在 CentOS 7.x 上安裝 Nagios 4.x – Nginx

參考網頁:
Linux . 無限: 在 CentOS7/RHEL7上,為 Nginx 加上 Perl CGI 模組

1. 安裝所需套件
# yum install nagios nagios-plugins-all

2. 設定開機時啟動服務
# systemctl disable httpd.service
# systemctl enable nagios.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nagios.service to /usr/lib/systemd/system/nagios.service.
# systemctl stop httpd.service
# systemctl start nagios.service

3. 設定登入帳號及密碼
# /usr/bin/htpasswd -c /etc/nagios/passwd nagiosadmin
New password:
Re-type new password:
Adding password for user nagiosadmin[@more@]
4. 檢查設定是否正確
# /usr/sbin/nagios -v /etc/nagios/nagios.cfg
Nagios Core 4.2.4
Copyright (c) 2009-present Nagios Core Development Team and Community Contributors
Copyright (c) 1999-2009 Ethan Galstad
Last Modified: 12-07-2016
License: GPL

Website: https://www.nagios.org
Reading configuration data…
   Read main config file okay…
   Read object config files okay…

Running pre-flight check on configuration data…

Checking objects…
        Checked 8 services.
        Checked 1 hosts.
        Checked 1 host groups.
        Checked 0 service groups.
        Checked 1 contacts.
        Checked 1 contact groups.
        Checked 24 commands.
        Checked 5 time periods.
        Checked 0 host escalations.
        Checked 0 service escalations.
Checking for circular paths…
        Checked 1 hosts
        Checked 0 service dependencies
        Checked 0 host dependencies
        Checked 5 timeperiods
Checking global event handlers…
Checking obsessive compulsive processor commands…
Checking misc settings…

Total Warnings: 0
Total Errors:   0

Things look okay – No serious problems were detected during the pre-flight check

5. 下載套件庫設定檔
# wget https://copr.fedorainfracloud.org/coprs/jorti/fcgiwrap/repo/epel-7/jorti-fcgiwrap-epel-7.repo -P /etc/yum.repos.d -P /etc/yum.repos.d

6. 更新套件庫
# yum update

7. 安裝相關套件
# yum install fcgiwrap spawn-fcgi

8. 修改 /etc/sysconfig/spawn-fcgi 設定檔
# vim /etc/sysconfig/spawn-fcgi
FCGI_SOCKET=/var/run/fcgiwrap.socket
FCGI_PROGRAM=/usr/sbin/fcgiwrap
FCGI_USER=nginx
FCGI_GROUP=nginx
FCGI_EXTRA_OPTIONS=”-M 0700″
OPTIONS=”-u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -S $FCGI_EXTRA_OPTIONS -F 1 -P /var/run/spawn-fcgi.pid — $FCGI_PROGRAM”

9. 啟動 spawn-cfgi 服務
# systemctl enable spawn-fcgi
spawn-fcgi.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig spawn-fcgi on
# systemctl start spawn-fcgi

10. 開啟瀏覽器 http://Server’IP/nagios
輸入設定的帳號及密碼

11. 登入後畫面

 

改變 Nagios 登入的預設帳號

Nagios 預設登入帳號是 nagiosadmin,如果想要進行更改
1. 修改 /etc/nagios/cgi.cfg,帳號改成 admin
# cp /etc/nagios/cgi.cfg /etc/nagios/cgi.cfg.$(date +%F)
# sed -i ‘s/nagiosadmin/admin/’ /etc/nagios/cgi.cfg[@more@]
2. 刪除原有的帳號資料
# /usr/bin/htpasswd -D /etc/nagios/passwd nagiosadmin
Deleting password for user nagiosadmin

3. 建立 admin 密碼
# /usr/bin/htpasswd -c /etc/nagios/passwd admin
New password:
Re-type new password:
Adding password for user admin

4. 檢查設定檔是否正確
# /usr/sbin/nagios -v /etc/nagios/nagios.cfg

Nagios Core 4.2.4
Copyright (c) 2009-present Nagios Core Development Team and Community Contributors
Copyright (c) 1999-2009 Ethan Galstad
Last Modified: 12-07-2016
License: GPL

Website: https://www.nagios.org
Reading configuration data…
   Read main config file okay…
   Read object config files okay…

Running pre-flight check on configuration data…

Checking objects…
        Checked 8 services.
        Checked 1 hosts.
        Checked 1 host groups.
        Checked 0 service groups.
        Checked 1 contacts.
        Checked 1 contact groups.
        Checked 24 commands.
        Checked 5 time periods.
        Checked 0 host escalations.
        Checked 0 service escalations.
Checking for circular paths…
        Checked 1 hosts
        Checked 0 service dependencies
        Checked 0 host dependencies
        Checked 5 timeperiods
Checking global event handlers…
Checking obsessive compulsive processor commands…
Checking misc settings…

Total Warnings: 0
Total Errors:   0

Things look okay – No serious problems were detected during the pre-flight check

安裝 MariaDB SQL Sever 10.x

在 CentOS 7.x 使用內建的套件庫安裝的 MariaDB SQL Server 版本是 5.x
# /usr/bin/mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 16
Server version: 5.5.52-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.

MariaDB [(none)]> quit
Bye

安裝 10.x 版本
1. 使用 MariaDB 網站上的設定網頁
MariaDB – Setting up MariaDB Repositories – MariaDB

[@more@]2. 移除舊版套件
# systemctl disable mariadb.service
Removed symlink /etc/systemd/system/multi-user.target.wants/mariadb.service.
# systemctl stop mariadb.service
# yum remove mariadb mariadb-server mariadb-libs

3. 建立 mariadb.repo
# vim /etc/yum.repos.d/mariadb.repo
# MariaDB 10.1 CentOS repository list – created 2017-03-12 06:10 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

4. 更新套件庫
# yum update

5. 進行安裝
# yum install MariaDB-server MariaDB-client

6. 啟動 MariaDB SQL Server
# systemctl enable mariadb.service
# systemctl start mariadb.service

7. 版本
# /usr/bin/mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 2
Server version: 10.1.21-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.

MariaDB [(none)]> quit
Bye

vsftpd Over SSL/TLS 使用加密傳輸

FTP Server 在傳輸資料時都是使用明碼,沒有加密傳輸,使用 SSL/TLS 加密傳輸,可以使 FTP Server 在傳輸資料時更加安全。
參考網頁:
Vsftpd Over SSL/TLS使用加密傳輸:::iThome Download-你要的軟體在這裡:::

1. 安裝 openssl / vsftpd 套件
# yum install openssl vsftpd

2. 建立憑證
# openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout /etc/pki/tls/certs/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.pem
Generating a 1024 bit RSA private key
..++++++
…..++++++
writing new private key to ‘/etc/pki/tls/certs/vsftpd.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [TW]:
State or Province Name (full name) [Yilan]:
Locality Name (eg, city) [TouCheng]:
Organization Name (eg, company) [Elementary School]:
Organizational Unit Name (eg, section) [Proxy Server]:FTP Server
Common Name (eg, your name or your server’s hostname) []:xxx.tces.ilc.edu.tw
Email Address []:xxx@gmail.com

[@more@]3. 更改檔案權限
# chmod 600 /etc/pki/tls/certs/vsftpd.pem

4. 修改 vsftp FTP Server 設定檔 /etc/vsftpd/vsftpd.conf
# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.$(date +%F)
# vim /etc/vsftpd/vsftpd.conf
在設定檔的最後面加上
# 憑證存放路徑
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
# 啟動 SSL
ssl_enable=YES
# 強制傳輸時使用 SSL
force_local_data_ssl=YES
# 登入時強制使用 SSL
force_local_logins_ssl=YES

可以使用的參數
ssl_enable=yes/no //是否啟用 SSL,預設為 no
allow_anon_ssl=yes/no //是否允許匿名使用者使用 SSL,預設為 no
rsa_cert_file=/path/to/file //rsa 證書的位置
dsa_cert_file=/path/to/file //dsa 證書的位置
force_local_logins_ssl=yes/no //非匿名使用者登陸時是否加密,預設為 yes
force_local_data_ssl=yes/no //非匿名使用者傳輸資料時是否加密,預設為 yes
force_anon_logins_ssl=yes/no //匿名使用者登錄時是否加密,預設為 no
force_anon_data_ssl=yes/no //匿名使用者資料傳輸時是否加密,預設為 no
ssl_sslv2=yes/no //是否啟動 ssl v2 加密,預設 no
ssl_sslv3=yes/no //是否啟動 ssl v3 加密,預設 no
ssl_tlsv1=yes/no //是否啟動 tls v1 加密,預設 yes
ssl_ciphers=HIGH //預設是 DES-CBC3-SHA

5. 重新啟動 vsftpd FTP Server
# systemctl restart vsftpd.service

6. 使用 FileZilla 進行測試

cpio 指令參數

cpio 是一個在 Linux 上用來備份或是還原的工具,個人只有在客製化  initrd.img  時用過。
1. 解開
# /bin/cpio -idv < initrd.img
-i 解開檔案
-d 在需要時自動建立目錄
-v 將操作過程顯示在螢幕上

2. 壓縮
# find . | cpio -cov | gzip -9 > ../initrd.img
-c 相同於 -H newc,使用新的 SVR4 portable 格式,如果要使用舊版的 (ASCII) 壓縮格式,可以使用  “-H odc”
-o 建立檔案
-v 將操作過程顯示在螢幕上

3. 更多用法
# cpio –help

開啟 Nginx Web Server 的使用者目錄網頁

1. 新增使用者 testuser
# useradd testuser -d /home/testuser

2. 建立網頁目錄及測試網頁
# mkdir /home/testuser/www
# echo “<h2> Testuser’ Nginx UserDir Test Page</h2>” > /home/testuser/www/test.html

3. 更改目錄及檔案擁有者及群組
# chown -R testuser:testuser /home/testuser
# chmod 711 /home/testuser[@more@]
4. 加入設定
# vim /etc/nginx/conf.d/default.conf
     location ~ ^/~(.+?)(/.*)?$ {
         alias /home/$1/www$2;
         index  index.php index.html index.htm;
         autoindex on;
     }

5. 重新啟動 Nginx Web Server
# systemctl restart nginx.service

6. 觀看成果 http://Server’IP/~testuser/test.html

Nignx 加入網頁密碼保護

參考網頁:
Linux . 無限: 在 CentOS7/RHEL7上,使用 Nginx 設定基本 Web 帳號密碼

1. 安裝 httpd-tools 套件
# yum install httpd-tools

2. 建立目錄及測試檔
# mkdir /usr/share/nginx/html/admin
# echo “<h2>This is a secure file</h2>” > /usr/share/nginx/html/admin/test.html

3. 建立密碼檔
# /bin/htpasswd -c /usr/share/nginx/html/admin/.htpasswd test
New password:
Re-type new password:
Adding password for user test[@more@]
4. 俢改 /etc/nginx/conf.d/default.conf 設定檔
# vim /etc/nginx/conf.d/default.conf
    location ~ ^/admin/.* {
        root /usr/share/nginx/html;
        index index.php index.html index.htm;
        location ~ .php$ {
           try_files $uri = 404;
           fastcgi_pass   127.0.0.1:9000;
           fastcgi_index  index.php;
           fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
           include        fastcgi_params;
        }
        auth_basic “Administrator Login”;
        auth_basic_user_file /usr/share/nginx/html/admin/.htpasswd;
    }

    location ~ ^/admin/.* {
        root /usr/share/nginx/html;
        index index.php index.html index.htm;
            auth_basic            “
Administrator Login“;
            auth_basic_user_file  “/
usr/share/nginx/html/admin/.htpasswd“;
        }

5. 重新啟動 Nginx Web Server
# systemctl restart nginx.service

6. 觀看成果 http://Server’IP/admin/test.html

Nginx 加入 php 模組

參考網頁:
Linux . 無限: 在 CentOS7/RHEL7 上架設 Nginx Web Server(一)
CentOS 7 : Nginx : PHP-FPM : Server World
[CentOS 7] 整合 Nginx、MariaDB、PHP 7 組成 LEMP Server | IT 技術家

1. 安裝 php-fpm 套件
# yum install php-fpm php-mbstring php-pear

2. 修改 /etc/php-fpm.d/www.conf 設定檔,改變執行者及群組
# vim /etc/php-fpm.d/www.conf
user = apache
group = apache

3. 啟動php-fpm 服務
# systemctl enable php-fpm.service
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
# systemctl start php-fpm.service[@more@]
4. 修改 /etc/nginx/conf.d/default.conf 設定檔
# cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.$(date +%F)
# vim /etc/nginx/conf.d/default.conf
server {
    listen       80;
    server_name  localhost;

    charset utf-8;
    access_log  /var/log/nginx/access.log  main;
    error_log /var/log/nginx/error.log warn;

    location / {
        root   /usr/share/nginx/html;
        index  index.php index.html index.htm;
    }

    error_page  404              /404.html;

    location ~ .php$ {
        root           /usr/share/nginx/html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
    location ~ /.ht {
        deny  all;
    }
}

5. 修改 /etc/php.ini
# sed -i ‘s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/’ /etc/php.ini

6. 重新啟動 Nginx Web Server
# systemctl restart nginx.service
# systemctl status nginx.service

7. 編輯 php 測試檔
# echo “<?php phpinfo(); ?>” > /usr/share/nginx/html/info.php

8. SELinux 設定
# chcon -R -t httpd_sys_rw_content_t /usr/share/nginx/html

9. 開啟瀏覽器 http://Server’IP/info.php


修改 /etc/php-fpm.d/www.conf 設定檔,改變執行者及群組
# vim /etc/php-fpm.d/www.conf
user = nginx
group = nginx
listen = /var/run/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0666

# vim /etc/nginx/conf.d/default.conf
    location ~ .php$ {
        root           /usr/share/nginx/html;
        fastcgi_pass   unix:/var/run/php-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

在 CentOS 7.x 下安裝 Nignx Web Server

使用 nginx 套件庫安裝
1. 建立 nginx 套件庫
# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

2. 套件庫更新
# yum update

3. 安裝 Nginx Web Server
# yum install nginx

4. 安裝的版本
# /sbin/nginx -V
nginx version: nginx/1.10.3[@more@]或使用 epel 套件庫安裝
1. 安裝 Nginx Web Server
# yum install nginx –enablerepo=epel

2. 安裝的版本
# /sbin/nginx -V
nginx version: nginx/1.10.2

二者差別
1. 用 nginx 套件庫安裝的版本比較新 1.10.3 > 1.10.2
2. 用 epel 套件庫安裝的套件數比較多 25 > 3

設定開機時啟動
# systemctl enable nginx.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
# systemctl start nginx.service

防火牆上設定
# firewall-cmd –add-service=http –permanent
# firewall-cmd –add-service=https –permanent
# firewall-cmd –reload

# iptables -A INPUT -p tcp –syn -m state –state NEW –dport 80 -j ACCEPT
# iptables -A INPUT -p tcp –syn -m state –state NEW –dport 443 -j ACCEPT

觀看成果 http://Server’IP
Nginx 套件庫

EPEL 套件庫

在 CentOS 7.x 下安裝 mrtg


參考網頁:
CentOS 7 : MRTG : Install : Server World

mrtg Server : 192.168.1.10
1. 安裝 mrtg
# yum install net-snmp net-snmp-utils mrtg

2. 設定 snmp
# echo ‘rocommunity public’ > /etc/snmp/snmpd.conf
# systemctl enable snmpd.service
# systemctl start snmpd.service[@more@]
3. 防火牆設定
# firewall-cmd –add-rich-rule=”rule family=”ipv4″ source address=”192.168.1.0/24″ service name=”snmpd” accept” –permanent

# iptables -A INPUT  -p udp -s 192.168.1.0/24 -m state –state NEW –dport 161 -j ACCEPT

4. 測試
# /bin/snmpwalk -v2c -c public 127.0.0.1

5. 建立 mrtg /etc/mrtg/mrtg.cfg 設定檔
# /bin/cfgmaker –snmp-options=:::::2 –ifref=descr –ifdesc=descr 192.168.1.10 > /etc/mrtg/mrtg.cfg

6. 修改 mrtg 設定檔 /etc/mrtg/mrtg.cfg
# cp /etc/mrtg/mrtg.cfg /etc/mrtg/mrtg.cfg.$(date +%F)
# vim /etc/mrtg/mrtg.cfg
### Global Config Options

#  for UNIX
# WorkDir: /home/http/mrtg
WorkDir: /var/www/mrtg

### Global Defaults

#  to get bits instead of bytes and graphs growing to the right
Options[_]: growright, bits

7. 執行三次,不用理會警告,因為一剛開始沒有資料,所以會出現,再執行一次就會沒有
# for (( i=1 ; i <= 3 ; i++ )); do env LANG=C mrtg /etc/mrtg/mrtg.cfg; done
2017-03-11 11:57:18, Rateup WARNING: /usr/bin/rateup could not read the primary log file for 192.168.1.10_eth0
2017-03-11 11:57:18, Rateup WARNING: /usr/bin/rateup The backup log file for 192.168.1.10_eth0 was invalid as well
2017-03-11 11:57:18, Rateup WARNING: /usr/bin/rateup Can’t rename 192.168.1.10_eth0.log to 192.168.1.10_eth0.old updating log file

8. 產生 index 檔
# /bin/indexmaker –columns=1 /etc/mrtg/mrtg.cfg > /var/www/mrtg/index.html

9. 建立 mrtg cron
# vim /etc/cron.d/mrtg
*/5 * * * * root LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg –lock-file /var/lock/mrtg/mrtg_l –confcache-file /var/lib/mrtg/mrtg.ok

10. 修改 /etc/httpd/conf.d/mrtg.conf
# vim /etc/httpd/conf.d/mrtg.conf
Alias /mrtg /var/www/mrtg

<Location /mrtg>
    Require local
    Require ip 192.168.1.0/24
    # Require ip 10.1.2.3
    # Require host example.org
</Location>

11. 重新啟動 Web Server
# systemctl restart httpd.service

12. 觀看成果 http://Server’IP/mrtg