Merge pull request #3123 from Security-Onion-Solutions/kilo

Add function to soup to notify user of log_size_limit issues

salt/common/tools/sbin/soup

@@ -120,6 +120,72 @@ check_sudoers() {
 	fi
 }
 
+check_log_size_limit() {
+  local wait_for_enter=false
+
+  local num_minion_pillars
+  num_minion_pillars=$(find /opt/so/saltstack/local/pillar/minions/ -type f | wc -l)
+  
+  if [[ $num_minion_pillars -gt 1 ]]; then
+    if find /opt/so/saltstack/local/pillar/minions/ -type f | grep -q "_heavynode"; then
+      wait_for_enter=true
+      echo "[INFO] The value of log_size_limit in any heavy node minion pillars may be incorrect."
+      echo " -> We recommend checking and adjusting the values as necessary."
+      echo " -> Minion pillar directory: /opt/so/saltstack/local/pillar/minions/"
+    fi
+  else
+    local minion_id
+    minion_id=$(lookup_salt_value "id" "" "grains")
+
+    local minion_arr
+    IFS='_' read -ra minion_arr <<< "$minion_id"
+
+    local node_type="${minion_arr[0]}"
+    
+    local current_limit
+    current_limit=$(lookup_pillar "log_size_limit" "elasticsearch")
+    
+    local percent
+    case $node_type in
+      'standalone' | 'eval')
+        percent=50
+      ;;
+      *)
+        percent=80
+      ;;
+    esac
+
+    local disk_dir="/"
+    if [ -d /nsm ]; then
+      disk_dir="/nsm"
+    fi
+
+    local disk_size_1k
+    disk_size_1k=$(df $disk_dir | grep -v "^Filesystem" | awk '{print $2}')
+
+    local ratio="1048576"
+
+    local disk_size_gb
+    disk_size_gb=$( echo "$disk_size_1k" "$ratio" | awk '{print($1/$2)}' )
+
+    local new_limit
+    new_limit=$( echo "$disk_size_gb" "$percent" | awk '{printf("%.0f", $1 * ($2/100))}')
+
+    if [[ $current_limit != "$new_limit" ]]; then
+    wait_for_enter=true
+      echo "[WARNING] The value of log_size_limit (${current_limit}) does not match the recommended value of ${new_limit}."
+      echo " -> We recommend checking and adjusting the value as necessary."
+      echo " -> File: /opt/so/saltstack/local/pillar/minions/${minion_id}.sls"
+    fi
+
+    if [[ $wait_for_enter == true ]]; then
+      echo ""
+      read -n 1 -s -r -p "Press any key to continue..."
+      echo "" # Since read doesn't print a newline, print one for it
+    fi
+  fi
+}
+
 clean_dockers() {
   # Place Holder for cleaning up old docker images
   echo "Trying to clean up old dockers."
@@ -159,7 +225,7 @@ generate_and_clean_tarballs() {
   local new_version
   new_version=$(cat $UPDATE_DIR/VERSION)
   [ -d /opt/so/repo ] || mkdir -p /opt/so/repo
-  tar -cxf "/opt/so/repo/$new_version.tar.gz" "$UPDATE_DIR"
+  tar -czf "/opt/so/repo/$new_version.tar.gz" "$UPDATE_DIR"
   find "/opt/so/repo" -type f -not -name "$new_version.tar.gz" -exec rm -rf {} \;
 }
 
@@ -348,6 +414,7 @@ up_2.3.2X_to_2.3.30() {
       # Add Github repo for Strelka YARA rules
       sed -i "/^strelka:/a \\  repos: \n    - https://github.com/Neo23x0/signature-base" /opt/so/saltstack/local/pillar/global.sls;
   fi
+  check_log_size_limit
 }
 
 space_check() {
@@ -670,6 +737,8 @@ fi
 
 check_sudoers
 
+
+
 }
 
 main "$@" | tee /dev/fd/3

setup/so-functions

@@ -2283,16 +2283,16 @@ sensor_pillar() {
 }
 
 set_default_log_size() {
-    local percentage
+	local percentage
 
 	case $install_type in
 		STANDALONE | EVAL | HEAVYNODE)
 			percentage=50
-			;;
+		;;
 		*)
-            percentage=80
+			percentage=80
-			;;
+		;;
-		esac
+	esac
 
 	local disk_dir="/"
 	if [ -d /nsm ]; then
@@ -2301,13 +2301,14 @@ set_default_log_size() {
 	if [ -d /nsm/elasticsearch ]; then
 		disk_dir="/nsm/elasticsearch"
 	fi
+	
 	local disk_size_1k
 	disk_size_1k=$(df $disk_dir | grep -v "^Filesystem" | awk '{print $2}')
 
-    local ratio="1048576"
+	local ratio="1048576"
 
-    local disk_size_gb
+	local disk_size_gb
-    disk_size_gb=$( echo "$disk_size_1k" "$ratio" | awk '{print($1/$2)}' )
+	disk_size_gb=$( echo "$disk_size_1k" "$ratio" | awk '{print($1/$2)}' )
 
 	log_size_limit=$( echo "$disk_size_gb" "$percentage" | awk '{printf("%.0f", $1 * ($2/100))}')
 }