######################################################## ### Installation of Nagios and NConf on Ubuntu 12.04 LTS ######################################################## ### Ensure you have the correct time on your server. root@instructor01:/# dpkg-reconfigure tzdata ### Ensure that the /etc/apt/sources.list file conmtains the links below. ### Open the file with your favourite editor and edit it. root@instructor01:/# vi /etc/apt/sources.list deb http://archive.ubuntu.com/ubuntu precise main restricted universe deb http://archive.ubuntu.com/ubuntu precise-updates main restricted universe deb http://security.ubuntu.com/ubuntu precise-security main restricted universe multiverse deb http://archive.canonical.com/ubuntu precise partner #deb http://ubuntu.mirror.ac.ke/ubuntu/ precise main #deb-src http://ubuntu.mirror.ac.ke/ubuntu/ precise main ######################### ### Installation of Nagios ######################### root@instructor01:/# apt-get update root@instructor01:/# apt-get install nagios3-cgi ### Remember to input a password for the nagiosadmin user when prompted. root@instructor01:/# apt-get install nagios3 ### Access nagios on the web browser http://ip-address/nagios3 ### Input the username nagiosadmin and the password configured above. ########################## ###Installation of NConf ########################## ### Install the Requirements root@instructor01:/# apt-get install php5-mysql mysql-server libdbi-perl libdbd-mysql-perl ### Remember to input the root password for mysql when prompted. ### php.ini settings: Ensure the following is in the php.ini file. root@instructor01:/# vi /etc/php5/cli/php.ini * short_open_tag = On * register_globals = Off * magic_quotes_gpc = Off ### Download and unpack the NConf archive to your webserver's document root folder. root@instructor01:~# wget http://sourceforge.net/projects/nconf/files/nconf/1.3.0-0/nconf-1.3.0-0.tgz/download root@instructor01:~# ls -lh total 488K -rw-r--r-- 1 root root 481K Dec 10 2011 download root@instructor01:~# mv -vf download nconf-1.3.0-0.tgz `download' -> `nconf-1.3.0-0.tgz' root@instructor01:~# ls nconf-1.3.0-0.tgz root@instructor01:~# tar -xvf nconf-1.3.0-0.tgz root@instructor01:~# ls -lh total 492K drwxr-xr-x 14 root root 4.0K Dec 10 2011 nconf -rw-r--r-- 1 root root 481K Dec 10 2011 nconf-1.3.0-0.tgz root@instructor01:~# cd nconf root@instructor01:~/nconf# root@instructor01:~# cp -rv /root/nconf /var/www/. root@instructor01:~# ls -lh /var/www/ total 8.0K -rw-r--r-- 1 root root 177 Jul 24 15:33 index.html drwxr-xr-x 14 root root 4.0K Aug 14 11:02 nconf ### Set permissions: Make sure the following directories are writable for your webserver user: ./config ./output ./static_cfg ./temp #### Notice that the webserver user is www-data and the above directories are #### all owned by root and have the 755 permissions as shown below. root@instructor01:~# pwd /root root@instructor01:~# cd /var/www/nconf/ ### Be sure of the the username of the webserver. root@instructor01:/var/www/nconf# cat /etc/passwd | grep www www-data:x:33:33:www-data:/var/www:/bin/sh ### Check permissions. root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/ | grep config drwxr-xr-x 2 root root 4.0K Aug 14 11:02 config drwxr-xr-x 2 root root 4.0K Aug 14 11:02 config.orig -rw-r--r-- 1 root root 5.3K Aug 14 11:02 generate_config.php root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/ | grep output drwxr-xr-x 2 root root 4.0K Aug 14 11:02 output root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/ | grep static_cfg drwxr-xr-x 2 root root 4.0K Aug 14 11:02 static_cfg root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/ | grep temp drwxr-xr-x 3 root root 4.0K Aug 14 11:02 design_templates drwxr-xr-x 2 root root 4.0K Aug 14 11:02 temp root@instructor01:/var/www/nconf# ### Change Permissions root@instructor01:/var/www/nconf# chown -R www-data:www-data /var/www/nconf/config root@instructor01:/var/www/nconf# chown -R www-data:www-data /var/www/nconf/output root@instructor01:/var/www/nconf# chown -R www-data:www-data /var/www/nconf/static_cfg root@instructor01:/var/www/nconf# chown -R www-data:www-data /var/www/nconf/temp root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/ | grep config