How To Securely Manage Secrets with HashiCorp Vault on Ubuntu 16.04
0

Introduction

Nagios is a open-source monitoring system that is popular. It keeps an inventory of your servers and monitors them so you know your services that are critical installed and operating. Utilizing a monitoring system like Nagios is a vital device for almost any manufacturing environment, because by monitoring uptime, Central Processing Unit use, or disk area, you’ll go down dilemmas you.( before they occur, or before your users call************)

In this guide, you will install Nagios 4 and configure it to monitor host resources via Nagios’ internet program. You will set the Nagios Remote Plugin up Executor (NRPE), which operates as a realtor on remote hosts to monitor their resources.

Prerequisites

To complete this guide, you’ll need the ( that is following************)

  • Two Ubuntu 16.04 servers with personal networking configured, put up by after the Ubuntu 16.04 initial host setup guide, including a sudo non-root individual and a firewall. You are going to make use of the server that is first run Nagios, and 2nd host is likely to be configured as a remote host that Nagios can monitor.
  • Typically, Nagios operates behind an equipment firewall or VPN. If the Nagios host is confronted with the Internet that is public should secure the Nagios internet program with TLS. To get this done, you need to do among the after:

This guide assumes that your particular servers have actually personal networking enabled making sure that monitoring takes place in the personal system as opposed to the network that is public. You can still follow this tutorial by replacing all the references to private IP addresses with public IP addresses.( if you don’t have private networking enabled,************)

Step 1 — Setting Up Nagios 4

There are numerous how to install Nagios, but we are going to install Nagios and its particular elements from supply to make sure we obtain the latest features, safety updates, and bug repairs.

Log into the host that operates Apache. We will phone this the Nagios host.

  • ssh sammy@your_nagios_server_ip

Create a nagios individual and nagcmd team. You are going to utilize these to operate the Nagios procedure.

  • sudo useradd nagios
  • sudo groupadd nagcmd

Then include the consumer toward team:

  • sudo usermod -a -G nagcmd nagios

Because we’re building Nagios and its particular elements from supply, we should install a development that is few to perform the create, including compilers, development headers, and OpenSSL.

Update your package listings to make sure you’ll install the most recent variations of this prerequisites:

Then install the desired packages:

  • sudo apt-get install build-essential libgd2-xpm-dev libssl-dev unzip that is openssl

With the prerequisites set up, we are able to install Nagios it self. Down load the origin rule the latest release that is stable of Core. Go to the Nagios downloads page, and click the Skip to download link below the form. Copy the link address for the latest stable release it to your Nagios server.( so you can download************)

Download the production to the curl command to your home directory:

  • cd ~
  • curl -L -O https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.3.4.tar.gz

Extract the Nagios archive:

Then modification toward directory:( that is extracted************)

Before building Nagios, operate the configure script to specify the consumer and team you need Nagios to utilize. Utilize the nagios individual and nagcmd team you created:

  • ./configure --with-nagios-group=nagios --with-command-group=nagcmd

(by adding --with-mail=/usr/sbin/sendmail to the configure command*********************************)If you want Nagios to send emails using Postfix, you must install Postfix and configure Nagios to use it. We will not protect Postfix inside guide, however, if you determine to utilize Postfix and Nagios later on, you will have to reconfigure and reinstall Nagios to utilize Postfix help.

You'll understand output that is following the configure demand:

Output

*** Configuration summary for nagios 4.3.4 2017-08-24 ***: General Alternatives: ------------------------- Nagios executable: nagios Nagios user/group: nagios,nagios Command user/group: nagios,nagcmd Event Broker: yes Install ${prefix}: /usr/local/nagios Install ${includedir}: /usr/local/nagios/include/nagios Lock file: /run/nagios.lock Check always outcome directory: ${prefix}/var/spool/checkresults Init directory: /etc/init.d Apache conf.d directory: /etc/apache2/sites-available Mail system: /bin/mail Host OS: linux-gnu IOBroker Method: epoll Web Interface Alternatives: ------------------------ HTML Address: http://localhost/nagios/ CGI Address: http://localhost/nagios/cgi-bin/ Traceroute (used by WAP): Review your options above for precision. Should they look fine, kind 'make all' to compile the program that is main CGIs.

Now compile Nagios with this particular demand:

Now run these make commands to put in Nagios, its init scripts, and its particular standard setup files:

  • sudo make install
  • sudo make install-commandmode
  • sudo make install-init
  • sudo make install-config

You'll utilize Apache to provide Nagios' internet program, therefore copy the test Apache setup file toward /etc/apache2/sites-available folder:

  • sudo /usr/bin/install -c -m 644 sample-config/httpd.conf /etc/apache2/sites-available/nagios.conf

In purchase to issue outside commands through the internet program to Nagios, include the net host individual, www-data, toward nagcmd team:

  • sudo usermod nagcmd that is-G**************************)www-data

Nagios is currently set up. Let us install a plugin that'll enable Nagios to gather information from different hosts.

Step 2 — setting up the check_nrpe Plugin

Nagios monitors hosts that are remote the Nagios Remote Plugin Executor, or NRPE. It consist of two pieces:

  • The check_nrpe plugin that will be employed by Nagios host.
  • The NRPE daemon, which operates on the all hosts that are remote delivers information toward Nagios host.

Let's install the check_nrpe plugin on our Nagios host.

Find the down load URL the latest release that is stable of at the Nagios Exchange website.

Download it to your residence directory with curl:

  • cd ~
  • curl -L -O https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-3.2.1/nrpe-3.2.1.tar.gz

Extract the NRPE archive:

Then modification toward directory:( that is extracted************)

Configure the check_nrpe plugin:

Now build and install check_nrpe:

  • make check_nrpe
  • sudo make install-plugin

Let's configure the Nagios host next.

Step 3 — Configuring Nagios

Now let us perform the Nagios that is initial configuration involving modifying some setup files and configuring Apache to provide the Nagios internet program. You merely must perform this part when on your own Nagios host.

Open the Nagios that is main configuration in your text editor:

  • sudo nano /usr/local/nagios/etc/nagios.cfg

Find this line within the file:

/usr/local/nagios/etc/nagios.cfg

...
#cfg_dir=/usr/local/nagios/etc/servers
...

Uncomment this line by deleting the # character through the front side of this line:

/usr/local/nagios/etc/nagios.cfg

cfg_dir=/usr/local/nagios/etc/servers

Save the file and leave the editor.

Now create the directory that'll keep the setup declare each host that you'll monitor:

  • sudo mkdir /usr/local/nagios/etc/servers

Open the Nagios connections setup within text editor:

  • sudo nano /usr/local/nagios/etc/objects/contacts.cfg

Find the email directive and change your own email address:( to its value************)

/usr/local/nagios/etc/objects/contacts.cfg

...
define contact{
        contact_name                    nagiosadmin             ; Quick title of individual
        usage                             generic-contact         ; Inherit standard values from generic-contact template (defined above)
        alias                           Nagios Admin            ; name of individual
        email                           [email protected]_domain.com        ; <<***** CHANGE THIS TOWARDS EMAIL ******
...

Save and exit the editor.

Next, include a command that is new your Nagios setup that allows you to utilize the check_nrpe demand in Nagios solution definitions. Start the file /usr/local/nagios/etc/objects/commands.cfg within editor:

  • sudo nano /usr/local/nagios/etc/objects/commands.cfg

Add these toward end of this file to determine a command that is new check_nrpe:

/usr/local/nagios/etc/objects/commands.cfg

...
define demand{
        command_name check_nrpe
        command_line $/check_nrpe that is USER1 $HOSTADDRESS$ -c $ARG1$
}

This describes the title and specifies the command-line choices to perform the plugin. You are going to utilize this demand in action 5.

Save and exit the editor.

Now configure Apache to provide the Nagios graphical user interface. Enable the Apache rewrite and cgi modules utilizing the a2enmod demand:

  • sudo a2enmod rewrite
  • sudo a2enmod cgi

Use the htpasswd demand generate an admin individual called nagiosadmin that may access the Nagios internet program:

sudo htpasswd/usr/local/nagios/etc/htpasswd that is-c nagiosadmin

Enter a password on prompt. Keep in mind this password, it to access the Nagios web interface.( as you will need************)

Note: you will need to edit /usr/local/nagios/etc/cgi.cfg and change all the nagiosadmin references to the user you created.
( if you create a user with a name other than nagiosadmin,************)

Now create a link that is symbolic nagios.conf to the sites-enabled directory. This enables the Nagios host that is virtual

  • sudo ln -s /etc/apache2/sites-available/nagios.conf /etc/apache2/sites-enabled/

Next, start the Apache setup declare Nagios.

  • sudo nano /etc/apache2/sites-available/nagios.conf

If you have configured Apache to provide pages over HTTPS, find both occurrences with this line:

/etc/apache2/sites-available/nagios.conf

#  SSLRequireSSL

Uncomment both occurrances by detatching the # sign.

If you wish to limit the internet protocol address details that may access the Nagios internet program making sure that just IP that is certain can access the program, get the after two lines:

/etc/apache2/sites-available/nagios.conf

Order allow,deny
Allow from all

Comment them down by including # symbols facing them:

/etc/apache2/sites-available/nagios.conf

# purchase allow,deny
# Allow from all

Then get the lines that are following************)

/etc/apache2/sites-available/nagios.conf

#  purchase deny,allow
#  Deny from all
#  Allow from 127.0.0.1

Uncomment them by deleting the # symbols, and include the internet protocol address details or ranges (area delimited) you want to permit to within the Allow from line:

/etc/apache2/sites-available/nagios.conf

Order deny,allow
Deny from all
Allow from 127.0.0.1 your_ip_address

These lines appear two times within the setup file, therefore make sure you alter both occurrences. Then conserve and leave the editor.

Restart Apache to load the Apache configuration that is new:

  • sudo systemctl restart apache2

With the Apache setup set up, you'll set the service up for Nagios. Nagios does not provide a unit that is systemd to handle the solution, therefore let us produce one. Make the nagios.service file and start it within editor:

  • sudo nano /etc/systemd/system/nagios.service

Enter the definition that is following the file. This definition specifies when Nagios should start and where Systemd can find the Nagios application. Learn more about Systemd unit files in the understanding that is tutorial devices and device data

/etc/systemd/system/nagios.service

[Unit]
Description=Nagios
BindTo=network.target

[Install]
WantedBy=multi-user.target

[Service]
Type=simple
User=nagios
Group=nagios
ExecStart=/usr/local/nagios/bin/nagios /usr/local/nagios/etc/nagios.cfg

Save the file and leave your editor.

Then begin Nagios and allow it to begin if the host shoes:

  • sudo systemctl permit /etc/systemd/system/nagios.service
  • sudo systemctl begin nagios

Nagios is currently operating, therefore let us log on to its internet program.

Step 4 — Accessing the Nagios Web Interface

Open your web that is favorite browser and visit your Nagios host at http://nagios_server_public_ip/nagios.

Enter the login qualifications the internet program within the popup that seems. Utilize nagiosadmin the username, and password you made for that individual.

After authenticating, you will observe the standard Nagios website. Go through the Hosts website link within the left navigation club to see which hosts Nagios is monitoring:

Nagios Hosts Page

(itself.

As you can see, Nagios is monitoring only "localhost", or************)

Let's monitor our other host with Nagios,

Step 5 — Installing NPRE on a Host

Let's add a host that is new Nagios can monitor it. We'll install the Nagios Remote Plugin Executor (NRPE) on the host that is remote install some plugins, then configure the Nagios host observe this host.

Log into the server that is second which we are going to phone the monitored host.

