CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-23 09:23:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Setup - Set cur_close_days and log_size_limit

Browse Source
This commit is contained in:
Wes Lambert
2018-12-05 13:06:29 +00:00
parent 0f0adb6c4b
commit 4c67695cd0
1 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
so-setup-network.sh
View File

@@ -22,6 +22,7 @@ NICS=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2 " \"
CPUCORES=$(cat /proc/cpuinfo | grep processor | wc -l) CPUCORES=$(cat /proc/cpuinfo | grep processor | wc -l)
LISTCORES=$(cat /proc/cpuinfo | grep processor | awk '{print $3 " \"" "core" "\""}') LISTCORES=$(cat /proc/cpuinfo | grep processor | awk '{print $3 " \"" "core" "\""}')
RANDOMUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) RANDOMUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)
NODE_ES_PORT="9200"
# End Global Variable Section # End Global Variable Section
@@ -393,6 +394,16 @@ get_filesystem_nsm(){
FSNSM=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') FSNSM=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
} }
get_log_size_limit() {
DISK_SIZE_K=`df /nsm |grep -v "^Filesystem" | awk '{print $2}'`
PERCENTAGE=85
DISK_SIZE=DISK_SIZE_K*1000
PERCENTAGE_DISK_SPACE=`echo $(($DISK_SIZE*$PERCENTAGE/100))`
LOG_SIZE_LIMIT=$(($PERCENTAGE_DISK_SPACE/1000000000))
}
get_filesystem_root(){ get_filesystem_root(){
FSROOT=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') FSROOT=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
} }
@@ -536,6 +547,9 @@ node_pillar() {
echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $TMP/$HOSTNAME.sls echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $TMP/$HOSTNAME.sls
echo " es_shard_count: $SHARDCOUNT" >> $TMP/$HOSTNAME.sls echo " es_shard_count: $SHARDCOUNT" >> $TMP/$HOSTNAME.sls
echo " node_type: $NODETYPE" >> $TMP/$HOSTNAME.sls echo " node_type: $NODETYPE" >> $TMP/$HOSTNAME.sls
echo " es_port: $NODE_ES_PORT" >> $TMP/$HOSTNAME.sls
echo " log_size_limit: $LOG_SIZE_LIMIT" >> $TMP/$HOSTNAME.sls
echo " cur_close_days: $CURCLOSEDAYS" >> $TMP/$HOSTNAME.sls
} }
@@ -928,6 +942,16 @@ whiptail_check_exitstatus() {
} }
whiptail_cur_close_days() {
CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \
"Please specify the threshold (in days) at which Elasticsearch indices will be closed" 10 60 $CURCLOSEDAYS 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_homenet_master() { whiptail_homenet_master() {
# Ask for the HOME_NET on the master # Ask for the HOME_NET on the master
@@ -975,6 +999,18 @@ whiptail_install_type() {
} }
whiptail_log_size_limit() {
LOG_SIZE_LIMIT=$(whiptail --title "Security Onion Setup" --inputbox \
"Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \
By default, this is set to 85% of the disk space allotted for /nsm." 10 60 $LOG_SIZE_LIMIT 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_management_nic() { whiptail_management_nic() {
MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 78 12 ${NICS[@]} 3>&1 1>&2 2>&3 ) MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 78 12 ${NICS[@]} 3>&1 1>&2 2>&3 )
@@ -1504,11 +1540,13 @@ if (whiptail_you_sure); then
NSMSETUP=BASIC NSMSETUP=BASIC
NIDS=Suricata NIDS=Suricata
BROVERSION=ZEEK BROVERSION=ZEEK
CURCLOSEDAYS=30
whiptail_make_changes whiptail_make_changes
clear_master clear_master
mkdir -p /nsm mkdir -p /nsm
get_filesystem_root get_filesystem_root
get_filesystem_nsm get_filesystem_nsm
get_log_size_limit
get_main_ip get_main_ip
# Add the user so we can sit back and relax # Add the user so we can sit back and relax
echo "" echo ""
@@ -1549,6 +1587,10 @@ if (whiptail_you_sure); then
whiptail_management_server whiptail_management_server
whiptail_master_updates whiptail_master_updates
set_updates set_updates
get_log_size_limit
whiptail_log_size_limit
CURCLOSEDAYS=30
whiptail_cur_close_days
es_heapsize es_heapsize
ls_heapsize ls_heapsize
whiptail_node_advanced whiptail_node_advanced