drwxr-xr-x 2 www-data www-data 4.0K Aug 14 11:02 config drwxr-xr-x 2 root root 4.0K Aug 14 11:02 config.orig -rw-r--r-- 1 root root 5.3K Aug 14 11:02 generate_config.php root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/ | grep output drwxr-xr-x 2 www-data www-data 4.0K Aug 14 11:02 output root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/ | grep static_cfg drwxr-xr-x 2 www-data www-data 4.0K Aug 14 11:02 static_cfg root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/ | grep temp drwxr-xr-x 3 root root 4.0K Aug 14 11:02 design_templates drwxr-xr-x 2 www-data www-data 4.0K Aug 14 11:02 temp root@instructor01:/var/www/nconf# ### Run mysql_secure_installation to remove some default settings. root@instructor01:/var/www/nconf# /usr/bin/mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation. You already have a root password set, so you can safely answer 'n'. Change the root password? [Y/n] n ... skipping. By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL! root@instructor01:/var/www/nconf# ### Create a new MySQL database for NConf, create a user to access the database, grant the appropriate privileges (make sure InnoDB for MySQL is set up properly prior to creating the database). root@instructor01:/var/www/nconf# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 50 Server version: 5.5.32-0ubuntu0.12.04.1 (Ubuntu) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show engines; +--------------------+---------+----------------------------------------------------------------+--------------+------+------------+ | Engine | Support | Comment | Transactions | XA | Savepoints | +--------------------+---------+----------------------------------------------------------------+--------------+------+------------+ | MRG_MYISAM | YES | Collection of identical MyISAM tables | NO | NO | NO | | CSV | YES | CSV storage engine | NO | NO | NO | | FEDERATED | NO | Federated MySQL storage engine | NULL | NULL | NULL | | BLACKHOLE | YES | /dev/null storage engine (anything you write to it disappears) | NO | NO | NO | | MEMORY | YES | Hash based, stored in memory, useful for temporary tables | NO | NO | NO | | MyISAM | YES | MyISAM storage engine | NO | NO | NO | | ARCHIVE | YES | Archive storage engine | NO | NO | NO | | PERFORMANCE_SCHEMA | YES | Performance Schema | NO | NO | NO | | InnoDB | DEFAULT | Supports transactions, row-level locking, and foreign keys | YES | YES | YES | +--------------------+---------+----------------------------------------------------------------+--------------+------+------------+ 9 rows in set (0.00 sec) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | +--------------------+ 3 rows in set (0.00 sec) mysql> CREATE DATABASE nconf; Query OK, 1 row affected (0.00 sec) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | nconf | | performance_schema | +--------------------+ 4 rows in set (0.00 sec) mysql> CREATE USER 'nconfadmin'@'localhost' IDENTIFIED BY 'nc0nfP@55W0rD'; Query OK, 0 rows affected (0.00 sec) mysql> GRANT ALL ON nconf.* TO 'nconfadmin'@'localhost' IDENTIFIED BY 'nc0nfP@55W0rD'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> exit Bye root@instructor01:/var/www/nconf# root@instructor01:/var/www/nconf# mysql -u nconfadmin -p nconf < /var/www/nconf/INSTALL/create_database.sql Enter password: root@instructor01:/var/www/nconf# mysql -u nconfadmin -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 65 Server version: 5.5.32-0ubuntu0.12.04.1 (Ubuntu) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use nconf; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +-----------------+ | Tables_in_nconf | +-----------------+ | ConfigAttrs | | ConfigClasses | | ConfigItems | | ConfigValues | | History | | ItemLinks | +-----------------+ 6 rows in set (0.00 sec) mysql> exit Bye root@instructor01:/var/www/nconf# ### Configure NConf: Copy the contents of ./config.orig to ./config. Make sure you also copy the hidden files. root@instructor01:/var/www/nconf# cp -arv /var/www/nconf/config.orig/.file_accounts.php /var/www/nconf/config/. `/var/www/nconf/config.orig/.file_accounts.php' -> `/var/www/nconf/config/./.file_accounts.php' root@instructor01:/var/www/nconf# cp -arv /var/www/nconf/config.orig/* /var/www/nconf/config/. `/var/www/nconf/config.orig/authentication.php' -> `/var/www/nconf/config/./authentication.php' `/var/www/nconf/config.orig/deployment.ini' -> `/var/www/nconf/config/./deployment.ini' `/var/www/nconf/config.orig/mysql.php' -> `/var/www/nconf/config/./mysql.php' `/var/www/nconf/config.orig/nconf.php' -> `/var/www/nconf/config/./nconf.php' root@instructor01:/var/www/nconf# vi /var/www/nconf/config/mysql.php ### Edit ./config/mysql.php, set at least the following values: DBHOST DBNAME DBUSER DBPASS root@instructor01:/var/www/nconf# cat /var/www/nconf/config/mysql.php root@instructor01:/var/www/nconf# ### Edit ./config/nconf.php, set at least the following values: define('NCONFDIR', "/var/www/nconf"); define('NAGIOS_BIN', "/var/www/nconf/bin/nagios3"); ### Copy the nagios3 binary file from /usr/sbin/ to /var/www/nconf/bin/ root@instructor01:/var/www/nconf# which nagios3 /usr/sbin/nagios3 root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/bin/ total 56K -rwxr-xr-x 1 root root 3.0K Aug 14 11:02 add_items_from_csv.pl -rwxr-xr-x 1 root root 2.2K Aug 14 11:02 add_items_from_nagios.pl -rwxr-xr-x 1 root root 3.3K Aug 14 11:02 add_items_from_special_csv.pl -rwxr-xr-x 1 root root 4.0K Aug 14 11:02 append_contactgroup.pl -rwxr-xr-x 1 root root 12K Aug 14 11:02 convert_timeperiods_collectors.pl -rwxr-xr-x 1 root root 3.3K Aug 14 11:02 generate_config.pl -rwxr-xr-x 1 root root 8.8K Aug 14 11:02 get_items.pl drwxr-xr-x 4 root root 4.0K Aug 14 11:02 lib -rwxr-xr-x 1 root root 4.4K Aug 14 11:02 link_missing_items.pl root@instructor01:/var/www/nconf# cp -rv /usr/sbin/nagios3 /var/www/nconf/bin/. `/usr/sbin/nagios3' -> `/var/www/nconf/bin/./nagios3' root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/bin/ total 692K -rwxr-xr-x 1 root root 3.0K Aug 14 11:02 add_items_from_csv.pl -rwxr-xr-x 1 root root 2.2K Aug 14 11:02 add_items_from_nagios.pl -rwxr-xr-x 1 root root 3.3K Aug 14 11:02 add_items_from_special_csv.pl -rwxr-xr-x 1 root root 4.0K Aug 14 11:02 append_contactgroup.pl -rwxr-xr-x 1 root root 12K Aug 14 11:02 convert_timeperiods_collectors.pl -rwxr-xr-x 1 root root 3.3K Aug 14 11:02 generate_config.pl -rwxr-xr-x 1 root root 8.8K Aug 14 11:02 get_items.pl drwxr-xr-x 4 root root 4.0K Aug 14 11:02 lib -rwxr-xr-x 1 root root 4.4K Aug 14 11:02 link_missing_items.pl -rwxr-xr-x 1 root root 631K Aug 14 13:17 nagios3 ### Clean up: Remove the INSTALL and UPDATE folders, as well as the INSTALL.php and UPDATE.php scripts. root@instructor01:/var/www/nconf# rm -rf /var/www/nconf/INSTALL root@instructor01:/var/www/nconf# rm -rf /var/www/nconf/INSTALL* root@instructor01:/var/www/nconf# rm -rf /var/www/nconf/UPDATE root@instructor01:/var/www/nconf# rm -rf /var/www/nconf/UPDATE* root@instructor01:/var/www/nconf# ### Get OS logo icons (optional, but nice) ### If you like, download the OS logo icons and unpack them to ./img/logos/base/ and do some homekeeping as shown below. root@instructor01:/var/www/nconf# cd /var/www/nconf/img/logos/base/ root@instructor01:/var/www/nconf/img/logos/base# wget https://www.monitoringexchange.org/attachment/download/Artwork/Image-Packs/Base-Images/preview-base.jpg --2013-08-14 13:34:00-- https://www.monitoringexchange.org/attachment/download/Artwork/Image-Packs/Base-Images/preview-base.jpg Resolving www.monitoringexchange.org (www.monitoringexchange.org)... 91.198.2.106 Connecting to www.monitoringexchange.org (www.monitoringexchange.org)|91.198.2.106|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 112548 (110K) [image/jpeg] Saving to: `preview-base.jpg' 100%[============================================================================================================>] 112,548 146K/s in 0.8s 2013-08-14 13:34:03 (146 KB/s) - `preview-base.jpg' saved [112548/112548] root@instructor01:/var/www/nconf/img/logos/base# wget https://www.monitoringexchange.org/attachment/download/Artwork/Image-Packs/Base-Images/imagepak-base.tar.tar --2013-08-14 13:34:14-- https://www.monitoringexchange.org/attachment/download/Artwork/Image-Packs/Base-Images/imagepak-base.tar.tar Resolving www.monitoringexchange.org (www.monitoringexchange.org)... 