CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11328 from Security-Onion-Solutions/fix/checkreq

Browse Source 
improvents for checking system requirements
This commit is contained in:
Josh Patterson
2023-09-15 09:17:04 -04:00
committed by GitHub
parent af68af7f18 c65c9777bd
commit 26da525ebe
4 changed files with 59 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
setup/so-functions
View File

@@ -707,8 +707,6 @@ checkin_at_boot() {
} }
check_requirements() { check_requirements() {
local standalone_or_dist=$1
local node_type=$2 # optional
local req_mem local req_mem
local req_cores local req_cores
local req_storage local req_storage
@@ -716,27 +714,57 @@ check_requirements() {
readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0" | sed 's/ //g' | sed -r 's/(.*)(\.[0-9]+)@\1/\1\2/g')" readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0" | sed 's/ //g' | sed -r 's/(.*)(\.[0-9]+)@\1/\1\2/g')"
local num_nics=${#nic_list[@]} local num_nics=${#nic_list[@]}
if [[ "$standalone_or_dist" == 'standalone' ]]; then if [[ $is_eval ]]; then
req_mem=12 req_mem=12
req_cores=4 req_cores=4
req_nics=2 req_nics=2
elif [[ "$standalone_or_dist" == 'dist' ]]; then elif [[ $is_standalone ]]; then
req_mem=8 req_mem=24
req_cores=4 req_cores=4
if [[ "$node_type" == 'sensor' ]]; then req_nics=2; else req_nics=1; fi req_nics=2
if [[ "$node_type" == 'fleet' ]]; then req_mem=4; fi elif [[ $is_manager ]]; then
if [[ "$node_type" == 'idh' ]]; then req_mem=1 req_cores=2; fi req_mem=16
elif [[ "$standalone_or_dist" == 'import' ]]; then req_cores=4
req_nics=1
elif [[ $is_managersearch ]]; then
req_mem=16
req_cores=8
req_nics=1
elif [[ $is_sensor ]]; then
req_mem=12
req_cores=4
req_nics=2
elif [[ $is_fleet ]]; then
req_mem=4 req_mem=4
req_cores=4
req_nics=1
elif [[ $is_searchnode ]]; then
req_mem=16
req_cores=4
req_nics=1
elif [[ $is_heavynode ]]; then
req_mem=24
req_cores=4
req_nics=2
elif [[ $is_idh ]]; then
req_mem=1
req_cores=2
req_nics=1
elif [[ $is_import ]]; then
req_mem=4
req_cores=2
req_nics=1
elif [[ $is_receiver ]]; then
req_mem=8
req_cores=2 req_cores=2
req_nics=1 req_nics=1
fi fi
if [[ $setup_type == 'network' ]] ; then if [[ $setup_type == 'network' ]] ; then
if [[ -n $nsm_mount ]]; then if [[ -n $nsm_mount ]]; then # does a /nsm mount exist
if [[ "$standalone_or_dist" == 'import' ]]; then if [[ $is_import ]]; then
req_storage=50 req_storage=50
elif [[ "$node_type" == 'idh' ]]; then elif [[ $is_idh ]]; then
req_storage=12 req_storage=12
else else
req_storage=100 req_storage=100
@@ -748,10 +776,10 @@ check_requirements() {
whiptail_storage_requirements "/nsm" "${free_space_nsm} GB" "${req_storage} GB" whiptail_storage_requirements "/nsm" "${free_space_nsm} GB" "${req_storage} GB"
fi fi
else else
if [[ "$standalone_or_dist" == 'import' ]]; then if [[ $is_import ]]; then
req_storage=50 req_storage=50
elif [[ "$node_type" == 'idh' ]]; then elif [[ $is_idh ]]; then
req_storage=12 req_storage=12
else else
req_storage=200 req_storage=200
fi fi

22
setup/so-setup
View File

@@ -422,7 +422,7 @@ if ! [[ -f $install_opt_file ]]; then
# If it is an install from ISO is this airgap? # If it is an install from ISO is this airgap?
[[ $is_iso ]] && whiptail_airgap [[ $is_iso ]] && whiptail_airgap
# Make sure minimum requirements are met # Make sure minimum requirements are met
check_requirements "manager" check_requirements
# Do networking things # Do networking things
networking_needful networking_needful
# Do we need a proxy? # Do we need a proxy?
@@ -453,7 +453,7 @@ if ! [[ -f $install_opt_file ]]; then
monints=true monints=true
check_elastic_license check_elastic_license
[[ $is_iso ]] && whiptail_airgap [[ $is_iso ]] && whiptail_airgap
check_requirements "manager" check_requirements
networking_needful networking_needful
[[ ! $is_airgap ]] && collect_net_method [[ ! $is_airgap ]] && collect_net_method
collect_dockernet collect_dockernet
@@ -474,7 +474,7 @@ if ! [[ -f $install_opt_file ]]; then
check_elastic_license check_elastic_license
waitforstate=true waitforstate=true
[[ $is_iso ]] && whiptail_airgap [[ $is_iso ]] && whiptail_airgap
check_requirements "manager" check_requirements
networking_needful networking_needful
[[ ! $is_airgap ]] && collect_net_method [[ ! $is_airgap ]] && collect_net_method
collect_dockernet collect_dockernet
@@ -494,7 +494,7 @@ if ! [[ -f $install_opt_file ]]; then
check_elastic_license check_elastic_license
waitforstate=true waitforstate=true
[[ $is_iso ]] && whiptail_airgap [[ $is_iso ]] && whiptail_airgap
check_requirements "manager" check_requirements
networking_needful networking_needful
[[ ! $is_airgap ]] && collect_net_method [[ ! $is_airgap ]] && collect_net_method
collect_dockernet collect_dockernet
@@ -512,7 +512,7 @@ if ! [[ -f $install_opt_file ]]; then
elif [[ $is_sensor ]]; then elif [[ $is_sensor ]]; then
info "Setting up as node type sensor" info "Setting up as node type sensor"
monints=true monints=true
check_requirements "sensor" check_requirements
calculate_useable_cores calculate_useable_cores
networking_needful networking_needful
check_network_manager_conf check_network_manager_conf
@@ -527,7 +527,7 @@ if ! [[ -f $install_opt_file ]]; then
elif [[ $is_fleet ]]; then elif [[ $is_fleet ]]; then
info "Setting up as node type fleet" info "Setting up as node type fleet"
check_requirements "fleet" check_requirements
networking_needful networking_needful
check_network_manager_conf check_network_manager_conf
set_network_dev_status_list set_network_dev_status_list
@@ -540,7 +540,7 @@ if ! [[ -f $install_opt_file ]]; then
elif [[ $is_searchnode ]]; then elif [[ $is_searchnode ]]; then
info "Setting up as node type searchnode" info "Setting up as node type searchnode"
check_requirements "elasticsearch" check_requirements
networking_needful networking_needful
check_network_manager_conf check_network_manager_conf
set_network_dev_status_list set_network_dev_status_list
@@ -554,7 +554,7 @@ if ! [[ -f $install_opt_file ]]; then
elif [[ $is_heavynode ]]; then elif [[ $is_heavynode ]]; then
info "Setting up as node type heavynode" info "Setting up as node type heavynode"
monints=true monints=true
check_requirements "heavynode" check_requirements
calculate_useable_cores calculate_useable_cores
networking_needful networking_needful
check_network_manager_conf check_network_manager_conf
@@ -569,7 +569,7 @@ if ! [[ -f $install_opt_file ]]; then
elif [[ $is_idh ]]; then elif [[ $is_idh ]]; then
info "Setting up as node type idh" info "Setting up as node type idh"
check_requirements "idh" check_requirements
networking_needful networking_needful
collect_mngr_hostname collect_mngr_hostname
add_mngr_ip_to_hosts add_mngr_ip_to_hosts
@@ -583,7 +583,7 @@ if ! [[ -f $install_opt_file ]]; then
waitforstate=true waitforstate=true
[[ $is_iso ]] && whiptail_airgap [[ $is_iso ]] && whiptail_airgap
check_elastic_license check_elastic_license
check_requirements "import" check_requirements
networking_needful networking_needful
[[ ! $is_airgap ]] && detect_cloud [[ ! $is_airgap ]] && detect_cloud
collect_dockernet collect_dockernet
@@ -601,7 +601,7 @@ if ! [[ -f $install_opt_file ]]; then
elif [[ $is_receiver ]]; then elif [[ $is_receiver ]]; then
info "Setting up as node type receiver" info "Setting up as node type receiver"
check_requirements "receiver" check_requirements
networking_needful networking_needful
collect_mngr_hostname collect_mngr_hostname
add_mngr_ip_to_hosts add_mngr_ip_to_hosts

6
setup/so-variables
View File

@@ -5,7 +5,7 @@ mkdir -p /nsm
total_mem=$(grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//') total_mem=$(grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//')
export total_mem export total_mem
total_mem_hr=$(grep MemTotal /proc/meminfo | awk '{ printf("%.0f", $2/1024/1024); }') total_mem_hr=$(grep MemTotal /proc/meminfo | awk '{ printf("%.0f", $2/1000/1000); }')
export total_mem_hr export total_mem_hr
num_cpu_cores=$(nproc) num_cpu_cores=$(nproc)
@@ -32,10 +32,10 @@ export filesystem_root
filesystem_nsm=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') filesystem_nsm=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
export filesystem_nsm export filesystem_nsm
free_space_nsm=$(df -Pk /nsm | sed 1d | grep -v used | awk '{ print $4 / 1048576 }' | awk '{ printf("%.0f", $1) }') free_space_nsm=$(df -Pk /nsm | sed 1d | grep -v used | awk '{ print $4 / 1042803 }' | awk '{ printf("%.0f", $1) }')
export free_space_nsm export free_space_nsm
free_space_root=$(df -Pk / | sed 1d | grep -v used | awk '{ print $4 / 1048576 }' | awk '{ printf("%.0f", $1) }') free_space_root=$(df -Pk / | sed 1d | grep -v used | awk '{ print $4 / 1042803 }' | awk '{ printf("%.0f", $1) }')
export free_space_root export free_space_root
readarray -t mountpoints <<< "$(lsblk -nlo MOUNTPOINT)" readarray -t mountpoints <<< "$(lsblk -nlo MOUNTPOINT)"

17
setup/so-whiptail
View File

@@ -232,7 +232,7 @@ whiptail_requirements_error() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
if [[ $(echo "$requirement_needed" | tr '[:upper:]' '[:lower:]') == 'nics' ]]; then if [[ $(echo "$requirement_needed" | tr '[:upper:]' '[:lower:]') =~ 'nic' ]]; then
whiptail --title "$whiptail_title" \ whiptail --title "$whiptail_title" \
--msgbox "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select OK to exit setup and reconfigure the machine." 10 75 --msgbox "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select OK to exit setup and reconfigure the machine." 10 75
@@ -1184,21 +1184,6 @@ whiptail_reinstall() {
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
} }
whiptail_requirements_error() {
local requirement_needed=$1
local current_val=$2
local needed_val=$3
[ -n "$TESTING" ] && return
whiptail --title "$whiptail_title" \
--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select YES to continue anyway, or select NO to cancel." 10 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_sensor_config() { whiptail_sensor_config() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return