Linux HOWTOs

About | Home | Search


HOWTO: nagios
Description: System and network monitor
Click here for ChangeLog
NOTE: I use GNU tar >= 1.13.25 so it's -j for .tar.bz2 files,
it's safe to assume that make, gcc, binutils, fileutils/coreutils, gawk, sed, and grep are prerequisites for almost everything


# Nagios
# ======
# A fully configured Nagios is not something that can be done quickly, and
# this little howto will not cover 1% of 1% of what you need to know to
# have a full grasp of using Nagios, so you should definitely read the
# docs.  This howto covers the absolute basics and if you follow it
# exactly, you _might_ have a functional, very basic Nagios running when
# you're done.


# Nagios 4.2.0
# ============
# This part covers the full Nagios server.
#
# If you want to install something on a remote Linux/Unix machine so the
# Nagios server can get local stats (or remote stats from it), install Nagios
# Plugins and NRPE on that remote machine.  See below.

# Prerequisites:
# A /bin/mail like mailx
# iconv (glibc's or libiconv)
# GD
# traceroute, ping, ...
# Perl

# Get it
cd
test -f installed/nagios/nagios-4.2.0.tar.gz &&
 mv installed/nagios/nagios-4.2.0.tar.gz .
test ! -f nagios-4.2.0.tar.gz &&
 wget http://downloads.sf.net/nagios/nagios-4.2.0.tar.gz

# Verify tarball w/ sha1sum:
# (this came from me, not the developers)
echo "872533f89bb128896ab40c8cf5d1ee1074b563f9  nagios-4.2.0.tar.gz" | \
sha1sum -c

# Extract the source
mkdir -p -m 0700 src/nagios
cd src/nagios
find -maxdepth 1 -type d -name "nagios-?.*" -exec rm -r {} \;
tar xzvf ~/nagios-4.2.0.tar.gz
cd nagios-4.2.0
test $UID = 0 && chown -R root:root .

# Read through the docs:
less ./README.asciidoc
# Nagios Core Documentation - Table Of Contents
# Installing_Nagios_Core_From_Source.pdf

# Become root (-l = login shell)
su -l

# If su put us in root's home directory, go back
cd $(egrep "^$(logname):" /etc/passwd | awk -F: '{ print $6 }')
cd src/nagios-4.2.0

# Add a nagios group and user if they don't already exist
getent group | egrep "^nagios:" > /dev/null 2>&1 || groupadd nagios
id nagios > /dev/null 2>&1 ||
 useradd -d /usr/local/nagios -s /bin/bash -g nagios nagios

# Create the installation directory
mkdir -p /usr/local/nagios
chown nagios:nagios /usr/local/nagios

# If you don't already know, find out what user Apache runs as
# on your system.  Put that in the $APACHE_USER variable for later.
# Run "echo $APACHE_USER" to see if it worked.
test -f /usr/local/apache/conf/httpd.conf &&
 APACHE_USER=$(egrep "^User " /usr/local/apache/conf/httpd.conf | \
  awk '{ print $2 }')
test -z "$APACHE_USER" -a -f /usr/local/apache2/conf/httpd.conf &&
 APACHE_USER=$(egrep "^User " /usr/local/apache2/conf/httpd.conf | \
  awk '{ print $2 }')
test -z "$APACHE_USER" -a -f /etc/httpd/httpd.conf &&
 APACHE_USER=$(egrep "^User " /etc/httpd/httpd.conf | \
  awk '{ print $2 }')

# Create a nagcmd group if it doesn't already exist
# Add the nagios and apache users to the nagcmd group
getent group | grep "^nagcmd:" > /dev/null 2>&1 || groupadd nagcmd
usermod -a -G nagcmd "$APACHE_USER"
usermod -a -G nagcmd nagios

# Don't need $APACHE_USER any more
unset APACHE_USER

# Configure the build
./configure --with-command-group=nagcmd 

# Build it
make all

# Install binaries, CGIs, and HTML files
make install

# Install an init script into /etc/rc.d/init.d, create the
# symlinks so it will run on boot-up/shutdown
make install-init
ln -sf /etc/rc.d/init.d/nagios /etc/rc.d/rc3.d/S99nagios
ln -sf /etc/rc.d/init.d/nagios /etc/rc.d/rc4.d/S99nagios
ln -sf /etc/rc.d/init.d/nagios /etc/rc.d/rc5.d/S99nagios
ln -sf /etc/rc.d/init.d/nagios /etc/rc.d/rc0.d/K01nagios
ln -sf /etc/rc.d/init.d/nagios /etc/rc.d/rc6.d/K01nagios

