######################################################## ### Installation of Nagios and NConf on Ubuntu 12.04 LTS ######################################################## ### Ensure you have the correct time on your server. root@vm12:/home/sysadm# date Tue Apr 22 12:06:15 UTC 2014 root@vm12:/home/sysadm# dpkg-reconfigure tzdata Current default time zone: 'Africa/Nairobi' Local time is now: Tue Apr 22 15:09:59 EAT 2014. Universal Time is now: Tue Apr 22 12:09:59 UTC 2014. root@vm12:/home/sysadm# date Tue Apr 22 15:10:05 EAT 2014 ######################### ### Installation of Nagios ######################### root@vm12:/home/sysadm# apt-get update root@vm12:/home/sysadm# apt-get install nagios3 nagios3-cgi ### Remember to input a password for the nagiosadmin user when prompted. ### Access nagios on the web browser http://http://vm12.ws.nsrc.org/nagios3 ### Input the username nagiosadmin and the password configured above. ########################## ###Installation of NConf ########################## ### Install the Dependencies First root@vm12:/home/sysadm# apt-get install php5-mysql mysql-server libdbi-perl libdbd-mysql-perl ### Remember to input the root password for mysql when prompted. ### php.ini settings: Ensure the following is in the php.ini file. root@vm12:/home/sysadm# vi /etc/php5/cli/php.ini * short_open_tag = On * register_globals = Off * magic_quotes_gpc = Off ### Download and unpack the NConf archive to your webserver's document root folder. root@vm12:/home/sysadm# wget http://sourceforge.net/projects/nconf/files/nconf/1.3.0-0/nconf-1.3.0-0.tgz/download root@vm12:/home/sysadm# ls -lh total 484K -rw-r--r-- 1 root root 481K Dec 11 2011 download root@vm12:/home/sysadm# mv -vf download nconf-1.3.0-0.tgz `download' -> `nconf-1.3.0-0.tgz' root@vm12:/home/sysadm# ls -lh total 484K -rw-r--r-- 1 root root 481K Dec 11 2011 nconf-1.3.0-0.tgz root@vm12:/home/sysadm# tar -xvf nconf-1.3.0-0.tgz root@vm12:/home/sysadm# ls -lh total 488K drwxr-xr-x 14 root root 4.0K Dec 11 2011 nconf -rw-r--r-- 1 root root 481K Dec 11 2011 nconf-1.3.0-0.tgz root@vm12:/home/sysadm# cp -rv nconf /var/www/. root@vm12:/home/sysadm# ls -lh /var/www/ total 8.0K -rw-r--r-- 1 root root 177 Apr 22 15:29 index.html drwxr-xr-x 14 root root 4.0K Apr 22 16:17 nconf root@vm12:/home/sysadm# ### Set permissions: Make sure the following directories are writable for your webserver user: ./config ./output ./static_cfg ./temp #### Notice that the webserver user is www-data and the above directories are #### all owned by root and have the 755 permissions as shown below. ### Be sure of the the username of the webserver. root@vm12:/home/sysadm# cat /etc/passwd | grep www www-data:x:33:33:www-data:/var/www:/bin/sh root@vm12:/home/sysadm# ### Change Permissions root@vm12:/home/sysadm# chown -R www-data:www-data /var/www/nconf/config root@vm12:/home/sysadm# chown -R www-data:www-data /var/www/nconf/output root@vm12:/home/sysadm# chown -R www-data:www-data /var/www/nconf/static_cfg root@vm12:/home/sysadm# chown -R www-data:www-data /var/www/nconf/temp ### Run mysql_secure_installation to remove some default settings. root@vm12:/home/sysadm# /usr/bin/mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation. You already have a root password set, so you can safely answer 'n'. Change the root password? [Y/n] n ... skipping. By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL! root@vm12: ### Create a new MySQL database for NConf, create a user to access the database, grant the appropriate privileges (make sure InnoDB for MySQL is set up properly prior to creating the database). root@vm12:/home/sysadm# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 48 Server version: 5.5.35-0ubuntu0.12.04.2 (Ubuntu) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show engine; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 mysql> show engines; +--------------------+---------+----------------------------------------------------------------+--------------+------+------------+ | Engine | Support | Comment | Transactions | XA | Savepoints | +--------------------+---------+----------------------------------------------------------------+--------------+------+------------+ | PERFORMANCE_SCHEMA | YES | Performance Schema | NO | NO | NO | | MRG_MYISAM | YES | Collection of identical MyISAM tables | NO | NO | NO | | MEMORY | YES | Hash based, stored in memory, useful for temporary tables | NO | NO | NO | | BLACKHOLE | YES | /dev/null storage engine (anything you write to it disappears) | NO | NO | NO | | MyISAM | YES | MyISAM storage engine | NO | NO | NO | | CSV | YES | CSV storage engine | NO | NO | NO | | ARCHIVE | YES | Archive storage engine | NO | NO | NO | | FEDERATED | NO | Federated MySQL storage engine | NULL | NULL | NULL | | InnoDB | DEFAULT | Supports transactions, row-level locking, and foreign keys | YES | YES | YES | +--------------------+---------+----------------------------------------------------------------+--------------+------+------------+ 9 rows in set (0.00 sec) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | +--------------------+ 3 rows in set (0.00 sec) mysql> CREATE DATABASE nconf; Query OK, 1 row affected (0.00 sec) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | nconf | | performance_schema | +--------------------+ 4 rows in set (0.00 sec) mysql> CREATE USER 'nconfadmin'@'localhost' IDENTIFIED BY 'nc0nfP@55W0rD'; Query OK, 0 rows affected (0.00 sec) mysql> GRANT ALL ON nconf.* TO 'nconfadmin'@'localhost' IDENTIFIED BY 'nc0nfP@55W0rD'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> exit Bye root@vm12:/home/sysadm# ### Import the nconf Database Schema. root@vm12:/home/sysadm# mysql -u nconfadmin -p nconf < /var/www/nconf/INSTALL/create_database.sql Enter password: root@vm12:/home/sysadm# ### Confirm that the Database Schema has been imported properly. root@vm12:/home/sysadm# mysql -u nconfadmin -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 51 Server version: 5.5.35-0ubuntu0.12.04.2 (Ubuntu) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | nconf | +--------------------+ 2 rows in set (0.00 sec) mysql> use nconf Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +-----------------+ | Tables_in_nconf | +-----------------+ | ConfigAttrs | | ConfigClasses | | ConfigItems | | ConfigValues | | History | | ItemLinks | +-----------------+ 6 rows in set (0.00 sec) mysql> exit Bye root@vm12:/home/sysadm# ### Configure NConf: Copy the contents of ./config.orig to ./config. Make sure you also copy the hidden files. root@vm12:/home/sysadm# cp -arv /var/www/nconf/config.orig/.file_accounts.php /var/www/nconf/config/. root@vm12:/home/sysadm# cp -arv /var/www/nconf/config.orig/* /var/www/nconf/config/.`/var/www/nconf/config.orig/authentication.php' -> `/var/www/nconf/config/./authentication.php' root@vm12:/home/sysadm# ### Edit ./config/mysql.php, set at least the following values: DBHOST DBNAME DBUSER DBPASS root@vm12:/home/sysadm# vi /var/www/nconf/config/mysql.php ### Edit ./config/nconf.php, set at least the following values: root@vm12:/home/sysadm# vi /var/www/nconf/config/nconf.php define('NCONFDIR', "/var/www/nconf"); define('NAGIOS_BIN', "/var/www/nconf/bin/nagios3"); ### Copy the nagios3 binary file from /usr/sbin/ to /var/www/nconf/bin/ root@vm12:/home/sysadm# which nagios3 /usr/sbin/nagios3 root@vm12:/home/sysadm# cp -v /usr/sbin/nagios3 /var/www/nconf/bin/. ### Clean up: Remove the INSTALL and UPDATE folders, as well as the INSTALL.php and UPDATE.php scripts. root@vm12:/home/sysadm# rm -rf /var/www/nconf/INSTALL root@vm12:/home/sysadm# rm -rf /var/www/nconf/INSTALL.php root@vm12:/home/sysadm# rm -rf /var/www/nconf/UPDATE root@vm12:/home/sysadm# rm -rf /var/www/nconf/UPDATE.php root@vm12:/home/sysadm# cd /var/www/nconf/img/logos/base/ ### Get OS logo icons (optional, but nice) ### If you like, download the OS logo icons and make sure you unpack them to ./img/logos/base/ i.e. (/var/www/nconf/img/logos/base/) directory and do some homekeeping as shown below. root@vm12:/var/www/nconf/img/logos/base# wget https://www.monitoringexchange.org/attachment/download/Artwork/Image-Packs/Base-Images/preview-base.jpg root@vm12:/var/www/nconf/img/logos/base# wget https://www.monitoringexchange.org/attachment/download/Artwork/Image-Packs/Base-Images/imagepak-base.tar.tar root@vm12:/var/www/nconf/img/logos/base# tar -xvf imagepak-base.tar.tar root@vm12:/var/www/nconf/img/logos/base# rm -rf imagepak-base.tar.tar root@vm12:/var/www/nconf/img/logos/base# mv -vf /var/www/nconf/img/logos/base/base/* /var/www/nconf/img/logos/base/. root@vm12:/var/www/nconf/img/logos/base# rm -rf /var/www/nconf/img/logos/base/base ### Check permissions once again and ensure that they are correct. root@vm12:/var/www/nconf/img/logos/base# chown -R www-data:www-data /var/www/nconf/config ### Authentication: If you need authentication, configure ./config/authentication.php and /config/.file_accounts.php appropriately. root@vm12:/var/www/nconf/img/logos/base# vi /var/www/nconf/config/authentication.php define('AUTH_ENABLED', "1"); root@vm12:/var/www/nconf/img/logos/base# vi /var/www/nconf/config/.file_accounts.php #admin::nconf::admin::Administrator:: admin::P@55W0rD!::admin::Administrator:: ### Reload the Apache Web Server. root@vm12:/var/www/nconf/img/logos/base# service apache2 restart * Restarting web server apache2 ... waiting [ OK ] root@vm12:/# ### Access nconf on the web browser http://http://vm12.ws.nsrc.org/nconf ### Remember to input the username admin or any other user configured above together with the correct password to be granted access. ### Disable all hosts on NConf & Edit to your requirements. ### The instructor will guide you through the system. ### Look at the location of the Nagios config as generated by NConf. root@vm12:/# ls -lh /var/www/nconf/output/ total 4.0K -rw-r--r-- 1 www-data www-data 3.1K Apr 22 17:56 NagiosConfig.tgz ### Configure Deployment on NConf. root@vm12:/# vi /var/www/nconf/config/deployment.ini ;; NConf deployment configuration ;; LOCAL deployment ;; [extract config] type = local source_file = "/var/www/nconf/output/NagiosConfig.tgz" target_file = "/tmp/" action = extract [copy collector config] type = local source_file = "/tmp/Default_collector/" target_file = "/etc/nagios3/Default_collector/" action = copy [copy global config] type = local source_file = "/tmp/global/" target_file = "/etc/nagios3/global/" action = copy reload_command = "/usr/bin/sudo -u nagios /etc/init.d/nagios3 reload" ### Create the directories to put the NConf config and ensure they have the proper permissions. root@vm12:/# mkdir /etc/nagios3/Default_collector root@vm12:/# mkdir /etc/nagios3/global root@vm12:/# chown -R www-data:www-data /etc/nagios3/Default_collector root@vm12:/# chown -R www-data:www-data /etc/nagios3/global ### Configure Nagios to read the configs generated by NConf. #cfg_file=/etc/nagios3/commands.cfg #cfg_dir=/etc/nagios-plugins/config #cfg_dir=/etc/nagios3/conf.d cfg_dir=/etc/nagios3/Default_collector cfg_dir=/etc/nagios3/global root@vm12:/# cp -rv /etc/nagios3/nagios.cfg /etc/nagios3/nagios.cfg.orig root@vm12:/# vi /etc/nagios3/nagios.cfg ### Give the apache user credentials to reload nagios3 as the user nagios. root@vm12:/# visudo # Allow apache to reload the nagio3 config www-data ALL = (nagios) NOPASSWD: /etc/init.d/nagios3 reload ### IS FINISHED!!!