CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Modify setup

Browse Source
This commit is contained in:
Mike Reeves
2024-03-04 14:53:15 -05:00
parent 0d01d09d2e
commit 018e099111
1 changed files with 24 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
salt/manager/tools/sbin/so-minion
View File

@@ -80,27 +80,26 @@ function getinstallinfo() {
} }
function pcapspace() { function pcapspace() {
if [[ "$OPERATION" == "setup" ]]; then
local NSMSIZE=$(salt '$MINION_ID' disk.usage --out=json | jq -r '.[]."/nsm"."1K-blocks" ') local SPACESIZE=$(df -h /nsm | tail -1 | awk '{print $2}')
local ROOTSIZE=$(salt '$MINION_ID' disk.usage --out=json | jq -r '.[]."/"."1K-blocks" ')
if [[ "$NSMSIZE" == "null" ]]; then
# Looks like there is no dedicated nsm partition. Using root
local SPACESIZE=$ROOTSIZE
else else
local SPACESIZE=$NSMSIZE
local NSMSIZE=$(salt '$MINION_ID' disk.usage --out=json | jq -r '.[]."/nsm"."1K-blocks" ')
local ROOTSIZE=$(salt '$MINION_ID' disk.usage --out=json | jq -r '.[]."/"."1K-blocks" ')
if [[ "$NSMSIZE" == "null" ]]; then
# Looks like there is no dedicated nsm partition. Using root
local SPACESIZE=$ROOTSIZE
else
local SPACESIZE=$NSMSIZE
fi
fi fi
local s=$(( $SPACESIZE / 1000000 )) local s=$(( $SPACESIZE / 1000000 ))
local s1=$(( $s / 2 )) local s1=$(( $s / 2 ))
local s2=$(( $s1 / $lb_procs )) local s2=$(( $s1 / $lb_procs ))
printf '%s\n'\ MAXPCAPFILES=$s2
"suricata:"\
" config:"\
" output:"\
" pcap-log:"\
" max-files: $s" >> $PILLARFILE
} }
@@ -272,6 +271,11 @@ function add_sensor_to_minion() {
echo " config:" >> $PILLARFILE echo " config:" >> $PILLARFILE
echo " af-packet:" >> $PILLARFILE echo " af-packet:" >> $PILLARFILE
echo " threads: '$CORECOUNT'" >> $PILLARFILE echo " threads: '$CORECOUNT'" >> $PILLARFILE
if [[ $is_pcaplimit ]]; then
echo " output:" >> $PILLARFILE
echo " pcap-log:" >> $PILLARFILE
echo " max-files: '$MAXPCAPFILES'" >> $PILLARFILE
fi
echo "pcap:" >> $PILLARFILE echo "pcap:" >> $PILLARFILE
echo " enabled: True" >> $PILLARFILE echo " enabled: True" >> $PILLARFILE
if [[ $is_pcaplimit ]]; then if [[ $is_pcaplimit ]]; then
@@ -448,6 +452,7 @@ function updateMine() {
function createEVAL() { function createEVAL() {
is_pcaplimit=true is_pcaplimit=true
pcapspace
add_elasticsearch_to_minion add_elasticsearch_to_minion
add_sensor_to_minion add_sensor_to_minion
add_strelka_to_minion add_strelka_to_minion
@@ -468,6 +473,7 @@ function createEVAL() {
function createSTANDALONE() { function createSTANDALONE() {
is_pcaplimit=true is_pcaplimit=true
pcapspace
add_elasticsearch_to_minion add_elasticsearch_to_minion
add_logstash_to_minion add_logstash_to_minion
add_sensor_to_minion add_sensor_to_minion
@@ -557,6 +563,7 @@ function createIDH() {
function createHEAVYNODE() { function createHEAVYNODE() {
is_pcaplimit=true is_pcaplimit=true
pcapspace
add_elasticsearch_to_minion add_elasticsearch_to_minion
add_elastic_agent_to_minion add_elastic_agent_to_minion
add_logstash_to_minion add_logstash_to_minion
@@ -567,6 +574,8 @@ function createHEAVYNODE() {
} }
function createSENSOR() { function createSENSOR() {
is_pcaplimit=true
pcapspace
add_sensor_to_minion add_sensor_to_minion
add_strelka_to_minion add_strelka_to_minion
add_telegraf_to_minion add_telegraf_to_minion