nagios installation in centos /fedora

Nagios Installation procedure in Fedora/CentOS

October 21, 2012 tapasmishra Leave a comment Go to comments

Nagios is a popular open source computer system monitor, network monitoring and infrastructure monitoring software application. Nagios offers complete monitoring and alerting for servers, switches, applications, and services and is considered the defacto industry standard in IT infrastructure monitoring. It watches hosts and services. It alerts users when things go wrong and alerts them again when those wrong things get better/resolved.
Prerequisites for the host Server.
During portions of the installation you’ll need to have root access to your machine.
Make sure you’ve installed the following packages on your Fedora installation before continuing.
Apache
PHP
GCC compiler
GD development libraries
You can use yum to install these packages by running the following commands (as root):
yum -y install httpd php gcc glibc glibc-common gd gd-devel
1) Create Account Information
Become the root user.
su -l
Create a new nagios user account and give it a password.
/usr/sbin/useradd -m nagios
passwd nagios
Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.
/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd apache
2) Download Nagios and the Plugins
Create a directory for storing the downloads.
mkdir ~/downloads
cd ~/downloads
Download the source code tarballs of both Nagios and the Nagios plugins (visit http://www.nagios.org/download/ for links to the latest versions). These directions were tested with Nagios 3.1.1 and Nagios Plugins 1.4.15.
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.3.tar.gz
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.15.tar.gz
3) Compile and Install Nagios
Extract the Nagios source code tarball.
cd ~/downloads
tar xzf nagios-3.2.3.tar.gz
cd nagios-3.2.3
Run the Nagios configure script, passing the name of the group you created earlier like so:
./configure –with-command-group=nagcmd
Compile the Nagios source code.
make all
Install binaries, init script, sample config files and set permissions on the external command directory.
make install
make install-init
make install-config
make install-commandmode
Don’t start Nagios yet – there’s still more that needs to be done…
4) Customize Configuration
Sample configuration files have now been installed in the /usr/local/nagios/etc directory. These sample files should work fine for getting started with Nagios. You’ll need to make just one change before you proceed…
Edit the /usr/local/nagios/etc/objects/contacts.cfg config file with your favorite editor and change the email address associated with the nagiosadmin contact definition to the address you’d like to use for receiving alerts.
vi /usr/local/nagios/etc/objects/contacts.cfg
5) Configure the Web Interface
Install the Nagios web config file in the Apache conf.d directory.
make install-webconf
Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account – you’ll need it later.
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
Restart Apache to make the new settings take effect.
service httpd restart
Note: Consider implementing the ehanced CGI security measures described here to ensure that your web authentication credentials are not compromised.
6) Compile and Install the Nagios Plugins
Extract the Nagios plugins source code tarball.
cd ~/downloads
tar xzf nagios-plugins-1.4.15.tar.gz
cd nagios-plugins-1.4.15
Compile and install the plugins.
./configure –with-nagios-user=nagios –with-nagios-group=nagios
make
make install
7) Start Nagios
Add Nagios to the list of system services and have it automatically start when the system boots.
chkconfig –add nagios
chkconfig nagios on
Verify the sample Nagios configuration files.
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
If there are no errors, start Nagios.
service nagios start
8) Modify SELinux Settings
Fedora ships with SELinux (Security Enhanced Linux) installed and in Enforcing mode by default. This can result in “Internal Server Error” messages when you attempt to access the Nagios CGIs.
See if SELinux is in Enforcing mode.
getenforce
Put SELinux into Permissive mode.
setenforce 0
To make this change permanent, you’ll have to modify the settings in /etc/selinux/config and reboot.
Instead of disabling SELinux or setting it to permissive mode, you can use the following command to run the CGIs under SELinux enforcing/targeted mode:
chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/
chcon -R -t httpd_sys_content_t /usr/local/nagios/share/
For information on running the Nagios CGIs under Enforcing mode with a targeted policy, visit the Nagios Support Portal or Nagios Community Wiki.
9) Login to the Web Interface
You should now be able to access the Nagios web interface at the URL below. You’ll be prompted for the username (nagiosadmin) and password you specified earlier.
http://localhost/nagios/
Click on the “Service Detail” navbar link to see details of what’s being monitored on your local machine. It will take a few minutes for Nagios to check all the services associated with your machine, as the checks are spread out over time.
10) Other Modifications
Make sure your machine’s firewall rules are configured to allow access to the web server if you want to access the Nagios interface remotely.
Configuring email notifications is out of the scope of this documentation. While Nagios is currently configured to send you email notifications, your system may not yet have a mail program properly installed or configured. Refer to your system documentation, search the web, or look to the Nagios Support Portal or Nagios Community Wiki for specific instructions on configuring your system to send email messages to external addresses. More information on notifications can be found here.
Then we have to install nrpe plugin to monitor the different linux host.
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.8.tar.gz
tar -zxf nrpe-2.8.tar.gz
cd nrpe-2.8
./configure
make all
Install the NRPE plugin.
make install-plugin
You’ll need to create a command definition in one of your Nagios object configuration files in order to use the
check_nrpe plugin. Open the sample commands.cfg file for editing…
vi /usr/local/nagios/etc/commands.cfg
and add the following definition to the file:
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
Remote Host Setup
/usr/sbin/useradd nagios && passwd nagios
Give a password for the nagios user.
Download and Install NRPE Plugins.
mkdir ~/downloads && cd ~/downloads && wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz
tar xzf nagios-plugins-1.4.11.tar.gz && cd nagios-plugins-1.4.11 && ./configure && make && make install
chown nagios.nagios /usr/local/nagios && chown -R nagios.nagios /usr/local/nagios/libexec
yum -y install xinetd
cd .. && wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.8.tar.gz && tar xzf nrpe-2.8.tar.gz && cd nrpe-2.8
./configure && make all && make install-plugin && make install-daemon && make install-daemon-config && make install-xinetd
vi /etc/xinetd.d/nrpe
only_from = 127.0.0.1
vi /etc/services
nrpe 5666/tcp # NRPE
service xinetd restart
iptables -I INPUT -p tcp –dport 5666 -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart
Edit the nrpe.cfg file to insert coustomize commands.
vi /usr/local/nagios/etc/nrpe.cfg
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20 -c 10 -p /dev/sda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
command[check_http]=/usr/local/nagios/libexec/check_http -H 127.0.0.1 -w 5 -c 10
command[check_swap]=/usr/local/nagios/libexec/check_swap -w 20 -c 10
Reference :http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html
http://tapasmishra.wordpress.com/2012/10/21/nagios-installation-procedure-in-fedoracentos/