# Install sample config files
make install-config

# Create and set permissions for the external command directory
make install-commandmode

## Skip this - even with --with-httpd-conf, still requires manual intervention
#make install-webconf

# Install sample Apache config for the web interface
test ! -f /etc/httpd/extra/httpd-nagios.conf &&
ginstall -c -m 644 sample-config/httpd.conf \
/etc/httpd/extra/httpd-nagios.conf

# Alter the main Apache configuration file to include the previous one
grep -q httpd-nagios\.conf /etc/httpd/httpd.conf ||
 ( echo >> /etc/httpd/httpd.conf
   echo "# Nagios" >> /etc/httpd/httpd.conf
   echo "Include /etc/httpd/extra/httpd-nagios.conf" >> /etc/httpd/httpd.conf
   echo >> /etc/httpd/httpd.conf )

# Edit the installed sample Apache config file for the web interface
# /etc/httpd/extra/httpd-nagios.conf

# Create a nagiosadmin account for the web interface:
# (if you don't use nagiosadmin you will have to update cgi.cfg)
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
# The htpasswd.users file should be owned by user root, the group that
# Apache httpd is running as, and chmod 640 should be good enough

# Verify that the configuration is valid
apachectl configtest

# Restart Apache so the configuration change takes effect
apachectl restart

# The exfoliation theme was installed already
# If you want to revert to the classic theme:
# make install-classicui

# Install contrib/eventhandlers/*
# Nagios Core - Event Handlers
cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/
chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers

# Check out the sample configuration files in /usr/local/nagios/etc
# In there, change admin e-mail address in objects/contacts.cfg 

# Start Nagios
/etc/rc.d/init.d/nagios start

# Nagios rotates the /usr/local/nagios/var/nagios.log itself,
# logcheck configuration is not necessary

# Become your non-root user again
exit

# Save the source for later
cd
mkdir -p -m 0700 installed/nagios
rm -f installed/nagios-*.tar.* installed/nagios/nagios-*.tar.*
mv nagios-4.2.0.tar.gz installed/nagios/


# Nagios plugins 2.1.2
# ====================
# Prerequisites covered in REQUIREMENTS:
# fping installed setuid root (for check_fping)
# qstat to check game server stats (for check_game)
# NET-SNMP (for check_hpjd, check_snmp)
# OpenLDAP (for check_ldap)
# libdbi (for check_dbi)
# MySQL (for check_mysql, check_mysql_query)
# PostgreSQL (for check_pqsql)
# FreeRADIUS or radiusclient-ng or libradiusclient (for check_radius)
# Net::SNMP (for check_ifstatus, check_ifoperstatus)
# Network UPS Tools (NUT) >= 1.4 (for check_ups)
# Other things that configure was looking for:
# smbclient (Samba)
# Python
# Perl
# GnuTLS or OpenSSL
# ssh (OpenSSH)
# mailq (sendmail)
# lsps (optional; an AIX command)
# dig (bind)
# apt-get (optional; a util used by Debian-based distributions)
# gettext

# Install the Perl Net::SNMP module:
su -c "perl -MCPAN -e shell"
o conf prerequisites_policy follow
o conf make_install_arg UNINST=1
install Bundle::CPAN
install Net::SNMP
exit

# Add a nagios group and user if they don't already exist
getent group | egrep "^nagios:" > /dev/null 2>&1 || groupadd nagios
id nagios > /dev/null 2>&1 ||
 useradd -d /usr/local/nagios -s /bin/bash -g nagios nagios

# Get it
cd
test -f installed/nagios/nagios-plugins-2.1.2.tar.gz &&
 mv installed/nagios/nagios-plugins-2.1.2.tar.gz .
test ! -f nagios-plugins-2.1.2.tar.gz &&
 wget --no-check-certificate \
https://nagios-plugins.org/download/nagios-plugins-2.1.2.tar.gz

# Extract the source
mkdir -p -m 0700 src/nagios
cd src/nagios
find -maxdepth 1 -type d -name "nagios-plugins-?.*" -exec rm -r {} \;
tar xzvf ~/nagios-plugins-2.1.2.tar.gz
cd nagios-plugins-2.1.2
test $UID = 0 && chown -R root:root .

# If you have OpenSSL and GnuTLS, it will use OpenSSL by default unless you
# tell it otherwise (--with-gnutls)
#
# If your OpenSSL is not installed under /usr/local/ssl, you can leave the
# path off below

# My fping is installed under /usr/local/sbin, if yours is not under
# /usr/local, you probably won't need the --with-fping-command part

# If you are 64-bit and have OpenSSL in /usr/local/ssl, put this at
# the beginning of your configure line:
# LDFLAGS=-L/usr/local/ssl/lib64

# Configure the build
./configure --with-fping-command=/usr/local/sbin/fping --with-openssl=/usr/local/ssl --with-mysql=/usr/local/mysql --enable-perl-modules

# Build it
make

# Become root
su

# Install the plugins
make install

# Install the plugins that require setuid
make install-root

# Become your non-root user again
exit

# Save the source for later
cd
mkdir -p -m 0700 installed/nagios
rm -f installed/nagios-plugins-*.tar.* \
 installed/nagios/nagios-plugins-*.tar.*
mv nagios-plugins-2.1.2.tar.gz installed/nagios/


# NRPE 3.0
# ========
# NRPE is an addon that lets you run Nagios plugins on remote Linux/Unix
# machines rather than using the check_by_ssh plugin

# Prerequisites:
# Nagios
# Nagios Plugins
# Kerberos (optional)
# pkg-config
# OpenSSL (optional)
# Perl

# Get it
cd
test -f installed/nagios/nrpe-3.0.tar.gz &&
 mv -f installed/nagios/nrpe-3.0.tar.gz .
test ! -f nrpe-3.0.tar.gz &&
 wget --no-check-certificate \
https://github.com/NagiosEnterprises/nrpe/archive/3.0.tar.gz \
-O nrpe-3.0.tar.gz

# Extract the source
mkdir -p -m 0700 src/nagios
cd src/nagios
find -maxdepth 1 -type d -name "nrpe-*" -exec rm -r {} \;
tar xzvf ~/nrpe-3.0.tar.gz
cd nrpe-3.0
test $UID = 0 && chown -R root:root .

# Read ./README.md and docs/NRPE.pdf

# Configure the build
# Note: This did handle finding my /usr/local/ssl and it's lib64
./configure

# Build everything
make all

# Become root to install it
su

# If you are running this on the Nagios server only to install the check_nrpe
# plugin, run this:
make install-plugin

## If you are on a remote machine that does not have the Nagios server
## installed on it, do this to create the necessary accounts and install
## the NRPE daemon (/usr/local/nagios/bin/nrpe), and it's configuration
## (/usr/local/nagios/etc/nrpe.cfg):
# make install-groups-users
# make install
# make install-config
## and either this for running NRPE via inetd:
# make install-inetd
## or this for running it via init, systemd:
# make install-init
#
## See NRPE.pdf for info about running the daemon, firewall rules, and
## nrpe.cfg

## If you have a source-installed Nagios on the local machine, and a remote
## Ubuntu machine, for example, this will get you what you need to run on
## the Ubuntu machine:
# apt-get install nagios-nrpe-server
##
## To change NRPE settings, look at what the settings are in
## /etc/nagios/nrpe.cfg, then make the change by adding it to
## /etc/nagios/nrpe_local.cfg
#
## If you don't want the NRPE daemon binding to all of it's IP addresses,
## set the correct one by adding "server_address=ip.add.re.ss" to
## /etc/nagios/nrpe-local.cfg
##
## Add the IP of the Nagios server by adding "allowed-hosts=it.s.ip.address"
## to /etc/nagios/nrpe-local.cfg
##
## If you're having trouble getting it to work, add "debug=1"
##
## If you made any changes to the configuration, restart NRPE:
# service nagios-nrpe-server restart
## or if yours is running systemd:
# systemctl restart nagios-nrpe-server
##
## And if you use the ufw firewall:
# ufw allow in on eth0 from [nag.ios.server.ip] to any port 5666 proto tcp

# Become your non-root user again
exit

# Save the source for later
cd
mkdir -p -m 0700 installed/nagios
rm -f installed/nagios/nrpe-*.tar.*
mv -f nrpe-3.0.tar.gz installed/nagios/

Back to the list


Last updated: Tue, 07 Aug 2018 12:06:17 -0400
Jason Englander <jason at englanders dot us>