x
[5 Mins Docker] Install Open Source System and Network Monitoring Application – Nagios Core – 51 Security

[5 Mins Docker] Install Open Source System and Network Monitoring Application – Nagios Core – 51 Security

by


Self Hosted Docker Installation Pre-requirements

Free resources you might need to complete this docker project:

Pre-installed services:

  • Docker, 
    • apt update
    • apt install docker.io
    • apt install docker-compose
    • apt upgrade docker.io
    • mkdir /root/data/docker_data/<docker_name>
  • Docker-Compose (Using Ubuntu OS for the commands)
    • Docker-compose down
    • Optional command : use following command to backup your Docker data. You might need to change your folder name based on your docker configuraiton
      • cp -r /root/data/docker_data/<docker_name> /root/data/docker_data_backup/<docker_name>
    • docker-compose pull
    • docker-compose up -d
    • docker image prune
  • Portainer (Optional)
    • docker volume create portainer_data
    • docker run -d -p 9000:9000 –name portainer –restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
  • Install some applications: apt install wget curl sudo vim git (Optional)
  • aapanel with Nginx (Optional)
  • Nginx Proxy Manager (Optional)
  • Install screen (Optional)
    • Install screen (Depends on the Linux Distribution if it came pre installed or not) : yum install screen
    • Initiate a Screen : screen or  screen -S <screen name> <command to execute>
    • Detach from the screen : “CTRL+A,D” not “CTRL+A+D”
    • List all the screen currently working : screen -ls
    • Reattach to a screen : screen  -r  <session number> or screen -r <screen name>
    • Kill specific screen: screen -X -S <screen name> quit
    • Kill all screens : pkill screen

Monitoring Usage, especially for disk usage

Remove Docker and Related folders

  • docker stop <Docker Name> # stop the docker but not remove anything. 
  • docker rm -f <Docker Name>  # remove speficic container, but will not delete mapped volumes
  • rm -rf /root/data/docker_data/<Docker Mapped Volumns>  # remove all mapped volumes

Restrick Journal Log File Size:

  • journalctl –vacuum-size=100M
  • Limit it to 25M:

nano /etc/systemd/journald.conf
SystemMaxUse=25M
systemctl restart systemd-journald.service

or 

sudo bash -c 'echo "SystemMaxUse=100M" >> /etc/systemd/journald.conf'
sudo systemctl restart systemd-journald

Enable IPv6 and Limit Log File Size (Ubuntu)

Special command to cleans all logs and you don’t need to stop the containers.

  • sudo sh -c 'truncate -s 0 /var/lib/docker/containers/*/*-json.log'

Add customized self defined IPv6 address segment to enable container’s IPv6 fucntion. And limit log file’s size and numbers in case log file to fill all hard drive’s space. 

cat > /etc/docker/daemon.json << EOF
{
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "20m",
        "max-file": "3"
    },
    "ipv6": true,
    "fixed-cidr-v6": "fd00:dead:beef:c0::/80",
    "eixperimental":true,
    "ip6tables":true
}
EOF

If there is any error, or IPv6 part might not work in the platform you might want to change it to list:

cat <<EOF > /etc/docker/daemon.json
{
  "live-restore": true,
  "storage-driver": "overlay2",
  "log-opts": {
    "max-size": "10m"
  }
}
EOF
Restart Docker service:

systemctl restart docker

Limit number of log files:

cat /etc/logrotate.d/rsyslog

/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
    rotate 4
    weekly
    missingok
    notifempty
    compress
    delaycompress
    sharedscripts
    postrotate
        /usr/lib/rsyslog/rsyslog-rotate
    endscript
}

You can change 4 to some other value, such as 1, so that only one file is stored.

Add a new host with services to monitor

1 Log into docker:

  • docker exec -ti nagios4 /bin/bash

2 Open up: /opt/nagios/etc/nagios.cfg and add a new cfg_dir:

cfg_dir=/opt/nagios/etc/servers

3 Create the directory

mkdir /opt/nagios/etc/servers

4 edit configuration file to add new host in with ping / http services

nano /opt/nagios/etc/servers/servers.cfg

You might want to run following commands to install nano first:

  • apt update -y
  • apt install nano -y

5 We are using the linux-server template that is defined in /opt/nagios/etc/objects/templates.cfg

Add host and services configuraiton in.

define host {
    use                      linux-server
    host_name                DNS01
    alias                    DNS01
    address                  8.8.8.8
    max_check_attempts       5
    check_period             24x7
    notification_interval    30
    notification_period      24x7
}
define service {
    use                    generic-service
    host_name              DNS01
    service_description    PING
    check_command          check_ping!100.0,20%!500.0,60%
}

define service {
    use                      generic-service
    host_name                DNS01
    service_description      SSH
    check_command            check_ssh
    notifications_enabled    1
}

define service {
    use                      generic-service
    host_name                DNS01
    service_description      HTTP
    check_command            check_http
    notifications_enabled    1
}

6 Save the configuration and test the configuration

nagios -v /opt/nagios/etc/nagios.cfg

7 Restart docker to apply the configs.

exit from docker then run following command to restart the docker.

Manual install Nagios

From: https://support.nagios.com/kb/article/nagios-core-installing-nagios-core-from-source-96.html#Ubuntu

update system and reboot

apt update && apt upgrade -y

reboot

cd /tmp
wget -O nagioscore.tar.gz https://github.com/NagiosEnterprises/nagioscore/archive/nagios-4.4.14.tar.gz
tar xzf nagioscore.tar.gz

 

Check the releases page for latest Nagios available.

NAGIOS_VER=$(curl -s https://api.github.com/repos/NagiosEnterprises/nagioscore/releases/latest|grep tag_name|cut -d '"' -f 4)
curl -SL https://github.com/NagiosEnterprises/nagioscore/releases/download/$NAGIOS_VER/$NAGIOS_VER.tar.gz | tar -xzf -

The command will download and extract the Nagios core archive to your current working directory.

Compile

Change to created Nagios folder.

cd $NAGIOS_VER
cd /tmp/nagioscore-nagios-4.4.14/
sudo ./configure --with-httpd-conf=/etc/apache2/sites-enabled
sudo make all

 

Create User And Group

This creates the nagios user and group. The www-data user is also added to the nagios group.

sudo make install-groups-users
sudo usermod -a -G nagios www-data

 

Install Binaries

This step installs the binary files, CGIs, and HTML files.

sudo make install

 

Install Service / Daemon

This installs the service or daemon files and also configures them to start on boot.

sudo make install-daemoninit

 

Information on starting and stopping services will be explained further on.

 

Install Command Mode

This installs and configures the external command file.

sudo make install-commandmode

 

Install Configuration Files

This installs the *SAMPLE* configuration files. These are required as Nagios needs some configuration files to allow it to start.

sudo make install-config

 

Install Apache Config Files

This installs the Apache web server configuration files and configures Apache settings.

sudo make install-webconf
sudo a2enmod rewrite
sudo a2enmod cgi

 

Install the Exfoliation theme for the Nagios web interface.

sudo make install-exfoliation

If you want to use classic Nagios theme, run:

make install-classicui

Create Nagios Web User

A user is required for the access to Nagios web console.

$ sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
New password: 
Re-type new password: 
Adding password for user nagiosadmin

The htpasswd has been used to generate the password and write it to the /usr/local/nagios/etc/htpasswd.users file.

Install Nagios Plugins

Nagios plugins are used to extend Nagios monitoring features. Let’s ensure they are installed. Check for the latest release of Nagios plugins from Github releases page.

cd ~/
VER=$( curl -s https://api.github.com/repos/nagios-plugins/nagios-plugins/releases/latest|grep tag_name|cut -d '"' -f 4|sed 's/release-//')
curl -SL https://github.com/nagios-plugins/nagios-plugins/releases/download/release-$VER/nagios-plugins-$VER.tar.gz | tar -xzf -

Change to the plugins source directory:

cd nagios-plugins-$VER

Compile and install Nagios plugins by running commands below.

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
sudo make install

Verify installation and start service

Confirm that your Nagios installation was successful on Ubuntu Linux machine.

sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Leave a Comment