Maldet Installation

Maldet Installation 

#wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
 
#tar -xzvf maldetect-current.tar.gz
 
#cd maldetect-*
 
#sh install.sh

 To scan :
#maldet --scan-all /home/*/public_html/

Regards,
Anzil Ali Liyakkath
Technical support
Myloth Technologies Pvt. Ltd.
Technical Wing: WebHostRepo Software Solutions

web:http://www.webhostrepo.com
twitter:http://twitter.com/webhostrepo
facebook:http://facebook.com/webhostreposs
linkedin:http://in.linkedin.com/in/webhostrepo

Upgrade Mysql, PHP in Kloxo.

Upgrade mysql
============
Check the  MySQL that already installed inside our kloxo.
# rpm -qa | grep -i mysql
Check the latest Mysql available for Kloxo
# yum check-update mysql-server
Upgrade mysql :
# yum update mysql-server

For upgrade PHP
==============
Check the server PHP latest version
# rpm -qa | grep -i php
Check the latest PHP version available
# yum check-update php
Upgrade PHP
# yum update php

Regards,
Anzil Ali Liyakkath
Technical support
Myloth Technologies Pvt. Ltd.
Technical Wing: WebHostRepo Software Solutions

web:http://www.webhostrepo.com
twitter:http://twitter.com/webhostrepo
facebook:http://facebook.com/webhostreposs
linkedin:http://in.linkedin.com/in/webhostrepo


 

SPF

WHM editing DNS zone for SPF

SECTION A - Create a custom SPF record
1. Go to http://spf.pobox.com/wizard.html and use their automated wizard to generate an appropriate SPF entry
2. Enter your domain name at the top of the wizard. If you are unfamiliar with your DNS configuration most PZ users should enter “Yes” to the four questions next to DARK GREEN bubbles (A, MX, PTR, and ALL). Leave the LIGHT GREEN text boxes alone.
(NOTE: If you send e-mail through your ISP’s outgoing mailserver, enter THEIR domain in the box next to the light green “include” bubble)
3. In the box at the bottom of the wizard will be a text string something like this:
 “v=spf1 a mx ptr ~all” Copy it down (including the quotation marks).

