
+
+    pubkey_auth = _cmd("sshd -T | grep -i '^pubkeyauthentication'")
+    if pubkey_auth and "ERROR:" not in pubkey_auth:
+        lines.append("🟢 Pubkey auth enabled" if "yes" in pubkey_auth.lower() else "🔴 Pubkey auth disabled")
+
+    sec_updates = _cmd("apt list --upgradable 2>/dev/null | grep -i security | wc -l")
+    if sec_updates and "ERROR:" not in sec_updates:
+        try:
+            count = int(sec_updates.strip())
+            lines.append(f"🔔 Security updates: {count}")
+        except ValueError:
+            pass
+
+    time_info = _cmd("timedatectl")
+    if time_info and "ERROR:" not in time_info:
+        tz = None
+        ntp = None
+        synced = None
+        for line in time_info.splitlines():
+            if "Time zone:" in line:
+                tz = line.split("Time zone:", 1)[1].strip()
+            if "NTP service:" in line:
+                ntp = line.split("NTP service:", 1)[1].strip()
+            if "System clock synchronized:" in line:
+                synced = line.split("System clock synchronized:", 1)[1].strip()
+        if tz:
+            lines.append(f"🕒 Time zone: {tz}")
+        if ntp:
+            lines.append(f"🔧 NTP service: {ntp}")
+        if synced:
+            lines.append(f"⏱ Clock synced: {synced}")
+
+    return "\n".join(lines)
 
 
 # ---------- DISKS ----------