configuring centos and installing and configuring cacti monitoring system

7/22/2019 configuring centos and installing and configuring cacti monitoring system

1/28

With a MINIMAL INSTALATION of CentOS we now perform the basic configuration.

Lets start now :D

First to all we need to configure the TCP/IP stack for the interface eth1with a static IP address, for do

this edit the file name ifcfg-eth1 locate on: /etc/sysconfig/network-scripts/ and add the following lines.

ONBOOT=yesNM_CONTROLLED=noBOOTPROTO=noneIPADDR=192.168.180.3PREFIX=24PEERDNS=yesDEFROUTE=yesDNS1=8.8.8.8DNS2=8.8.4.4DOMAIN=lab.local

Then edit the file name network locate on /etc/sysconfig/ with the following lines:

NETWORKING=yesHOSTNAME=host nameGATEWAY=192.168.180.2

Issue the command service network restartto load the new configuration for the interface eth1

Issue the command ifconfig eth1to check that the change has been in place.


2/28

Updating the installation and enhancing the minimal install with additional

administration and development tools

Issue the next commands from the TERMINAL to update the system that is, kernel and new security

features to name but a few

yum -y updatereboot

After reboot issue the next commands from the TERMINAL to install useful features that can use in the

future.

yum -y groupinstall "Base" "Development Libraries" "Development Tools"reboot

Adding the GNOME desktop environment, changing the runlevel, and installing

additional software

Issue the following commands to install the GNOME desktop environment

yum groupinstall "Desktop" "X Window System" "Fonts" "Desktop Platform"

To specify at what level run the GNOME desktop you must edit the file inittab locate on /etc/ A runlevel

is a preset operating state that determines which programs are executed at system startup.

id:3:initdefault: # To specify that is not run when the system boot, ifyou select this configuration you need issue the command startX from theTerminal to initiate the desktop environmentid:5:initdefault: # To specify that the Desktop Environment start when thesystem startup (graphic mode)

Here an example:

Issue the following commands in order to install additional packages that help to enjoy the Desktop

environment experience


3/28

yum groupinstall "General Purpose Desktop" "Graphical AdministrationToolsreboot

Creating an administrative user and becoming root with the switch user

command

In this session we will to create the administrative user to do the daily tasks and to permit to this user to

use the su command also called switch user command in order to perform certain tasks that require

privilege level such as install a packet.

useradd [USERNAME]passwd [USERNAME] [PASSWORD]

The next task is to modify the user's attributes and to add them to the wheel group like so:

usermod -a -G wheel [YOUR NEW USERNAME]

We need ensure that wheel module is activated in PAM that provides us a global method of

authentication users across the system as a whole without any individual program being required to

know which authentication system will be used.

In order to permit that our user can use the sucommand we need to uncomment a line in the file su

locate at /etc/pam.d/

# uncomment to permit the su command to the userauth required pam_wheel.so use_uid

Note:sudothat enables a user to execute a single command as root, suis a very powerful commandthat will enable the user to become any other user (including root).

The sudo command represents a flexible way of providing administrative powers without making a

specific user or user group an administrator. Of course, we know that sudowill allow you to disseminate

elevated privileges without revealing any details regarding the rootuser and a sudocommand-based

user can do most things, but not everything. They can assume some administrative powers, but they are

not an administrator in the fullest sense of the word.

To switch to the user root type su -and if you want to become to other user different to the root you

can use su - [USERNAME]

To know what user you are using issue the command whoami


4/28

It is important to remember that sudoes not keep a record of what actions are completed when an

administrative user has become root. For these reasons you should reference your enquiries to

/var/log/messages.

Now we can launch our Desktop Environment with the command startX from the terminal as user

admin

A useful command is tzselectwe can use it to specify the time zone for a specific user.

yum install tzdatatzselect

In order to configure the time zone for a specific user you need to add the line generated from

tzselectoutput command into the file .bash_profile locate at /home/[USERNAME]/

Here an example:

TZ='America/Bogota'; export TZ

In order to check the changes you need logout the session and after the log in success issue the

following command from the Terminal

date


5/28

To check the time and date you can do the following:

To change the date by typing:

date --set="YYYYMMDD"

You can change the time by typing:

date +%T -s "HH:MM:SS"

Now, we can synchronize the system with your hardware clock by typing:

Hwclock --systohc

Now, we can confirm the status of your hardware clock with the followingcommand:

Hwclock --show

The same, we can view the current operating system date and time by typingthe following command:

date

Is often a good idea to ensure if the correct time zone information is linked to your server's local time

settings

rm /etc/localtime

ln -sf /usr/share/zoneinfo/XXX /etc/localtimereboot

Here an example:


6/28

Synchronizing the system clock with NTP

Issue the commands:

yum y install ntp

In order to personalize the ntpservice edit the file ntp.conf locate at /etc/ and add and confirm a

network range in order that we can determine who can and who cannot receive time service-based

requests.

server 192.168.1.1 iburstlogfile /var/log/ntpd.log

The iburst option, this feature is designed to tell the NTP service to issue a burst of eight packets to the

remote server instead of one in order to offer an improved approach to the time synchronization

process.

If your network does not have Internet connection or the Internet connection is intermittent, then afallback solution is often required. In such cases you can implement a process known as reflective

synchronization. Uncomment the following lines.

server 127.127.1.0 # local clock

fudge 127.127.1.0 stratum 10


7/28

chkconfig ntpd onservice ntpd restart

reboot

ntpq p # to check ntp association


8/28

How to change the hostname of the server, please do the following.

Edit the file network locate at /etc/sysconfig/ and add the following line

HOSTNAME=CENTOS-SERVER

Edit the file hosts locate at /etc/ and add the following line

192.168.180.3 CACTI-SERVER.lab.local CACTI-SERVER

To check issue the following commands from Terminal

hostname

hostname -f

hostname --fqdn


9/28

How to configure SSH

First to all we need to back up the configuration file of SSH

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bakvi /etc/ssh/sshd_config

After execute viadd and/or modify the following lines:

Port 2202# Authentication:AllowUsers adminLoginGraceTime 60PermitRootLogin noX11Forwarding no#X11Forwarding yesPrintMotd yes

PrintLastLog yesClientAliveInterval 60ClientAliveCountMax 5TCPKeepAlive yes

Save the file and edit the file motd locate at /etc/ in order to configure the banner Message Of The Day

(MOTD)

vi /etc/motd

Edit the IPTABLES rule in order to permit the new port assigned to SSH (2202) to do this edit the file

iptables locate at /etc/sysconfig/

Here an example

Service iptables restart


10/28

Using logrotate to manage logfiles

The logrotate utility is designed to simplify the administration of log files on a system which generates a

lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files.

Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size.

In order to configure logrotatewe need to edit the file logrotate.conf located at /etc/ and add/modify

the following lines:

vi /etc/logrotate.conf

monthlyrotate 7compresssize 500M

logrotate -vfd /etc/logrotate.conf

vi /etc/logrotate.d/ntp

/var/log/ntpd.log {missingoknotifemptysize 50Mrotate 5weeklycreate 0600 root rootpostrotate/sbin/service ntpd restartendscript

}

logrotate -vfd /etc/logrotate.conf

# This option specifies if there is no log file do not issue an error orwarningmissingok# This option specifies not to rotate an empty log.notifempty# This option rotates the logs over 50M.size50M# This option specifies the need to keep 5 log files at a time.rotate 5

# This option rotates the logs weekly.weekly# This option sets the permissions for the newly created log files.create 0600 root root# This option specifies the need to restart the NTP service.# You have two options prerotate or postrotate.postrotate

/sbin/service ntpd restartEndscript


11/28

Note

By using the previous command to test our settings we have implied the use of several flags:

v: Logrotate reports on what is happening and when it happens

f: Logrotate is asked to process the request regardless of the current cron status

d: Logrotate is asked to process the request without actually rotating them

Evaluating current memory usage with the free and top commands and clearing

the memory cache

In order to check the status of the server regarding MEMORY you can issues the utilities free and top

Here an example

free -m


12/28

top

In order to release the cache of the memory you can issue the following commands form the terminal

syncecho 3 > /proc/sys/vm/drop_caches

Managing Packages with Yum

yum check-updateyum -y updatereboot

yum provides your_filename_here

These files are very useful, but over time they will accumulate in size to such an extent that you may find

that Yum is acting erratically or not as intended. The frequency of this happening can vary from system

to system but it generally implies that the Yum cache system requires your immediate attention.

