Monday, April 27, 2015

To Install Nagios 4.0.8 on CentOS 7

To Install Nagios 4.0.8 on CentOS 7

It all depends what you mean by "monitor"!

1. Is it (system or service) available? We use nagios.
2. What is it doing? We use munin for linux servers, and cacti for just about everything else, even though it is a pain to configure sometimes...
3. What has it done? We use syslog-ng to concentrate syslogs in one place and then run a customized logcheck script daily to send reports via email. We are looking for something similar for Windows servers.

Install the required packages:

# yum install gcc glibc glibc-common gd gd-devel make net-snmp openssl-devel

Install mailx:

# yum install mailx

Note: the reason why we install mailx is because Nagios use /bin/mail to send the notification mails out.
Note: Postfix is the default mta for Centos 7.

# which mail

/bin/mail

Send a simple testing email:

# echo "Your message" | mail -s "Message Subject" email@address.com

Send a testing email with an attachment:

# echo "Message" | mail -s "Subject" -a /loc/to/attachment.txt email@address.com

Reading the message body from a file:

# echo | mail -s "Subject" -r from@address.com -q /loc/to/body.txt email@address.com

Add the Nagios user:

# useradd nagios

Note: do not intend to create the user with /sbin/nologin or with the -r (system account) parameter. Because if the Nagios user can't send email then Nagios running as the nagios user won't be able to send mail either. You have to be able to send mail via a console terminal as the nagios user before you do any additional debugging.

Add the Nagios group:

# groupadd nagcmd

Add the nagios user and apache user to the Nagios group:

# usermod -a -G nagcmd nagios
# usermod -a -G nagcmd apache

Downloading and install Nagios:

# cd ~/tmp

# curl -L -O http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.8.tar.gz

# tar xvf nagios-*.tar.gz

# cd nagios-*

# ./configure --with-command-group=nagcmd

# make all

# make install
# make install-commandmode
# make install-init
# make install-config
# make install-webconf

Downloading and install Nagios Plugins:

# cd ~/tmp
# curl -L -O http://nagios-plugins.org/download/nagios-plugins-2.0.3.tar.gz
# tar xvf nagios-plugins-*.tar.gz

# cd nagios-plugins-*
# ./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl

# make
# make install

Configure Nagios:

# vim /usr/local/nagios/etc/nagios.cfg

cfg_dir=/usr/local/nagios/etc/servers

admin_email=me@example.com
admin_pager=me@example.com

Note: regarding the admin_email and admin_pager, Nagios never uses these values itself, but you can access them by using the $ADMINEMAIL$ and $ADMINPAGER$ macros in your notification commands.

# mkdir /usr/local/nagios/etc/servers

Verify the Nagios configuration file:

# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Configure Nagios contacts:

# vim /usr/local/nagios/etc/objects/contacts.cfg

email                           nagios@localhost        ;

Set up the Nagios admin account:

# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Note: you don't have to use -c parameter if you want to add additional users.

# chmod 440 /usr/local/nagios/etc/htpasswd.users
# chown root:apache /usr/local/nagios/etc/htpasswd.users

Comment out all lines /etc/httpd/conf.d/nagios.conf:

# vim /etc/httpd/conf.d/nagios.conf

Move all of lines in /etc/httpd/conf.d/nagios.conf to your VirtualHost block, since we are using PHP-FPM to process php scripts:

# vim /etc/httpd/conf.d/httpd-vhosts.conf

<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/usr/local/nagios/share"
    ServerName nagios.mydomain.com

    DirectoryIndex /index.php index.php index.html index.htm
    ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/local/nagios/share/$1

    ErrorLog "/var/log/httpd/nagios.mydomain.com-error_log"
    CustomLog "/var/log/httpd/nagios.mydomain.com-access_log" common

    ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

    <Directory "/usr/local/nagios/sbin">
    #  SSLRequireSSL
       Options ExecCGI
       AllowOverride None
       #Order allow,deny
       #Allow from all
       Order deny,allow
       Deny from all
       Allow from 127.0.0.1 192.168.0.5/24
       AuthName "Nagios Access"
       AuthType Basic
       AuthUserFile /usr/local/nagios/etc/htpasswd.users
       Require valid-user
    </Directory>

    Alias /nagios "/usr/local/nagios/share"

    <Directory "/usr/local/nagios/share">
    #  SSLRequireSSL
       Options None
       AllowOverride None
       #Order allow,deny
       #Allow from all
       Order deny,allow
       Deny from all
       Allow from 127.0.0.1 192.168.0.5/24
       AuthName "Nagios Access"
       AuthType Basic
       AuthUserFile /usr/local/nagios/etc/htpasswd.users
       Require valid-user
    </Directory>
</VirtualHost>

Verify the Apache configuration files:

# httpd -t

Syntax OK

If you have enabled SELinux, set the correct security context:

# chcon -R --reference=/var/www/html /usr/local/nagios/share
# chcon -R --reference=/var/www/html /usr/local/nagios/var
# chcon -R --reference=/var/www/cgi-bin /usr/local/nagios/sbin
# chcon -R -t httpd_sys_rw_content_t /usr/local/nagios/var/rw

Or do:

# chcon -R -t httpd_sys_content_t /usr/local/nagios/share
# chcon -R -t httpd_sys_content_t /usr/local/nagios/var
# chcon -R -t httpd_sys_script_exec_t /usr/local/nagios/sbin
# chcon -R -t httpd_sys_rw_content_t /usr/local/nagios/var/rw

Enable and Run services:

# systemctl enable nagios.service

or

# chkconfig --add nagios
# chkconfig nagios on

# systemctl start nagios.service

# systemctl restart httpd.service

Check http process:

# /usr/local/nagios/libexec/check_http -H 127.0.0.1

If you see the following message:

HTTP WARNING: HTTP/1.1 403 Forbidden - 5194 bytes in 0.001 second response time |time=0.000542s;;;0.000000 size=5194B;;;0

Try to touch index.html file in your root directory.

# cat /usr/local/nagios/var/nagios.log

# cat /var/log/maillog

postfix/sendmail[24452]: fatal: open /etc/postfix/main.cf: Permission denied

# setsebool -P httpd_can_network_connect 1
# setsebool -P httpd_can_sendmail 1

Note: -P in the above command means Persistent (across reboots).

# getsebool -a | grep -i httpd_can
# sestatus -b | grep httpd_can

httpd_can_network_connect on
httpd_can_sendmail on

# ll -Z /etc/postfix/main.cf

-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf

If you did not get the nofitication email, please check to see if the mail client path has been set correctly:

# vim /usr/local/nagios/etc/objects/commands.cfg

Note: the default setting is set to /bin/mail.
Note: postfix is the default mta for Centos 7.

To see the visual graphics:

PNP4Nagios is an addon to Nagios which analyzes performance data provided by plugins visually and stores them automatically into RRD-databases.

Reference:

https://www.digitalocean.com/community/tutorials/how-to-install-nagios-4-and-monitor-your-servers-on-centos-7
http://www.unixmen.com/install-configure-nagios-4-centos-7/
http://tecadmin.net/install-nagios-core-service-on-centos-rhel/
http://serverfault.com/questions/44/what-tool-do-you-use-to-monitor-your-servers

No comments: