CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

[feat] Add check for hardware requirements

Browse Source
This commit is contained in:
William Wernert
2020-05-04 15:59:07 -04:00
parent d9dff52104
commit 6785b9e4d2
4 changed files with 61 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
setup/so-functions
View File

@@ -357,6 +357,39 @@ checkin_at_boot() {
echo "startup_states: highstate" >> "$minion_config" echo "startup_states: highstate" >> "$minion_config"
} }
check_requirements() {
local eval_or_dist=$1
local node_type=$2 # optional
local req_mem
local req_cores
local nic_list
readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0" | sed 's/ //g')"
local num_nics=${#nic_list[@]}
if [[ "$eval_or_dist" == 'eval' ]]; then
req_mem=12
req_cores=4
req_nics=2
elif [[ "$eval_or_dist" == 'dist' ]]; then
req_mem=8
req_cores=4
if [[ "$node_type" == 'sensor' ]]; then req_nics=2; else req_nics=1; fi
fi
if [[ $num_nics -lt $req_nics ]]; then
whiptail_requirements_error "NICs" "$num_nics" "$req_nics"
fi
if [[ $num_cpu_cores -lt $req_cores ]]; then
whiptail_requirements_error "cores" "$num_cpu_cores" "$req_cores"
fi
if [[ $total_mem_hr -lt $req_mem ]]; then
whiptail_requirements_error "memory" "${total_mem_hr}GB" "${req_mem}GB"
fi
}
copy_master_config() { copy_master_config() {
# Copy the master config template to the proper directory # Copy the master config template to the proper directory

12
setup/so-setup
View File

@@ -57,8 +57,6 @@ fi
whiptail_install_type whiptail_install_type
whiptail_patch_schedule
if [ "$install_type" = 'EVAL' ]; then if [ "$install_type" = 'EVAL' ]; then
is_node=true is_node=true
is_master=true is_master=true
@@ -89,6 +87,16 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then
is_helix=true is_helix=true
fi fi
if [[ $is_eval ]]; then
check_requirements "eval"
elif [[ $is_distmaster || $is_minion ]]; then
check_requirements "dist"
elif [[ $is_sensor && ! $is_eval ]]; then
check_requirements "dist" "sensor"
fi
whiptail_patch_schedule
case "$setup_type" in case "$setup_type" in
'iso') 'iso')
whiptail_set_hostname whiptail_set_hostname

3
setup/so-variables
View File

@@ -3,6 +3,9 @@
total_mem=$(grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//') total_mem=$(grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//')
export total_mem export total_mem
total_mem_hr=$(grep MemTotal /proc/meminfo | awk '{ printf("%.0f", $2/1024/1024); }')
export total_mem_hr
num_cpu_cores=$(nproc) num_cpu_cores=$(nproc)
export num_cpu_cores export num_cpu_cores

15
setup/so-whiptail
View File

@@ -238,6 +238,21 @@ whiptail_create_web_user_password2() {
} }
whiptail_requirements_error() {
local requirement_needed=$1
local current_val=$2
local needed_val=$3
[ -n "$QUIET" ] && return
whiptail --title "Security Onion Setup" \
--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Hit YES to continue anyway, or hit NO to cancel." 8 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_invalid_pass_warning() { whiptail_invalid_pass_warning() {
[ -n "$QUIET" ] && return [ -n "$QUIET" ] && return