System Monitoring with Xymon/Administration Guide/Compiling on CentOS
Installing the OS[edit | edit source]
First obtain a disk image from the Centos 6.2 Mirrorlist. This guide is for 6.2/isos/i386/CentOS-6.2-i386-minimal.iso.
Boot from the CD and when the boot menu shows up hit tab and append "linux text". That means hit the tab key, space bar and then linux text.
- Skip media test
- OK to welcome screen
- OK to English
- OK to us keyboard layout
- Partition disk(s), for the most part it will be
- /boot with 100MB
- swap with 1024MB
- / with remainder of disk (also enable force to be primary partition)
- OK to use GRUB
- OK - no kernel options needed
- OK leaving no GRUB password
- OK to use default boot loader configuration
- Use /dev/sda or /dev/hda to use the MBR part of the disk for the boot loader
- Default ethernet device settings are DHCP
- OK for system to use UTC and New York time zone
- Root password - make it good!
- Select Basic Server for the set of software
Now you have the minimal packages for working with a CentOS system.
Obtaining the package and installing it[edit | edit source]
Starting with root...
yum -y install yum-priorities #first line is tools that are not included in minimal install yum -y install wget httpd make vim nano man yum -y install gcc gcc-c++ pcre-devel libpng-devel openssl-devel openldap-devel rrdtool-devel libtirpc-devel wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm rpm -i rpmforge-release-*.rpm yum -y install fping yum -y update echo "all done with yum"
Now reboot with the new kernel
Once you've rebooted we've got to get to configuring. Let's start by changing the ServerTokens directive in httpd.conf
Change ServerTokens OS to ServerTokens Major
Add a user for Xymon to use. A popular user is xymon.
Make this easier and enable copy and paste
XYMONUSER=xymon echo $XYMONUSER
The echo should spit out changethis or whatever you want your Xymon user to be.
echo "helo" > /var/www/html/index.html ln -s /etc/init.d/httpd /etc/rc3.d/S83httpd /etc/init.d/httpd start useradd $XYMONUSER passwd $XYMONUSER
Make sure you pick a good password!
chmod o+rx /usr/sbin/fping chmod go+rx /home/$XYMONUSER yum check-update su - $XYMONUSER cd ~ wget http://iweb.dl.sourceforge.net/project/xymon/Xymon/4.3.10/xymon-4.3.10.tar.gz tar -xzf xymon*tar.gz cd xymon*
Now compiling Xymon...
./configure.server I found fping in /usr/sbin/fping Do you want to use it [Y/n] ? y Do you want to be able to test SSL-enabled services (y) ? y Do you want to be able to test LDAP servers (y) ? y Enable experimental support for LDAP/SSL (OpenLDAP 2.x only) (y) ? y What userid will be running Xymon [xymon] ? $XYMONUSER
At this point accept the defaults until you see...
What group-ID does your webserver use ? apache
The rest will use default except the name of the host and IP address. These two options will vary depending on the host's destined network installation. Now compile the code:
Now exit out to become root and finish with...
cd /home/$XYMONUSER/xymon* make install
Groundwork Configuration[edit | edit source]
Let's stop those crawlers at the door!
echo -e User-agent: *"\n"Disallow: / > /var/www/html/robots.txt mkdir -p ~$XYMONUSER/server/www echo -e User-agent: *"\n"Disallow: / > ~$XYMONUSER/server/www/robots.txt
You will need to take the configuration from the Xymon created xymon-apache.conf and place it in the Apache HTTPD running configuration.
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.orig cat /home/$XYMONUSER/server/etc/xymon-apache.conf >> /etc/httpd/conf/httpd.conf
and also add some more configuration to httpd.conf around line 292 and 595 (under the Redirect comment)
DocumentRoot "/home/xymon/server/www" RedirectMatch ^/robots.txt$ /xymon/robots.txt
Now test the new httpd.conf and restart Apache HTTPD to those configurations.
apachectl configtest apachectl graceful
Create a user for the administrative scripts on Xymon and we're done working with Apache.
htpasswd -c /home/$XYMONUSER/server/etc/xymonpasswd YOURUSERNAME
Next we'll want to steal the Xymon startup script and use it to start Xymon upon entering run level 3.
cd /etc/init.d wget http://iam8up.com/xymon-initd/xymon chmod 755 xymon ln -s /etc/init.d/xymon /etc/rc3.d/S70xymon
YOU ABSOLUTELY MUST MODIFY /etc/init.d/xymon and will probably only need to change STARTBIN, STARTDIR and USERNAME as this example shows:
STARTBIN=Xymon.sh STARTDIR=/home/xymon USERNAME=xymon
Now you want to open the firewall to allow this viewer to see Xymon's web page outputs.
-A INPUT -p tcp --destination-port 80 -j ACCEPT
This can go a lot of places, but this works
# cat /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -p tcp --destination-port 80 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
SELinux causes a lot of problems for me. You can do it the right way, but this guide is just to get it working.
Disable it for now
echo 0 >/selinux/enforce
Disable it upon boot
You will need NTP for a time based application =)
yum -y install ntp cd /etc/rc3.d/ ln -s /etc/init.d/ntpd S11ntpd ntpdate time.iam8up.com /etc/init.d/ntpd start clock -w
Make it so that Xymon has the capability of reading /var/log/messages
chgrp $XYMONUSER /var/log/messages chmod g+r /var/log/messages
Installation Completion[edit | edit source]
You should have a Xymon server with basic configuration ready to go. You can either reboot to confirm you have a working init script or just start it with
Wait about 5 seconds for Xymon to do it's initial run and you should be able to browse to your server at http://servername.com/xymon/
Important Network Information[edit | edit source]
I personally disable SELinux and the firewall on my installations. I have a dedicated firewall and a strong hate for SELinux. I suggest installing security software - at the very least DenyHosts.
If you want to run Xymon under SELinux, here is one recipe System_Monitoring_with_Xymon/Selinux.