Monitoring Linux Systems and Services using Monit

Monit is a opensource process tool for Linux operating system which helps you to monitor system process using web browser and also when ever requires it automatically do the maintenance or repair of particular process in such a way that it can be brought back online. It can also used for managing and monitoring of programs, files, directories, and devices for timestamps changes, checksum changes, or size changes; not limited to perform various TCP/IP network checks, protocol checks, and can utilize SSL for such checks.

onfigure EPEL repo to download the latest Monit package.

[root@server ~]# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Install the Monit.

[root@server ~]# yum -y install monit

Start monit by using the following command.

[root@server ~]# monit

Check the monit status.

[root@server ~]# monit status
The Monit daemon 5.6 uptime: 0m
 
System 'server.itzgeek.com'
  status                            Running
  monitoring status                 Monitored
  load average                      [0.14] [0.55] [0.49]
  cpu                               0.0%us 0.0%sy 0.0%wa
  memory usage                      390704 kB [20.8%]
  swap usage                        0 kB [0.0%]
  data collected                    Wed, 23 Jul 2014 16:06:28

Configure Monit:

Monit config file is /etc/monit.conf, by default monit is set to check the services at interval of 1 min, this setting can be altered by changing.

[root@server ~]# vi /etc/monitrc
set daemon  60

Alert cans be configured by.

set mailserver

Alert templates can be found in the configuration file itself.
Logs setting can be changed by using the following file.

[root@server ~]# vi /etc/monit.d/logging
 
set logfile

Web Interface:

Monit also provides a web interface to monitor and manage the configured services, by default monit listens on 2812 port but it needs to be setup. Open monit configuration file /etc/monit.conf.

[root@server ~]# vi /etc/monit.conf

Look for httpd port 2812, modify the following entries

FROM

set httpd port 2812 and
use address localhost  # only accept connection from localhost
allow localhost        # allow localhost to connect to the server and
allow admin:monit      # require user 'admin' with password 'monit'
allow @monit           # allow users of group 'monit' to connect (rw)
allow @users readonly  # allow users of group 'users' to connect readonly

TO

set httpd port 2812
allow 0.0.0.0/0.0.0.0
allow admin:monit

From the above settings, monit will listen on 2812; admin user will able to access the web interface from any network.

Reload monit.

[root@server ~]# systemctl restart  monit.service

Auto start Monit on start-up.

[root@server ~]# systemctl enable  monit.service
Access the web interface by using http://your-ip-address:2812, use the username and password mentioned in the previous step. Monit home page will look like this.
CentOS 7 – Monit 5.6 DashBoard

Configuring services for monitoring:

Once the web interface is up, we can start to setup other services that you want to monitor; you can place the configuration files under /etc/monit.d/ directory.

Configure for sshd

[root@server ~]# vi /etc/monit.d/sshdmonitor
 
check process sshd with pidfile /var/run/sshd.pid
start program  "/usr/bin/systemctl start sshd.service"
stop program  "/usr/bin/systemctl stop sshd.service"
if failed port 22 protocol ssh then restart

Configure for syslog

[root@server ~]# vi /etc/monit.d/syslogmonitor
 
check process syslogd with pidfile /var/run/syslogd.pid
start program = "/usr/bin/systemctl start rsyslog.service"
stop program = "/usr/bin/systemctl stop rsyslog.service"

Once configured, test the monit syntax

[root@server ~]# monit -t
 
Control file syntax OK

Reload it, to take effect of changes

[root@server ~]# monit reload
Access the web interface, you would find the new services that we configured earlier.

Test the Monitoring:

Now stop the syslog daemon

[root@server ~]# /etc/init.d/rsyslog stop

Wait for 30 second, monit will start the syslog automatically. You can find it in monit log.

[root@server ~]# cat /var/log/monit
[EDT Jul 23 16:28:04] error    : 'syslogd' process is not running
[EDT Jul 23 16:28:04] info     : 'syslogd' trying to restart
[EDT Jul 23 16:28:04] info     : 'syslogd' start: /usr/bin/systemctl
[EDT Jul 23 16:29:04] info     : 'syslogd' process is running with pid 40440

That’s All, We have successfully configured Monit on CentOS

Have fun!

How To Install Nagios 4 ! Monitor Your Servers on CentOS 7

Install Nagios 4

This section will cover how to install Nagios 4 on your monitoring server. You only need to complete this section once.

Install Build Dependencies

Because we are building Nagios Core from source, we must install a few development libraries that will allow us to complete the build.

First, install the required packages:

sudo yum install gcc glibc glibc-common gd gd-devel make net-snmp openssl-devel xinetd unzip

Create Nagios User and Group

We must create a user and group that will run the Nagios process. Create a “nagios” user and “nagcmd” group, then add the user to the group with these commands:

sudo useradd nagios
sudo groupadd nagcmd
sudo usermod -a -G nagcmd nagios

Let’s install Nagios now.

Install Nagios Core

Download the source code for the latest stable release of Nagios Core. Go to the Nagios downloads page, and click the Skip to download link below the form. Copy the link address for the latest stable release so you can download it to your Nagios server.

At the time of this writing, the latest stable release is Nagios 4.1.1. Download it to your home directory with curl:

cd ~
curl -L -O https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.1.1.tar.gz

Extract the Nagios archive with this command:

tar xvf nagios-*.tar.gz

Then change to the extracted directory:

cd nagios-*

Before building Nagios, we must configure it with this command:

./configure --with-command-group=nagcmd 

Now compile Nagios with this command:

make all

Now we can run these make commands to install Nagios, init scripts, and sample configuration files:

sudo make install
sudo make install-commandmode
sudo make install-init
sudo make install-config
sudo make install-webconf

In order to issue external commands via the web interface to Nagios, we must add the web server user, apache, to the nagcmd group:

sudo usermod -G nagcmd apach

Install Nagios Plugins

Find the latest release of Nagios Plugins here: Nagios Plugins Download. Copy the link address for the latest version, and copy the link address so you can download it to your Nagios server.

At the time of this writing, the latest version is Nagios Plugins 2.1.1. Download it to your home directory with curl:

cd ~
curl -L -O http://nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz

Extract Nagios Plugins archive with this command:

tar xvf nagios-plugins-*.tar.gz

Then change to the extracted directory:

cd nagios-plugins-*

Before building Nagios Plugins, we must configure it. Use this command:

./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl

Now compile Nagios Plugins with this command:

make

Then install it with this command:

sudo make install

Install NRPE

Find the source code for the latest stable release of NRPE at the NRPE downloads page. Download the latest version to your Nagios server.

At the time of this writing, the latest release is 2.15. Download it to your home directory with curl:

  • cd ~
  • curl -L -O http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz

Extract the NRPE archive with this command:

  • tar xvf nrpe-*.tar.gz

Then change to the extracted directory:

  • cd nrpe-*

Configure NRPE with these commands:

  • ./configure –enable-command-args –with-nagios-user=nagios –with-nagios-group=nagios –with-ssl=/usr/bin/openssl –with-ssl-lib=/usr/lib/x86_64-linux-gnu

Now build and install NRPE and its xinetd startup script with these commands:

  • make all
  • sudo make install
  • sudo make install-xinetd
  • sudo make install-daemon-config

Open the xinetd startup script in an editor:

  • sudo vi /etc/xinetd.d/nrpe

Modify the only_from line by adding the private IP address of the your Nagios server to the end (substitute in the actual IP address of your server):

only_from = 127.0.0.1 10.132.224.168

Save and exit. Only the Nagios server will be allowed to communicate with NRPE.

Restart the xinetd service to start NRPE:

  • sudo service xinetd restart

Now that Nagios 4 is installed, we need to configure it.

Configure Nagios

Now let’s perform the initial Nagios configuration. You only need to perform this section once, on your Nagios server.

Organize Nagios Configuration

Open the main Nagios configuration file in your favorite text editor. We’ll use vi to edit the file:

sudo vi /usr/local/nagios/etc/nagios.cfg

Now find an uncomment this line by deleting the #:

#cfg_dir=/usr/local/nagios/etc/servers

Save and exit.

Now create the directory that will store the configuration file for each server that you will monitor:

sudo mkdir /usr/local/nagios/etc/servers

Configure Nagios Contacts

Open the Nagios contacts configuration in your favorite text editor. We’ll use vi to edit the file:

sudo vi /usr/local/nagios/etc/objects/contacts.cfg

Find the email directive, and replace its value (the highlighted part) with your own email address:

email                           nagios@localhost        ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******

Save and exit.

Configure check_nrpe Command

Let’s add a new command to our Nagios configuration:

  • sudo vi /usr/local/nagios/etc/objects/commands.cfg

Add the following to the end of the file:

define command{
        command_name check_nrpe
        command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

Save and exit. This allows you to use the check_nrpe command in your Nagios service definitions.

Configure Apache

Use htpasswd to create an admin user, called “nagiosadmin”, that can access the Nagios web interface:

sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Enter a password at the prompt. Remember this login, as you will need it to access the Nagios web interface.

Note: If you create a user that is not named “nagiosadmin”, you will need to edit /usr/local/nagios/etc/cgi.cfg and change all the “nagiosadmin” references to the user you created.

Nagios is ready to be started. Let’s do that, and restart Apache:

sudo systemctl start nagios.service
sudo systemctl restart httpd.service

To enable Nagios to start on server boot, run this command:

sudo chkconfig nagios on

Optional: Restrict Access by IP Address

If you want to restrict the IP addresses that can access the Nagios web interface, you will want to edit the Apache configuration file:

sudo vi /etc/httpd/conf.d/nagios.conf

Find and comment the following two lines by adding # symbols in front of them:

Order allow,deny
Allow from all

Then uncomment the following lines, by deleting the # symbols, and add the IP addresses or ranges (space delimited) that you want to allow to in the Allow from line:

#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1

As these lines will appear twice in the configuration file, so you will need to perform these steps once more.

Save and exit.

Now start Nagios and restart Apache to put the change into effect:

sudo systemctl restart nagios.service
sudo systemctl restart httpd.service

Nagios is now running, so let’s try and log in.

Accessing the Nagios Web Interface

Open your favorite web browser, and go to your Nagios server (substitute the IP address or hostname for the highlighted part):

http://nagios_server_public_ip/nagios

Because we configured Apache to use htpasswd, you must enter the login credentials that you created earlier. We used “nagiosadmin” as the username:

After authenticating, you will be see the default Nagios home page. Click on the Hosts link, in the left navigation bar, to see which hosts Nagios is monitoring:

As you can see, Nagios is monitoring only “localhost”, or itself.

Let’s monitor another host with Nagios!

Monitor a CentOS 7 Host with NRPE

In this section, we’ll show you how to add a new host to Nagios, so it will be monitored. Repeat this section for each CentOS or RHEL server you wish to monitor.

Note: If you want to monitor an Ubuntu or Debian server, follow the instructions in this link: Monitor an Ubuntu Host with NRPE.

On a server that you want to monitor, install the EPEL repository:

sudo yum install epel-release

Now install Nagios Plugins and NRPE:

sudo yum install nrpe nagios-plugins-all

Now, let’s update the NRPE configuration file. Open it in your favorite editor (we’re using vi):

sudo vi /etc/nagios/nrpe.cfg

Find the allowed_hosts directive, and add the private IP address of your Nagios server to the comma-delimited list (substitute it in place of the highlighted example):

allowed_hosts=127.0.0.1,10.132.224.168

Save and exit. This configures NRPE to accept requests from your Nagios server, via its private IP address.

Restart NRPE to put the change into effect:

sudo systemctl start nrpe.service
sudo systemctl enable nrpe.service

Once you are done installing and configuring NRPE on the hosts that you want to monitor, you will have to add these hosts to your Nagios server configuration before it will start monitoring them.

Add Host to Nagios Configuration

On your Nagios server, create a new configuration file for each of the remote hosts that you want to monitor in /usr/local/nagios/etc/servers/. Replace the highlighted word, “yourhost”, with the name of your host:

sudo vi /usr/local/nagios/etc/servers/yourhost.cfg

Add in the following host definition, replacing the host_name value with your remote hostname (“web-1” in the example), the alias value with a description of the host, and the address value with the private IP address of the remote host:

define host {
        use                             linux-server
        host_name                       yourhost
        alias                           My first Apache server
        address                         10.132.234.52
        max_check_attempts              5
        check_period                    24x7
        notification_interval           30
        notification_period             24x7
}

With the configuration file above, Nagios will only monitor if the host is up or down. If this is sufficient for you, save and exit then restart Nagios. If you want to monitor particular services, read on.

Add any of these service blocks for services you want to monitor. Note that the value of check_command determines what will be monitored, including status threshold values. Here are some examples that you can add to your host’s configuration file:

Ping:

define service {
        use                             generic-service
        host_name                       yourhost
        service_description             PING
        check_command                   check_ping!100.0,20%!500.0,60%
}

SSH (notifications_enabled set to 0 disables notifications for a service):

define service {
        use                             generic-service
        host_name                       yourhost
        service_description             SSH
        check_command                   check_ssh
        notifications_enabled           0
}

If you’re not sure what use generic-service means, it is simply inheriting the values of a service template called “generic-service” that is defined by default.

Now save and quit. Reload your Nagios configuration to put any changes into effect:

sudo systemctl reload nagios.service

Once you are done configuring Nagios to monitor all of your remote hosts, you should be set. Be sure to access your Nagios web interface, and check out the Services page to see all of your monitored hosts and services:

Have fun!

CentOS 7 security update patches five critical vulnerabilities

CentOS has received a new update that fixes important kernel vulnerabilities. The update has been specifically designed for systems running on CentOS 7.

Johnny Hughes, the maintainer of CentOS, has published a security advisory detailing the five vulnerabilities addressed by the latest update. Hughes highlights that the update fixes a remote code execution vulnerability (CVE-2017-7477). The vulnerability could allow remote attackers escalate privileges by allocating heap memory in Linux kernel to build the scatter gather list from fragment list in the socket buffer.

Another remote code execution vulnerability (CVE-2017-7645) has been patched in the update. The vulnerability affected NFS2/3 RPC client that could let users send long arguments to the NFS server and let an attacker crash the kernel.

Third important vulnerability (CVE-2017-7895) patched in this security release was discovered in NFSv2 and NFSv3 server implementations. Another vulnerability (CVE-2017-2583) was found in virtual machine support in the kernel while the last important security flaw (CVE-2017-6214) was found in the kernel’s packet handling with URG flags. A remote attacker could force the kernel to enter an infinite loop using this vulnerability.

The CentOS maintainer has pushed the update kernel-3.10.0-514.26.1.el7 in the stable repository of the OS. All the CentOS 7 users are recommended to update their systems immediately.