[feat] Add check for hardware requirements

2025-12-08 10:12:53 +01:00 · 2020-05-04 15:59:07 -04:00
parent d9dff52104
commit 6785b9e4d2
4 changed files with 61 additions and 2 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -357,6 +357,39 @@ checkin_at_boot() {
 	echo "startup_states: highstate" >> "$minion_config"
 }

+
+check_requirements() {
+	local eval_or_dist=$1
+	local node_type=$2 # optional
+	local req_mem
+	local req_cores
+	local nic_list
+	readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0"  | sed 's/ //g')"
+	local num_nics=${#nic_list[@]}
+
+	if [[ "$eval_or_dist" == 'eval' ]]; then
+		req_mem=12
+		req_cores=4
+		req_nics=2
+	elif [[ "$eval_or_dist" == 'dist' ]]; then
+		req_mem=8
+		req_cores=4
+		if [[ "$node_type" == 'sensor' ]]; then req_nics=2; else req_nics=1; fi
+	fi
+
+	if [[ $num_nics -lt $req_nics ]]; then
+		whiptail_requirements_error "NICs" "$num_nics" "$req_nics"
+	fi
+
+	if [[ $num_cpu_cores -lt $req_cores ]]; then
+		whiptail_requirements_error "cores" "$num_cpu_cores" "$req_cores"
+	fi
+	
+	if [[ $total_mem_hr -lt $req_mem ]]; then
+		whiptail_requirements_error "memory" "${total_mem_hr}GB" "${req_mem}GB"
+	fi
+}
+
 copy_master_config() {

 	# Copy the master config template to the proper directory
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -57,8 +57,6 @@ fi

 whiptail_install_type

-whiptail_patch_schedule
-
 if [ "$install_type" = 'EVAL' ]; then
 	is_node=true
 	is_master=true
@@ -89,6 +87,16 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then
 	is_helix=true
 fi

+if [[ $is_eval ]]; then
+	check_requirements "eval"
+elif [[ $is_distmaster || $is_minion ]]; then
+	check_requirements "dist"
+elif [[ $is_sensor && ! $is_eval ]]; then
+	check_requirements "dist" "sensor"
+fi
+
+whiptail_patch_schedule
+
 case "$setup_type" in
 	'iso')
 		whiptail_set_hostname
--- a/setup/so-variables
+++ b/setup/so-variables
@@ -3,6 +3,9 @@
 total_mem=$(grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//')
 export total_mem

+total_mem_hr=$(grep MemTotal /proc/meminfo | awk '{ printf("%.0f", $2/1024/1024); }')
+export total_mem_hr
+
 num_cpu_cores=$(nproc)
 export num_cpu_cores

--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -238,6 +238,21 @@ whiptail_create_web_user_password2() {

 }

+whiptail_requirements_error() {
+
+	local requirement_needed=$1
+	local current_val=$2
+	local needed_val=$3
+
+	[ -n "$QUIET" ] && return
+
+	whiptail --title "Security Onion Setup" \
+	--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Hit YES to continue anyway, or hit NO to cancel."  8 75
+
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+}
+
 whiptail_invalid_pass_warning() {

 	[ -n "$QUIET" ] && return