SECTION B - Modify your DNS Zone Entry
This section actually adds the SPF TXT record to your domains DNS zone. You will need access to the cPanel WHM (Web Host Manager).
4. Log in to your WHM account.
5. Click on “Edit a DNS Zone” under “DNS Functions”
6. Choose which domain you want to add a SPF record for from the box on the right.
7. The “Editing Zone” page will load, scroll down to “Add New Entries Below this Line”.
8. In the first clear box on the left (”domain”) write your fully qualified domain name
ie: yourdomain.tld.
(NOTE: The period at the END of the domain is NOT a mistake)
9. Leave “TTL” set to the default (14400)
10. Change “Record Type” to “TXT”
11. In the box to the right of TXT copy in your SPF string from SECTION A. If you skipped section A paste the following string into the box (include the quotation marks):
“v=spf1 a mx ptr ~all”
12. Click “Save” at the bottom of the page.
13. After a few moments you should get a message that Bind is reloading and that the zone has been modified.


SECTION C (optional) - Test your SPF Entry
 This site will let you run a fake validation test against your SPF entry to see if it’s formated correctly.
14. Wait ~4 hours for the zone to die and refresh:
15. Go to the SPF Test page at http://www.dnsstuff.com/pages/spf.htm
16. Enter an e-mail address from the domain you just modified in the top box and the IP Address of your SERVER in the bottom box (don’t use the IP the page auto-assigns you).
17. Click “Lookup”, if everything has been configured properly, you should get a “PASS” message. If you get a “Error: I could not get the SPF string…” message you need to wait longer for your previous zone entry to die.

uninstall Mailscanner

Here is how to uninstall Mailscanner completely and reverse the changes we made:

1. To remove MailScanner and the MailScanner Front-End, run these commands in shell as root:

cd /usr/mscpanel
sh uninstall.msfe.sh

cd /root
wget http://www.configserver.com/free/msinstall.tar.gz
tar -xzf msinstall.tar.gz
cd msinstall/
sh uninstall.sh

2. Remove the sare rules and MailScanner-specific SpamAssassin configuration files (in shell as root):

cd /etc/mail/spamassassin/
rm -fv *sare* configserver.cf mailscanner.cf

3. To remove the MailScanner Configuration icon from cPanel, go to WHM > Packages > Feature Manager. Edit the "disabled" Feature List and uncheck the box for MailScanner Configuration.

4. Remove the root cron jobs that run mscpanel.pl, sa_rules.sh (or rules_du_jour), and the cronjob that restarts clamd (in shell as root):

crontab -e

5. Remove the following lines (if they exist - they may or may not be there) from /scripts/postupcp:

#!/bin/sh
perl /usr/mscpanel/mscheck.pl

6. Reset Exim Configuration (if desired), in WHM > Exim Configuration Editor > Reset All Configs to Defaults. This is not required.

7. To remove our install of clamav, run these commands in shell as root:

killall clamd

/bin/rm -Rfv /usr/bin/clam*
/bin/rm -Rfv /usr/sbin/clam*
/bin/rm -Rfv /usr/lib/libclam*
/bin/rm -Rfv /usr/share/clam*
/bin/rm -Rfv /usr/include/clam*
/bin/rm -Rfv /usr/bin/freshclam*
/bin/rm -Rfv /usr/etc/clamav*
/bin/rm -Rfv /var/clamd

/bin/rm -Rfv /usr/local/bin/clam*
/bin/rm -Rfv /usr/local/sbin/clam*
/bin/rm -Rfv /usr/local/lib/libclam*
/bin/rm -Rfv /usr/local/share/clam*
/bin/rm -Rfv /usr/local/include/clam*
/bin/rm -Rfv /usr/local/bin/freshclam*
/bin/rm -Rfv /usr/local/etc/clamav*
/bin/rm -fv /etc/init.d/clamd
/bin/rm -fv /etc/cron.daily/freshclam
/bin/rm -fv /etc/cron.hourly/freshclam
/bin/rm -fv /etc/cron.d/freshclam

In WHM > Service Configuration > Service Manager > Additional Services uncheck both boxes for clamav.

You can then install clamavconnector via WHM > Manage Plugins if desired.

8. If you want to re-enable SpamAssassin through cPanel:

WHM > Tweak Settings > SpamAssassin > tick
WHM > Service Manager > spamd > tick both boxes
WHM > Feature Manager > Edit a Feature List > disabled > Edit > SpamAssassin and SpamAssassin Spam Box > tick
WHM > Feature Manager > Edit Feature List - edit any feature lists that you want to allow access to the SpamAssassin configuration in cPanel



Regards,
Anzil Ali Liyakkath
Technical support
Myloth Technologies Pvt. Ltd.
Technical Wing: WebHostRepo Software Solutions

web:http://www.webhostrepo.com
twitter:http://twitter.com/webhostrepo
facebook:http://facebook.com/webhostreposs
linkedin:http://in.linkedin.com/in/webhostrepo