Merge pull request #628 from Security-Onion-Solutions/feature/hw-requirements

Feature/hw requirements

setup/so-functions

@@ -357,6 +357,39 @@ checkin_at_boot() {
 	echo "startup_states: highstate" >> "$minion_config"
 }
 
+
+check_requirements() {
+	local eval_or_dist=$1
+	local node_type=$2 # optional
+	local req_mem
+	local req_cores
+	local nic_list
+	readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0"  | sed 's/ //g')"
+	local num_nics=${#nic_list[@]}
+
+	if [[ "$eval_or_dist" == 'eval' ]]; then
+		req_mem=12
+		req_cores=4
+		req_nics=2
+	elif [[ "$eval_or_dist" == 'dist' ]]; then
+		req_mem=8
+		req_cores=4
+		if [[ "$node_type" == 'sensor' ]]; then req_nics=2; else req_nics=1; fi
+	fi
+
+	if [[ $num_nics -lt $req_nics ]]; then
+		whiptail_requirements_error "NICs" "$num_nics" "$req_nics"
+	fi
+
+	if [[ $num_cpu_cores -lt $req_cores ]]; then
+		whiptail_requirements_error "cores" "$num_cpu_cores" "$req_cores"
+	fi
+	
+	if [[ $total_mem_hr -lt $req_mem ]]; then
+		whiptail_requirements_error "memory" "${total_mem_hr}GB" "${req_mem}GB"
+	fi
+}
+
 copy_master_config() {
 
 	# Copy the master config template to the proper directory

setup/so-setup

@@ -57,8 +57,6 @@ fi
 
 whiptail_install_type
 
-whiptail_patch_schedule
-
 if [ "$install_type" = 'EVAL' ]; then
 	is_node=true
 	is_master=true
@@ -89,6 +87,16 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then
 	is_helix=true
 fi
 
+if [[ $is_eval ]]; then
+	check_requirements "eval"
+elif [[ $is_distmaster || $is_minion ]]; then
+	check_requirements "dist"
+elif [[ $is_sensor && ! $is_eval ]]; then
+	check_requirements "dist" "sensor"
+fi
+
+whiptail_patch_schedule
+
 case "$setup_type" in
 	'iso')
 		whiptail_set_hostname
@@ -297,8 +305,10 @@ export percentage=0
 		master_pillar 2>> "$setup_log"
 	fi
 
-	set_progress_str 14 'Configuring firewall'
-	set_initial_firewall_policy 2>> "$setup_log"
+	if [[ $is_minion ]]; then
+		set_progress_str 14 'Configuring firewall'
+		set_initial_firewall_policy 2>> "$setup_log"
+	fi
 
 	set_progress_str 16 'Running first Salt checkin'
 	salt_firstcheckin 2>> "$setup_log"
@@ -326,22 +336,26 @@ export percentage=0
 		salt-key -ya "$MINION_ID" >> "$setup_log" 2>&1
 	fi
 
-	set_progress_str 22 'Generating CA and checking in'
-	salt_checkin 2>> "$setup_log"
-
-	set_progress_str 23 "$(print_salt_state_apply 'schedule')"
-	salt-call state.apply -l info schedule >> $setup_log 2>&1
-
-	set_progress_str 24 'Copying minion pillars to master'
+	set_progress_str 22 'Copying minion pillars to master'
 	copy_minion_tmp_files 2>> "$setup_log"
 
+	set_progress_str 23 'Generating CA and checking in'
+	salt_checkin 2>> "$setup_log"
+
+	set_progress_str 24 "$(print_salt_state_apply 'schedule')"
+	salt-call state.apply -l info schedule >> $setup_log 2>&1
+
+	
 	if [[ $is_master || $is_helix ]]; then
-		set_progress_str 25 'Downloading containers from the internet'
+		set_progress_str 25 'Configuring firewall'
+		set_initial_firewall_policy 2>> "$setup_log"
+		
+		set_progress_str 26 'Downloading containers from the internet'
 		salt-call state.apply -l info registry >> "$setup_log" 2>&1
 		docker_seed_registry 2>> "$setup_log" # ~ 60% when finished
 	fi
 
-	set_progress_str 61 "$(print_salt_state_apply 'firewall')"
+	set_progress_str 62 "$(print_salt_state_apply 'firewall')"
 	salt-call state.apply -l info firewall >> $setup_log 2>&1
 
 	set_progress_str 63 "$(print_salt_state_apply 'common')"

setup/so-variables

@@ -3,6 +3,9 @@
 total_mem=$(grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//')
 export total_mem
 
+total_mem_hr=$(grep MemTotal /proc/meminfo | awk '{ printf("%.0f", $2/1024/1024); }')
+export total_mem_hr
+
 num_cpu_cores=$(nproc)
 export num_cpu_cores
 

setup/so-whiptail

@@ -238,6 +238,21 @@ whiptail_create_web_user_password2() {
 
 }
 
+whiptail_requirements_error() {
+
+	local requirement_needed=$1
+	local current_val=$2
+	local needed_val=$3
+
+	[ -n "$QUIET" ] && return
+
+	whiptail --title "Security Onion Setup" \
+	--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel."  8 75
+
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+}
+
 whiptail_invalid_pass_warning() {
 
 	[ -n "$QUIET" ] && return
@@ -502,7 +517,7 @@ whiptail_make_changes() {
 
 	[ -n "$QUIET" ] && return
 
-	whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please hit YES to make changes or NO to cancel." 8 75
+	whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -598,7 +613,7 @@ whiptail_network_notice() {
 
 	[ -n "$QUIET" ] && return
 
-	whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Hit YES to continue." 8 75
+	whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Press YES to continue." 8 75
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus