User Tools

Site Tools


nagios

INSTALL NAGIOS CORE

1.0 --- Install Nagios Server

Create a nagios user and nagcmd group. Then add the user to the group:

sudo useradd nagios
sudo groupadd nagcmd
sudo usermod -a -G nagcmd nagios
sudo usermod -a -G nagios,nagcmd www-data

Install required packages and prerequisites:

sudo apt-get install apache2 libapache2-mod-php7.2 wget curl build-essential libgd-dev openssl libssl-dev unzip php7.2 php7.2-gd

If Postfix is not installed; be sure to run the following commands:

sudo service sendmail stop; update-rc.d -f sendmail remove
sudo apt-get install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo
sudo nano /etc/postfix/master.cf
[...]
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
[...]
sudo service postfix restart

Download latest Nagios core release source code from here:

cd /tmp
curl -L -O https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.4.3.tar.gz
tar zxf nagios-*.tar.gz
rm -rf nagios-*.tar.gz
cd nagios-*

Configure, make file, then install

./configure --with-nagios-group=nagios --with-command-group=nagcmd --with-mail=/usr/sbin/sendmail
make all
sudo make install
sudo make install-commandmode
sudo make install-init
sudo make install-config

Configure Apache to serve Nagios' web interface

sudo /usr/bin/install -c -m 644 sample-config/httpd.conf /etc/apache2/conf-available/nagios.conf

Copy EventHandlers to Nagios' directory

sudo cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/
sudo chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers

1.1 --- Install Nagios Plugins

Download, Extract, Configure, Make, then finally Install

cd /tmp
curl -L -O https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz
tar zxf nagios-plugins*.tar.gz
rm -rf nagios-plugins*.tar.gz
cd nagios-plugins*
./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl
make
sudo make install

1.2 --- Install NRPE Server

Download, Extract, Configure, Make, then finally Install

cd /tmp
curl -L -O https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-3.2.1/nrpe-3.2.1.tar.gz
tar zxf nrpe-*.tar.gz
rm -rf nrpe-*.tar.gz
cd nrpe-*
./configure --enable-command-args
make check_nrpe
sudo make install-plugin

1.3 --- Configure Nagios

sudo mkdir -p /usr/local/nagios/etc/servers
sudo nano /usr/local/nagios/etc/nagios.cfg
[...]
cfg_dir=/usr/local/nagios/etc/servers        <--- Uncomment this
[...]
sudo nano /usr/local/nagios/etc/objects/contacts.cfg
[...]
email    your_email@your_domain.com;        <--- Change this to your email address
[...]
sudo nano /usr/local/nagios/etc/objects/commands.cfg
[...]
define command {
    command_name check_nrpe
    command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
[...]

For Apache2 web server

sudo a2enmod rewrite
sudo a2enmod cgi
sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
sudo nano /etc/apache2/conf-available/nagios.conf
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file.  Customize the paths, etc. as
# needed to fit your system.

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
   SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
#        Require all granted
#        Require host 127.0.0.1
         AuthName "Nagios Access"
         AuthType Basic
         AuthUserFile /usr/local/nagios/etc/htpasswd.users
         Require valid-user
      </RequireAll>
   </IfVersion>
   <IfVersion < 2.3>
#     Order allow,deny
#     Allow from all
      Order deny,allow
      Deny from all
      Allow from 127.0.0.1 118.179.43.233 rpi.tiger-park.com
      AuthName "Nagios Access"
      AuthType Basic
      AuthUserFile /usr/local/nagios/etc/htpasswd.users
      Require valid-user
   </IfVersion>
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
   SSLRequireSSL
   Options None
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
#        Require all granted
#        Require host 127.0.0.1
         AuthName "Nagios Access"
         AuthType Basic
         AuthUserFile /usr/local/nagios/etc/htpasswd.users
         Require valid-user
      </RequireAll>
   </IfVersion>
   <IfVersion < 2.3>
#     Order allow,deny
#     Allow from all
      Order deny,allow
      Deny from all
      Allow from 127.0.0.1 118.179.43.233 rpi.tiger-park.com
      AuthName "Nagios Access"
      AuthType Basic
      AuthUserFile /usr/local/nagios/etc/htpasswd.users
      Require valid-user
   </IfVersion>
</Directory>

Now lets enable the Nagios configuration, start Nagios core and restart Apache2:

sudo a2enconf nagios.conf
sudo systemctl start nagios
sudo systemctl enable nagios
sudo systemctl restart apache2

2.0 --- NRPE Server on Host/Client

sudo useradd nagios
sudo usermod -a -G nagios nagios
sudo apt-get install wget curl build-essential unzip openssl libssl-dev libgd-dev php-gd

2.1 --- Nagios Plugins on Host/Client

cd /tmp
curl -L -O nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz
tar zxf nagios-plugins*.tar.gz
rm -rf nagios-plugins*.tar.gz
cd nagios-plugins*
./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl
make
sudo make install

2.2 --- Install NRPE

cd /tmp
curl -L -O github.com/NagiosEnterprises/nrpe/releases/download/nrpe-3.2.1/nrpe-3.2.1.tar.gz
tar zxf nrpe-*.tar.gz
rm -rf nrpe-*.tar.gz
cd nrpe-*
./configure --enable-command-args
make all
sudo make install
sudo make install-config
sudo make install-init

2.3 --- Configure NRPE

sudo nano /usr/local/nagios/etc/nrpe.cfg

Change the following:

[...]
listen_queue_size=10
[...]
allowed_hosts=127.0.0.1,::1,118.179.43.233,rpi.tiger-park.com
[...]
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -r -w 1.60,1.55,1.50 -c 2.10,2.05,2.00
command[check_disk]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/xvda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
command[check_http]=/usr/local/nagios/libexec/check_http -H buetgraduatesclub.com -I 13.127.29.141
command[check_apache]=/usr/local/nagios/libexec/check_procs -w 3: -c 1: -C apache2
command[check_odoo]=/usr/local/nagios/libexec/check_procs -w 3: -c 1: -a odoo
command[check_ssh]=/usr/local/nagios/libexec/check_ssh buetgraduatesclub.com
command[check_nrpe_serv]=/usr/local/nagios/libexec/check_procs -c 1: -C nrpe
command[check_munin_node]=/usr/local/nagios/libexec/check_procs -c 1: -C munin-node
[...]

Start NRPE Server, and enable for boot:

sudo systemctl start nrpe.service
sudo systemctl enable nrpe.service

3.0 --- Configure Nagios on Server

First we check if we can reach the host from the server:

/usr/local/nagios/libexec/check_nrpe -H <remote_host_IP>

If you get ssl error or other errors, try adding -n:

/usr/local/nagios/libexec/check_nrpe -H <remote_host_IP> -n

This happens if either or both Nagios or NRPE server/client was not configured properly with OpenSSL.

Now we add the server to be monitored with Nagios:

sudo nano /usr/local/nagios/etc/servers/<remote_server_name>.cfg
define host {
        use                             linux-server
        host_name                       bgcl
        alias                           BUET Graduates Club
        address                         buetgraduatesclub.com
        max_check_attempts              5
        check_period                    24x7
        notification_interval           15
        notification_period             24x7
        contact_groups                  admins
        contacts                        bgcl
}

define service {
        use                             generic-service
        host_name                       bgcl
        service_description             CPU load
        check_command                   check_nrpe!check_load
}

define service {
        use                             generic-service
        host_name                       bgcl
        service_description             Disk free space
        check_command                   check_nrpe!check_disk
}

define service {
        use                             generic-service
        host_name                       bgcl
        service_description             HTTP
        check_command                   check_nrpe!check_http
}

define service {
        use                             generic-service
        host_name                       bgcl
        service_description             Apache2 Service
        check_command                   check_nrpe!check_apache
}
define service {
        use                             generic-service
        host_name                       bgcl
        service_description             Odoo-Server
        check_command                   check_nrpe!check_odoo
}

define service {
        use                             generic-service
        host_name                       bgcl
        service_description             SSH Service
        check_command                   check_nrpe!check_ssh
}

define service {
        use                             generic-service
        host_name                       bgcl
        service_description             NRPE Server
        check_command                   check_nrpe!check_nrpe_serv
}

define service {
        use                             generic-service
        host_name                       bgcl
        service_description             Munin Node
        check_command                   check_nrpe!check_munin_node
}

define service {
        use                             generic-service
        host_name                       bgcl
        service_description             Total Processes
        check_command                   check_nrpe!check_total_procs
}

define service {
        use                             generic-service
        host_name                       bgcl
        service_description             Zombie Processes
        check_command                   check_nrpe!check_zombie_procs
}

3.1 --- User/Group Permissions

Apache2 nagios.conf file:

sudo nano /etc/apache2/conf-available/nagios.conf

Adjust the following:

[...]
#Require all granted
#Require host 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
[...]
#Order allow,deny
#Allow from all
Order deny,allow
Deny from all
Allow from 127.0.0.1 118.179.43.233 rpi.tiger-park.com
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
[...]

Add a view only user, in our case it will be palace:

sudo htpasswd /usr/local/nagios/etc/htpasswd.users palace

The following options should be set:

sudo nano /usr/local/nagios/etc/cgi.cfg
[...]use_authentication=1
authorized_for_read_only=palace
[...]

Next we should add the user to the contacts, and contact_groups:

sudo nano /usr/local/nagios/etc/objects/contacts.cfg
[...]
define contact {

    contact_name            palace                  ; Short name of user
    use                     generic-contact         ; Inherit default values fr$
    alias                   Palace User             ; Full name of user
    email                   ziibii88@live.com       ; Email address of user
}
[...]
define contactgroup {

    contactgroup_name       view-only
    alias                   View Only Users
    members                 bgcl,ieb,palace
}

Now make sure the contacts or contact_groups are added properly to servers:
<code>sudo nano /usr/local/nagios/etc/servers/<remote_server_name>.cfg
define host {
        use                             linux-server
        host_name                       palace
        alias                           Palace Group BD
        address                         13.250.96.39
        max_check_attempts              5
        check_period                    24x7
        notification_interval           15
        notification_period             24x7
        contact_groups                  admins
        contacts                        palace
}

define service {
        use                             generic-service
        host_name                       palace
        service_description             CPU load
        check_command                   check_nrpe!check_load
}
[...]

Check if Nagios configuration files are okay:

sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Then restart nagios:

sudo systemctl restart nagios

4.0 --- Change default page

Instead of landing on home after login in, we can change the page like this:

sudo nano /usr/local/nagios/share/index.php
<?php
// Allow specifying main window URL for permalinks, etc.
$url = '/nagios/cgi-bin/status.cgi?host=all';
[...]

Then restart nagios:

sudo systemctl restart nagios

References

nagios.txt · Last modified: 2019/01/29 01:10 by pi