In order to clean yum please issue the following commands.

yum clean packagesyum clean metadatayum clean dbcacheyum clean allyum makecache


13/28

Removing packages with YUM

You can use the following command

yum remove package_name

yum search keyword

yum info package_name

yum deplist package_name

yum list all

yum list all | less

yum list installed | less

Installing Yum Priorities to support additional repositories

In order to use other repositories issues the following commands and edit the proper files

yum install yum-plugin-priorities

Make sure that priorities is enable, we can do this check the file priorities.conf locate at

/etc/yum/pluginconf.d/

vi /etc/yum/pluginconf.d/priorities.conf

Then, add the directive priority=1to the [base], [updates], [extras]

vi/etc/yum.repos.d/CentOS-Base.repo

[base]priority=1

[updates]priority=1

[extras]priority=1

yum update

In order to add additional repositories we need to have the files that permit us install the repo (EPEL and

REMI)

yum install wget


14/28

wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpmwget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm

Edit the following files and change as see below

vi /etc/yum.repos.d/remi.repoenable=1priority=10

vi /etc/yum.repos.d/epel.repoenable=1priority=10

yum update

Protecting SSH with fail2ban

Fail2ban is designed to monitor users who repeatedly fail to log in correctly on your server and its main

purpose is to mitigate attacks designed to crack passwords and steal user credentials. It works by

continuously reading logfiles, and if a logfile contains a pattern indicating a number of failed attempts,

then it will proceed to act against the offending IP address.

Install fail2ban from terminal

yum install fail2ban

To do this add/modify the following lines in the file fail2ban locate at /etc/fail2ban/

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

ignoreip = 192.168.180.1/24

bantime = 3600

findtime = 900

maxretry = 5

logtarget = /var/log/fail2ban.log

chkconfig fail2ban on

service fail2ban start


15/28

bantimevalue, represents the total number of seconds a host will be blocked from accessing the server

if they are found to be in violation of the rules.

findtime means that if the user fails to log in within the maximum number of attempts during the

designated period, then they are banned

Running antivirus scans with ClamAV

Fast, free, and efficient, ClamAV is an open source antivirus engine that can be employed by CentOS to

detect trojans, viruses, and other malicious software, malware, or threats.

yum install clamdchkconfig clamd onservice clamd startfreshclamclamscanclamscan --infected --remove --recursive /DIRECTORYNAME

/var/log/clamav/clamd.log

SELinux

Security-Enhanced Linuxis a very robust security mechanism that is enabled by default. It is designed to

improve the security of your server but on occasion it has been the case that you have been required to

disable it in order to install a new package or to speed up the process of server management.

SELinux has three possible states:

enforcing: Choose this value to determine that SELinux security policy is enforced. To set thiscondition, type SELINUX=enforcing. This level enforces security and access policies around both

files and processes.

permissive: Choose this value to determine that SELinux prints warnings instead of enforcing. Toset this condition, type SELINUX=permissive. This level allows operations that would otherwise

be blocked by SELinux security policies. In this state SELinux will report messages to

/var/log/audit/audit.log indicating which operations would have been blocked. You should also

be aware that in this state the mechanism that labels files and processes according to SELinux

policies is still active in this enforcement mode.

disabled: Choose this value to determine that no SELinux policy is loaded. To set this condition,type SELINUX=disabled. This level completely disables SELinux, thereby permitting all operationsand disabling logging and file/process labeling.

In order to disable SELinux edit the file selinux locate at /etc/sysconfig/ and add/modify the following

lines

SELINUX=disabled


16/28

reboot

To determine the current state of SELinux, we can issue the command:

getenforce

Note:

When SELinux is running, you can use the setenforce command. However, this will only affect the server

if you are switching between enforcing or permissive mode.

Here an example:

FTP with VSFTPD

In order to install FTP issue the command from the terminal.

yum install vsftpd

Edit the file vsftpd.conf locate at /etc/vsftpd/ and add/modify the following lines:

vi /etc/vsftpd/vsftpd.conf

anonymous_enable=NOxferlog_std_format=NOascii_upload_enable=YES

ascii_download_enable=YESchroot_local_user=YESchroot_list_enable=YES# (default follows)chroot_list_file=/etc/vsftpd/chroot_listidle_session_timeout=600data_connection_timeout=120

# to the bottom of the file and add the following lines


17/28

use_localtime=YESlocal_root=/home/admin/public_ftp # makes sure that this folder exist

Next, add the users that will have part of chrootprocess creating the chroot_list file and locate it at

/etc/vsftpd/

vi /etc/vsftpd/chroot_listadmin

chkconfig vsftpd on

service vsftpd start

The chrootjail represents an essential security feature, and having done this, all users will be restricted

to access the files in their own home directory only.

yum install ncftp

ncftp -u admin localhost # in order to test the ftp server

Here an example:


18/28

Secure connection to VSFTP with SSL/TLS using OpenSSL encryption

We need to create the key pair or digital certificate and configure the VSFTPD to use TLS and to force

the users to login secure to the FTP service

cd /etc/vsftpd/

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout/etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

chmod 600 vsftpd.pem

vi /etc/vsftpd/vsftpd.conf

# add this line at the bottom to the file

ssl_enable=YES

force_local_data_ssl=YESforce_local_logins_ssl=YESssl_tlsv1=YESssl_sslv2=NOssl_sslv3=NOrsa_cert_file=/etc/vsftpd/vsftpd.pem

service vsftpd restart

Now with this done, we can test the connection with a client that support the ftp service secure such as

WINSCP.

Here an example:


19/28

Make sure that the port specified in the Port number: boxis the same used for the process SSH (2202)


20/28

Now we can see that the connection is secured


21/28

Cacti

Cacti (cacti.net) is a network monitoring tool that graphs system and network information over time

(time-series data) and provides a comprehensive Web interface for browsing and examining the ongoing

performance of the devices on a network.

We can configure Cacti to monitor the network traffic passing through the network ports on local

servers and the switch and router ports on the local network. Cacti graphs provide information on traffic

levels on the various parts of the network. When the network is slow, for example, we can refer to the

historical graphs and see if anything out of the ordinary has occurred. In addition to network traffic

levels, Cacti can collect data on CPU utilization, disk space usage, page views on a Web server, and

almost any other data points available on the local network.

Prerequisites

Install the following packages:

cacti (Fedora only; download cacti for RHEL from fedoraproject.org/wiki/EPEL) mysql (page 635) mysql-server (page 635) php (installed with cacti) httpd (Apache; page 917; installed with cacti) rrdtool (installed with cacti) net-snmp (optional; needed only to monitor the local system) net-snmp-utils (optional)

Cacti Configuration

Data retrieval

Cacti retrieves data through poller. It's an application executed at a constant time interval as a schedule

service under different operating systems. It is set in the operating system scheduler. In Unix, it is set

under crontab.

Cacti uses cmp.phpby default. But if a faster poller is required due to a large infrastructure, then youcan use spine, formally known as cactid, a very fast poller written in C that makes use of POSIX threads

and links directly to Net-SNMP library for minimal SNMP polling overhead.

Presently, network infrastructure contains lot of different devices such as routers, switches, servers,

UPS, and different computer and network appliances. To retrieve data from these remote devices, Cacti


22/28

use SNMP (Simple Network Management Protocol). Devices that are capable of using SNMP can be

monitored by Cacti.

Data storage

There are lot of options to do this task, such as SQL database and flat file database. Cacti uses RRDToolto store data. RRD is a system to store and show time series data collected from different SNMP-capable

devices. It consolidates historical data based on consolidation functions such as AVERAGE, MINIMUM,

MAXIMUM, and so on to keep the storage size minimum. That's why it's fast and easy to create graphs

and reports from RRD files.

Data presentation

The most important feature of the RRDTool is a built-in graphing function. Cacti uses this built-in

graphing function to deploy customized graphing reports based on time series data collected from

different SNMP-capable devices. This built-in graphing function supports auto-scaling and logarithmic y-axis. It is possible to graph one or many items in one graph, also adding different legends denoting

characteristics such as maximum, average, minimum, etc.

Net-SNMP is a suite of software for using and deploying SNMP protocol (version v1, v2c, and v3) and

AgentX subagent protocol. It supports IPv4, Ipv6, IPX, AAL5, UNIX domain sockets and others. The suite

includes:

Command line applications A generic client library A graphical MIB browser using Perl/TK A daemon application for receiving SNMP notifications (snmptrapd) An extensible SNMP agent to respond to management queries (snmpd) Perl, C, and Python modules and sets of APIs to build external applications

RRDToolis developed by Tobi Oeticker, also known for his famous creation MRTG. RRDTool is written

in C language and stores its data in .rddfiles. The number of records in a single .rrdfile never increases,

meaning that old records are frequently removed, and it presents useful graphs by processing the data

to enforce a certain data density. RRDTool offers several command line switches to access and

manipulate .rddfiles:

create update updatev graph dump restore fetch


23/28

tune last info rrdresize xport rrdcgi

How does the RRDTool work?

