Table of Contents
Nagios Core Installation
Preface
This document will describe how to install NagiosCore on CentOS 6.5. I will use Basic Server installation of mentioned OS.
Described installation can be used at most Red Hat like distributions of Linux without too many changes.
In the case that you are using not Red Hat like distribution (Debian, …buntu, Slackware, ArchLinux, Suse, ….) I hope that this document will help you to understand relations.
In the case that you’ll to flow all steps describe in this document, I hope that at the end of this document you will have fully working Nagios Core instance.
Before we’ll start
Update your system
To be honest it is only some kind of best practice to keep your system up to date. According to this it is better to do it before we’ll start the installation.
# yum -y update # This will update all already installed packages. (Internet access is required) # reboot # Sometime during the update is done as well update of kernel, according to this reboot is recurred
Software that we’ll need
At this point we’ll need to install additional software that will be needed during the installation of Nagios Core.
# yum -y install httpd # yum -y install php # yum -y install net-snmp # yum -y install net-snmp-utils # yum -y install openssl # yum -y install gcc # yum -y install gd # yum -y install gd-devel # yum -y install glibc # yum -y install glibc-common # yum -y install make # yum -y install openssl-devel # yum -y install gnutls # yum -y install unzip # yum -y install wget # It is not recurred, but it can make the life easier. It's used for downloading files based on URL. # yum -y install screen # It is not recurred, but it can make the life easier. It's used for running multiple consoles. # yum -y install mc # It is not recurred, but it can make the life easier. It's used as user CLI
OS User for Nagios Core
Nagios and all his plugins will be installed with “nagios” user rights. In this way it is possible to install Nagios demon root OSrights.
It is required to create an additional user group “nagcmd” for running web based application.
User group “nagcmd” shall include just user “nagios” and user running web service (in our case Apache demon).
User Group for Nagios Core
# groupadd nagios # Create new user group for user "nagios" # groupadd nagcmd # Create new user group for user "nagios" and "apache"
# groupadd -g <Group_ID> nagios # groupadd -g <Group_ID> nagcmd
User Account for Nagios Core
# useradd -g nagios -G nagcmd -d /home/nagios -c "Nagios Admin" nagios # Create new OS user used at Nagios Core demon
”# useradd -u <User_ID> -g nagios -G nagcmd -d /home/nagios -c “Nagios Admin” nagios”
Verification of User configuration
To validate the configuration please run this commands:
# grep "nag" /etc/group # Command to Check Group
nagios:x:50001: # Expected result
nagcmd:x:50002:nagios # Expected result
# grep "nag" /etc/passwd # Command to Check User
nagios:x:50001:50001:Nagios Admin:/home/nagios:/bin/bash # Expected result
# ls -al /home/ # Command to Check Home Directory
drwx------ 2 nagios nagios 4096 Jan 5 13:57 nagios # Expected result
Web Server User
Nagios Core is using web interface for presenting the status of monitored infrastructure. In this case we will use standard Apache web server for running Nagios Core CGI scripts.
According to this it is required to enable Apache to access all requested CGI scripts of Nagios Core. This requires to add “User” that is running Apache demon in same user group as it is used for maintaining of Nagios Core CGI scripts.
Who is running the web server
# find / -name httpd.conf # Search for main configuration file of Apache web server
/etc/httpd/conf/httpd.conf # Path to main config file of Apache web server
# grep "^User" /etc/httpd/conf/httpd.conf # Search for user running Apache web server
User apache # In this case the user is called "apache"
Assign apache user to nagcmd user group
# usermod -G nagcmd apache # Include "apache" user in to "nagcmd" user group
Verification of User configuration
To validate the configuration please run this commands:
# grep "nag" /etc/group # Check actual configuration of the nagios related groups
nagcmd:x:50002:nagios,apache # The user "nagios" and "apache" belong to "nagcmd: group
nagios:x:50001 # The user "nagios" has as well his own user group.
Security
Lock User Account
To prevent “nagios” user to log on the OS with password we'll lock the user account password:
# usermod -L nagios # Lock User's password
Iptables
At most of Linux distribution it is possible to find iptables application that is managing local firewall of the OS (it can much more, but the most common use of it is to manage local firewall).
According to this it is required to edit the iptable rules to enable access to Web GUI of our Nagios Core server.
Update the iptables config:
# cat /etc/sysconfig/iptables # iptables config file # Generated by iptables-save v1.4.7 on Mon Jul 7 15:56:20 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1260:592630] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -s 10.0.0.0/8 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT # Add this line to your config -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Reload the firewall configuration.
# /etc/init.d/iptables reload
In my example it is enabled to access port TCP/80 of Nagios Core server only from IP’s from sublet 10.0.0.0/8
SELinux
This document is too sort to speak about the SELinux and how to configure Nagios to use it. According to this I will come back to this later.
For now I would propose to disable to SELinux.
Edit the config file:
# cat /etc/selinux/config # Config File # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. ##SELINUX=enforcing # Default configuration, please comment it with “#” SELINUX=disabled # Disabling SELinux # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
Disable it immediately:
# setenforce 0
Instalation of Nagios Core
At the time of writing this document last stable release of Nagios Core was 4.0.7 . According to this I would like to focus on the last release of Nagios Core in this document. On another hand I think that you can use same installation steps for any Nagios Core release.
Download Nagios Core
# mkdir /usr/src/NagiosCore # Create directory for downloading of Nagios Core Source code # cd /usr/src/NagiosCore/ # Change directory where the source files will be stored # wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.7.tar.gz # Download source of Nagios Core
After successful download of source files you shall be able to see:
# ll /usr/src/NagiosCore total 1756 -rw-r--r--. 1 root root 1798034 Jun 3 14:51 nagios-4.0.7.tar.gz
Make the source code ready for installation
In general it is not required to install Nagios Core in to “/opt/” directory. In the case that you are familiar with NagiosXI you know that it is installing his files across the whole file system.
On another hand I personally prefer to install application in to “/opt” directory to keep the file system clean.
# cd /usr/src/NagiosCore # Change directory to location of Nagios Core source # tar -vxzf nagios-4.0.7.tar.gz # Un-zip & Un-tar the compressed Nagios Core source # mkdir /opt/nagios-4.0.7 # Create directory where will be Nagios Core installed
Configure Nagios Core source
# cd /usr/src/NagiosCore/nagios-4.0.7 # Change directory to Un-compressed source data of Nagios Core # ./configure \ --prefix=/opt/nagios-4.0.7/ \ --exec-prefix=/opt/nagios-4.0.7/ \ --datadir=/opt/nagios-4.0.7/doc/ \ --sysconfdir=/opt/nagios-4.0.7/etc \ --localstatedir=/opt/nagios-4.0.7/var \ --with-nagios-user=nagios \ --with-nagios-group=nagios \ --with-command-user=nagios \ --with-command-group=nagcmd \ --enable-FEATURE=yes \ --enable-nanosleep \ --enable-event-broker \ --enable-embedded-perl \ --with-perlcache \ --enable-libtap # Configure Nagios Core source code for compilation
/usr/src/NagiosCore/nagios-4.0.7/configure –help
After successful configuration of Nagios Core source was done you shall see:
*** Configuration summary for nagios 4.0.7 06-03-2014 ***:
General Options:
-------------------------
Nagios executable: nagios
Nagios user/group: nagios,nagios
Command user/group: nagios,nagcmd
Event Broker: yes
Install ${prefix}: /opt/nagios-4.0.7
Install ${includedir}: /opt/nagios-4.0.7/include/nagios
Lock file: /opt/nagios-4.0.7/var/nagios.lock
Check result directory: /opt/nagios-4.0.7/var/spool/checkresults
Init directory: /etc/rc.d/init.d
Apache conf.d directory: /etc/httpd/conf.d
Mail program: /bin/mail
Host OS: linux-gnu
IOBroker Method: epoll
Web Interface Options:
------------------------
HTML URL: http://localhost/nagios/
CGI URL: http://localhost/nagios/cgi-bin/
Traceroute (used by WAP): /bin/traceroute
Review the options above for accuracy. If they look okay,
type 'make all' to compile the main program and CGIs.
Compilation and Installation
Please run this commands and observer the messages if there will not be any error. I have successfully tested it several times.
# make all # Compile Nagios Core source # make install # Install the basic Nagios Core # make install-init # Install init script in to /etc/rc.d/init.d # make install-commandmode # Install and configures permissions on the directory for external command file # make install-config # Install sample config files in /opt/nagios-4.0.7/etc # make install-webconf # This will update the apache config
Start Nagios at Boot time
# chkconfig --add nagios # Register Nagios Core rc scripts # chkconfig --level 345 nagios on # Configure Nagios Core to run at run-level 345 # chkconfig --level 345 httpd on # Configure Apache to run at run-level 345
After successful configuration of startup scripts you shall see
# chkconfig --list | grep -e httpd -e nagios httpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off nagios 0:off 1:off 2:off 3:on 4:on 5:on 6:off
Web Interface
Nagios Core is using Apache web server for providing web GUI. According to this we need to check the configuration of Nagios and Apache. It is required as well to configure account that will be used for accessing mentioned web GUI.
Check Nagios Config:
# grep use_authentication /opt/nagios-4.0.7/etc/cgi.cfg use_authentication=1 # 1 = enabled authentication ; 0 = disabled authentication
Check Apache Config:
# grep Auth /etc/httpd/conf.d/nagios.conf AuthName "Nagios Access" AuthType Basic # This allows the file basic authentication AuthUserFile /opt/nagios-4.0.7/etc/htpasswd.users # This is location of encrypted login and password AuthName "Nagios Access" AuthType Basic # This allows the file basic authentication AuthUserFile /opt/nagios-4.0.7/etc/htpasswd.users # This is location of encrypted login and password
Configure Web GUI User:
# htpasswd -c /opt/nagios-4.0.7/etc/htpasswd.users nagiosadmin # Configure Nagios Core Web GUI user (in this case it is "nagiosadmin" as it si default configured account at Nagios Core) New password: # Use you secret password Re-type new password: # Use you secret password Adding password for user system # chown apache:apache /opt/nagios-4.0.7/etc/htpasswd.users # Change owner of file with accounts to Apache # chmod 600 /opt/nagios-4.0.7/etc/htpasswd.users # Configure access rights to file with logins
Start Nagios Core
At this point you Nagios Core is installed. According to this you shall be able to start the service
# /etc/init.d/nagios start # Start Nagios Core Service # /etc/init.d/httpd start # Start Apache Web Browser
and access the web GUI:
http://<IP_OF_YOUR_SERVER>/nagios # URL for accessing the Nagios Core Web GUI
# You will be asked for Loggin/Password
The reason for this is that Nagios is designed as a framework. In this case it mean that all monitoring scripts are delivered independently of Nagios Core.
According to this I will write next document about installation of “Nagios Plugins” (set of most used monitoring scripts that will help you to start the monitoring your infrastructure).
URL's
Homepage of Nagios Core: http://www.nagios.org
Main download web sit: http://www.nagios.org/download
Main Nagios Core download web site: http://www.nagios.org/download/core/
Main Plugins download web page: http://www.nagios.org/download/plugins/
Main Addons download web page: http://www.nagios.org/download/addons/