First produce make a "nagios" individual that'll run the NRPE representative.

We'll install NRPE from supply, and that means youwill need the development that is same you installed in the Nagios host in 1. improve your package sources and install the NRPE prerequisites:

  • sudo apt-get revision
  • sudo apt-get install build-essential libgd2-xpm-dev libssl-dev unzip that is openssl

NRPE calls for that Nagios plugins is set up in the host that is remote. Let us install this package from supply.

Find the most recent launch of Nagios Plugins through the Nagios Plugins install web page. Copy the hyperlink target the latest variation, and copy the hyperlink target it to your Nagios server.( so you can download************)

Download Nagios Plugins to your residence directory with curl:

  • cd ~
  • curl -L -O http://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz

Extract the Nagios Plugins archive:

  • tar zxf nagios-plugins-*.tar.gz

Change toward directory:( that is extracted************)

Before building Nagios Plugins, configure it to utilize the nagios individual and team, and configure OpenSSL help:

  • ./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl

Now compile the plugins:

Then install them:

Next, install NRPE. Get the down load URL the latest release that is stable of at the Nagios Exchange website like everyone else did in 1. install the most recent stable launch of NRPE towards checked host's house directory with curl:

  • cd ~
  • curl -L -O https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-3.2.1/nrpe-3.2.1.tar.gz

Extract the NRPE archive with this particular demand:

Then modification toward directory:( that is extracted************)

Configure NRPE by indicating the Nagios individual and team, and inform it you need SSL help:

  • ./configure --enable-command-args --with-nagios-user=nagios --with-nagios-group=nagios --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu

Now build and install NRPE and its particular script that is startup with commands:

  • make all
  • sudo make install
  • sudo make install-config
  • sudo make install-init

Next, let us upgrade the NRPE setup file:

  • sudo nano /usr/local/nagios/etc/nrpe.cfg

Find the allowed_hosts directive, and include the personal ip of the Nagios host toward list:( that is comma-delimited************)

/usr/local/nagios/etc/nrpe.cfg

  • allowed_hosts=127.0.0.1,::1,your_nagios_server_private_ip

This configures NRPE to just accept needs from your own Nagios host via its personal ip.

Save and leave your editor. You can now begin NRPE:

  • sudo systemctl begin nrpe.service

Ensure your solution is operating by checking its status:

  • sudo systemctl status nrpe.service

You'll understand output that is following************)

Output

... Oct 16 07:10:00 nagios systemd[1]: Started Nagios Remote Plugin Executor. Oct 16 07:10:00 nagios*****) that is nrpe( establishing daemon Oct 16 07:10:00 nagios*****) that is nrpe( Server paying attention on 0.0.0.0 slot 5666. Oct 16 07:10:00 nagios*****) that is nrpe( Server paying attention on :: slot 5666. Oct 16 07:10:00 nagios*****) that is nrpe( paying attention for connections on slot 5666 Oct 16 07:10:00 nagios*****) that is nrpe( enabling connections from: 127.0.0.1,::1,207.154.249.232

Next, enable use of slot 5666 through firewall. It to allow TCP connections to port 5666🙁 if you are using UFW, configure************)

You can find out more about UFW in just how to set a firewall up with UFW on Ubuntu 16.04.

Now you can examine the interaction utilizing the NRPE that is remote server. Run the command that is following the Nagios host:

  • /usr/local/nagios/libexec/check_nrpe -H remote_host_ip

You'll understand output that is following************)

Output

NRPE v3.2.1

Now let us configure some checks that are basic Nagios can monitor.