RRDTool follows a logical design to acquire and process data collected from data sources (DS). The

following is a brief discussion of the different steps in the logical process:

Data acquisition:When monitoring a device or system, it is necessary to receive data on a constant

time interval. Manually, it is not possible to maintain such activity as a system administrator. In such

situations, the RRDTool comes in handy. It stores the data in a round-robin database, which is received

on a constant time interval set by the system administrator, using the poller application set as schedulerin the operating system.

Data consolidation:The system administrator may log the data in a five-minute interval, but he/she

might be interested in knowing the accumulated update over the last month. In this case, simply storing

the data in a five-minute interval for the whole month will solve the problem. But this will require huge

disk space and a considerable amount of time to analyse the data, as in a network environment,

administrators are not monitoring only a single device. RRDTool solves this problem with the data

consolidation feature. When creating a round-robin database, the administrator can define at which

interval data consolidation should occur using consolidation functions (CF) such as MAXIMIUM,

AVERAGE, MINIMUM, and others.

Round Robin Archives of consolidated data:Data values of consolidation setup are stored in Round

Robin Archives (RRA). In this way, the RRDTool stores data in the most efficient way for a certain time

period defined by the system administrator. This process keeps the database file at a constant size for

faster processing and analyzing.

Unknown data:RRDTool stores data at a constant interval in a round-robin database. Sometimes, this

data might not be available to store in RRD due to device failure or other causes. In this case, the

RRDTool stores the RRD file with *UNKNOWN* data value. This *UNKNOWN* value is supported by all

RRDTool functions.

Graphing:RRDtool allows system administrator to generate reports in graphical and numerical forms

based on data stored in the round-robin database (RDD) by using its built-in graph processing functions.

Customization of these graphics is possible based on color, size, and contents


24/28

Lets start installing CACTI

yum install httpd # To install APACHE WEB SERVER

chkconfig --list httpdchkconfig httpd onservice httpd start

vi /etc/sysconfig/iptables # permit http request to the server-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

service iptables restartnetstat -taniptables -nL

vi /etc/httpd/conf.d/welcome.conf # Comment all lines within this filevi /etc/httpd/conf/httpd.conf

Options -Indexes FollowSymLinksAllow from 192.168.180.0/255.255.255.0# Modify the word Indexes for Indexes in order to disable the listingdirectory

yum install php

service httpd restart
# WITH THIS CODE WE CAN CREATE A PAGE TO THE PHP AND THE MODULESTHAT HAS BEEN LOADED TO PHP


25/28

http://192.168.180.3/phpinfo.php # output to check if Apache has loadedthe php module

yum install mysql-serveryum instal php-mysqlservice httpd restart

# test phpinfo.php output to check if php has loaded the mysql module

yum install net-snmp net-snmp-utils php-snmpservice httpd restart

# test phpinfo.php output to check if php has loaded the snmp module

yum install rrdtool

# enable the services mysql and snmp to start when the system startup

chkconfig snmpd on

chkconfig mysqld on

service snmpd startservice mysqld startmysqladmin -u root password 'PASSWORD' # Change the root password

# Now let's download and install cacti

# First download the source file to manually install cacti and copy thefile to the server through SFTP


26/28

tar -xzvf /home/admin/Desktop/cacti-0.8.8b.tar.gz

mysql u root p # in order to access to MYSQL ENGINE

CREATE DATABASE cacti;GRANT ALL ON cacti.* \TO cactiuser@localhost \IDENTIFIED BY '[SPECIFYCACTIPASS]';flush privileges;exit


27/28

mysql -u root -p cacti < /home/admin/Desktop/cacti-0.8.8b/cacti.sql

mv /home/admin/Desktop/cacti-0.8.8b /var/www/html/cacti

cd /var/www/html/cacti

vi include/config.php$database_password = "cactiuser";

vi /etc/cron.d/cacti

*/5 * * * * admin /usr/bin/php /var/www/html/cacti/poller.php > /dev/null2>&1

# We have to change the ownership of rra and log folder to admin user andadmin group

chown -R admin:admin /var/www/html/cacti/log

chown -R admin:admin /var/www/html/cacti/rrachmod 775 /var/www/html/cacti/rrachmod 775 /var/www/html/cacti/log

vi /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT-A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT-A INPUT -p udp -m state --state NEW -m udp --dport 162 -j ACCEPT

Ok, now only we need to access from a web browser like Internet Explorer, you must change the default

Username : adminPassword : admin


28/28

Documents

configuring centos and installing and configuring cacti monitoring system