91.198.2.106 Connecting to www.monitoringexchange.org (www.monitoringexchange.org)|91.198.2.106|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 154513 (151K) [application/x-gzip] Saving to: `imagepak-base.tar.tar' 100%[============================================================================================================>] 154,513 156K/s in 1.0s 2013-08-14 13:34:22 (156 KB/s) - `imagepak-base.tar.tar' saved [154513/154513] root@instructor01:/var/www/nconf/img/logos/base# tar -xvf imagepak-base.tar.tar root@instructor01:/var/www/nconf/img/logos/base# ls base hp-printer40.gif imagepak-base.tar.tar preview-base.jpg sunlogo.gif win40.gif freebsd40.gif hpux.gif linux40.gif router40.gif switch40.gif root@instructor01:/var/www/nconf/img/logos/base# rm -rf imagepak-base.tar.tar root@instructor01:/# mv -vf /var/www/nconf/img/logos/base/base/* /var/www/nconf/img/logos/base/. root@instructor01:/# rm -rf /var/www/nconf/img/logos/base/base ### Check permissions once again and ensure that they are correct. root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/ | grep config drwxr-xr-x 2 root root 4.0K Aug 14 13:41 config drwxr-xr-x 2 root root 4.0K Aug 14 11:02 config.orig -rw-r--r-- 1 root root 5.3K Aug 14 11:02 generate_config.php root@instructor01:/var/www/nconf# chown -R www-data:www-data /var/www/nconf/config root@instructor01:/var/www/nconf# ls -lh /var/www/nconf/ | grep config drwxr-xr-x 2 www-data www-data 4.0K Aug 14 13:41 config drwxr-xr-x 2 root root 4.0K Aug 14 11:02 config.orig -rw-r--r-- 1 root root 5.3K Aug 14 11:02 generate_config.php root@instructor01:/var/www/nconf# ### Authentication: If you need authentication, configure ./config/authentication.php and /config/.file_accounts.php appropriately. root@instructor01:/var/www/nconf# vi /var/www/nconf/config/authentication.php define('AUTH_ENABLED', "1"); root@instructor01:/var/www/nconf# vi /var/www/nconf/config/.file_accounts.php #admin::nconf::admin::Administrator:: admin::P@55W0rD!::admin::Administrator:: ### Access nconf on the web browser http://ip-address/nconf ### Remember to input the username admin or any other user configured above together with the correct password to be granted access. ### Disable all hosts on NConf & Edit to your requirements. ### The instructor will guide you through the system. ### Copy logos from the nagios installation into NConf's installation. root@instructor01:/# cp -rv /usr/share/nagios/htdocs/images/logos/base/* /var/www/nconf/img/logos/base/. ### Look at the location of the Nagios config as generated by NConf. root@instructor01:/# ls -lh /var/www/nconf/output/ total 4.0K -rw-r--r-- 1 www-data www-data 3.1K Aug 15 02:52 NagiosConfig.tgz ### Configure Deployment on NConf. root@instructor01:/# cat /var/www/nconf/config/deployment.ini ;; NConf deployment configuration ;; LOCAL deployment ;; [extract config] type = local source_file = "/var/www/nconf/output/NagiosConfig.tgz" target_file = "/tmp/" action = extract [copy collector config] type = local source_file = "/tmp/Default_collector/" target_file = "/etc/nagios3/Default_collector/" action = copy [copy global config] type = local source_file = "/tmp/global/" target_file = "/etc/nagios3/global/" action = copy reload_command = "/usr/bin/sudo -u nagios /etc/init.d/nagios3 reload" ### Create the directories to put the NConf config and ensure they have the proper permissions. root@instructor01:/# mkdir /etc/nagios3/Default_collector root@instructor01:/# mkdir /etc/nagios3/global root@instructor01:/# chown -R www-data:www-data /etc/nagios3/Default_collector root@instructor01:/# chown -R www-data:www-data /etc/nagios3/global ### Create a backup copy of the nagios3 config file. root@instructor01:/# cp -rv /etc/nagios3/nagios.cfg /etc/nagios3/nagios.cfg.orig `/etc/nagios3/nagios.cfg' -> `/etc/nagios3/nagios.cfg.orig' ### Configure Nagios to read the configs generated by NConf. root@instructor01:/# vi /etc/nagios3/nagios.cfg #cfg_file=/etc/nagios3/commands.cfg #cfg_dir=/etc/nagios-plugins/config #cfg_dir=/etc/nagios3/conf.d cfg_dir=/etc/nagios3/Default_collector cfg_dir=/etc/nagios3/global ### Give the apache user credentials to reload nagios3 as the user nagios. root@instructor01:/# visudo # Allow apache to reload the nagio3 config www-data ALL = (nagios) NOPASSWD: /etc/init.d/nagios3 reload ### IS FINISHED!!!