First, let us monitor the disk use of this host. Utilize the df -h demand to consider the main filesystem. You are going to utilize this filesystem title within the NRPE setup:

You'll see production such as this:

Output

Filesystem Size Applied Avail Utilizeper cent Installed On udev 490M 0 490M 0per cent /dev tmpfs 100M 3.1M 97M 4per cent /run /dev/vda1 29G 1.4G 28G 5per cent / tmpfs 497M 0 497M 0per cent /dev/shm tmpfs 5.0M 0 5.0M 0per cent /run/lock tmpfs 497M 0 497M 0per cent /sys/fs/cgroup /dev/vda15 105M 3.4M 102M 4per cent /boot/efi tmpfs 100M 0 100M 0per cent /run/user/0

Locate the filesystem related to /. The filesystem you want is probably /dev/vda1.( on a Droplet************)

Now available /usr/local/nagios/etc/nrpe.cfg file within editor:

  • sudo nano /usr/local/nagios/etc/nrpe.cfg

The NRPE setup file is extremely long and filled with responses. You can find a lines that are few you will have to find and alter:

  • server_address: Set toward personal ip of this monitored host
  • command[check_hda1]: Change /dev/hda1 to whatever your root filesystem is named

Locate these settings and change them properly:

/usr/local/nagios/etc/nrpe.cfg

...
server_address=monitored_server_private_ip
...
demand[check_vda1]=/usr/lib/nagios/plugins/check_disk -w 20per cent -c 10per cent -p /dev/vda1
...

Save and exit the editor.

Restart the NRPE solution to place the alteration into impact:

  • sudo systemctl restart nrpe.service

Repeat the actions inside part for every server that is additional desire to monitor.

Once you might be done putting in and configuring NRPE in the hosts before it will start monitoring them that you want to monitor, you will have to add these hosts to your Nagios server configuration. Let us do this next.

Step 6 – Monitoring Hosts with Nagios

To monitor your hosts with Nagios, you will include setup files for every host indicating what you need observe. After that you can see those hosts within the Nagios internet program.

On your Nagios host, create a configuration that is new for each of the remote hosts that you want to monitor in /usr/local/nagios/etc/servers/. Replace the word that is highlighted monitored_server_host_name utilizing the title of the host:

  • sudo nano /usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg

Add these host meaning, changing the host_name value along with your remote hostname, the alias value with a description of this host, and address value utilizing the personal ip of this host:( that is remote************)

/usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg

define host {
        usage                             linux-server
        host_name                       your_monitored_server_host_name
        alias                           My customer host
        target                         your_monitored_server_private_ip
        max_check_attempts              5
        check_period                    24x7
        notification_interval           30
        notification_period             24x7
}

With this setup, Nagios is only going to let you know in the event that host is up or down. Let us atart exercising . ongoing solutions observe.

First, include this block observe Central Processing Unit use:

/usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg

define solution {
        usage                             generic-service
        host_name                       your_monitored_server_host_name
        service_description             Central Processing Unit load
        check_command                   check_nrpe!check_load
}

The use generic-service directive informs Nagios to inherit the values of a site template called generic-service that will be predefined by Nagios.

Next, include this block observe disk use:

/usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg

define solution {
        usage                             generic-service
        host_name                       your_monitored_server_host_name
        service_description             /dev/vda1 free area
        check_command                   check_nrpe!check_vda1
}

Now conserve and stop. Restart the Nagios solution to place any noticeable modifications into impact:

  • sudo systemctl restart nagios

After a few moments, Nagios will check out the hosts that are new you'll see them in the Nagios web interface. Click on the Services link in the left navigation bar to see all of your hosts that are monitored solutions.

Nagios Services Page

Conclusion

You've set up Nagios on a host and configured it observe Central Processing Unit and disk use of one or more machine that is remote.

Now that you are monitoring a number plus some of its solutions, you can begin Nagios that is using to your mission-critical services. You can use Nagios to set up notifications for critical events. For example, you can receive an email when your disk utilization reaches a warning or threshold that is critical or a notification if your primary site is down. Because of this you'll promptly resolve the situation, or before a challenge also does occur.

Linux lshw Command Tutorial for newbies (6 Examples)

Previous article

The essential difference between complimentary and Open-Source computer software

Next article

You may also like

Comments

Leave a reply

Your email address will not be published. Required fields are marked *

More in Apache