From 4c67695cd05b270d39cfdc03d05be1995052d298 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 5 Dec 2018 13:06:29 +0000 Subject: [PATCH] Setup - Set cur_close_days and log_size_limit --- so-setup-network.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/so-setup-network.sh b/so-setup-network.sh index 21179a18d..5e46412c7 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -22,6 +22,7 @@ NICS=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2 " \" CPUCORES=$(cat /proc/cpuinfo | grep processor | wc -l) LISTCORES=$(cat /proc/cpuinfo | grep processor | awk '{print $3 " \"" "core" "\""}') RANDOMUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) +NODE_ES_PORT="9200" # End Global Variable Section @@ -393,6 +394,16 @@ get_filesystem_nsm(){ FSNSM=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') } +get_log_size_limit() { + + DISK_SIZE_K=`df /nsm |grep -v "^Filesystem" | awk '{print $2}'` + PERCENTAGE=85 + DISK_SIZE=DISK_SIZE_K*1000 + PERCENTAGE_DISK_SPACE=`echo $(($DISK_SIZE*$PERCENTAGE/100))` + LOG_SIZE_LIMIT=$(($PERCENTAGE_DISK_SPACE/1000000000)) + +} + get_filesystem_root(){ FSROOT=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') } @@ -536,6 +547,9 @@ node_pillar() { echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $TMP/$HOSTNAME.sls echo " es_shard_count: $SHARDCOUNT" >> $TMP/$HOSTNAME.sls echo " node_type: $NODETYPE" >> $TMP/$HOSTNAME.sls + echo " es_port: $NODE_ES_PORT" >> $TMP/$HOSTNAME.sls + echo " log_size_limit: $LOG_SIZE_LIMIT" >> $TMP/$HOSTNAME.sls + echo " cur_close_days: $CURCLOSEDAYS" >> $TMP/$HOSTNAME.sls } @@ -928,6 +942,16 @@ whiptail_check_exitstatus() { } +whiptail_cur_close_days() { + + CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \ + "Please specify the threshold (in days) at which Elasticsearch indices will be closed" 10 60 $CURCLOSEDAYS 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + whiptail_homenet_master() { # Ask for the HOME_NET on the master @@ -975,6 +999,18 @@ whiptail_install_type() { } +whiptail_log_size_limit() { + + LOG_SIZE_LIMIT=$(whiptail --title "Security Onion Setup" --inputbox \ + "Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \ + By default, this is set to 85% of the disk space allotted for /nsm." 10 60 $LOG_SIZE_LIMIT 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + + whiptail_management_nic() { MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 78 12 ${NICS[@]} 3>&1 1>&2 2>&3 ) @@ -1504,11 +1540,13 @@ if (whiptail_you_sure); then NSMSETUP=BASIC NIDS=Suricata BROVERSION=ZEEK + CURCLOSEDAYS=30 whiptail_make_changes clear_master mkdir -p /nsm get_filesystem_root get_filesystem_nsm + get_log_size_limit get_main_ip # Add the user so we can sit back and relax echo "" @@ -1549,6 +1587,10 @@ if (whiptail_you_sure); then whiptail_management_server whiptail_master_updates set_updates + get_log_size_limit + whiptail_log_size_limit + CURCLOSEDAYS=30 + whiptail_cur_close_days es_heapsize ls_heapsize whiptail_node_advanced