A quick foreword, I am not a native Linux SA. If there are corrections to terminology needed or if I have mislabeled something, please, let me know so I can update this page. It took me quite a while to figure out how to allow things to work properly without having to disable SELinux. Thank you!
Beginning from a fresh installation of CentOS 7.
First, we’ll temporarily enable Root SSH Access by editing /etc/ssh/sshd_config.
vi /etc/ssh/sshd_config
Press the I key to begin editing. Note: for the rest of this document, if edits are required, you will likely need to remember this.
Remove the # from before PermitRootLogin Yes.
#LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10
Next, you’ll write quite. Note: to do this you will need to press the Escape key and then type “:wq!” without the quotes to save and exit. (As above with the I key, you will need to remember this.)
:wq!
Restart SSH.
service sshd restart
Open Putty or your favorite SSH method and connect to the device. If you’re using DHCP, you may need to run the command below to get the IP Address.
ip addr show
Next we’ll install dependencies.
yum install -y wget httpd php gcc glibc glibc-common gd gd-devel make net-snmp mod_ssl unzip
Download or SFTP necessary files, the versions I successfully used are listed below.
monitoring-plugins-2.2.tar.gz nagios-4.3.4.tar.gz nagios-plugins-2.2.1.tar.gz nagios-selinux-4.3.4-2.el7.nuxref.x86_64.rpm nagios-plugins-selinux-2.2.1-1.el7.nuxref.x86_64.rpm
(Nagios SELinux RPMs can be found using this link.)
Next we’ll create the nagios user and groups. (You will be prompted for a password on the next command.)
useradd nagios && passwd nagios
groupadd nagcmd usermod -a -G nagcmd nagios usermod -a -G nagcmd apache
Now that everything’s prepared, we’ll extract and install Nagios Core 4.
tar xvf nagios-4.3.4.tar.gz cd nagios-4.3.4 ./configure -with-command-group=nagcmd make all make install make install-init make install-commandmode make install-config make install-webconf
Now, we’ll copy the Event Handlers and apply proper ownership.
cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/ chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers
Next, we’ll test the config.
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
On to creation of the web user for Nagios and prepping the web service. (You will be asked to set a password after the next command.)
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
systemctl restart httpd.service chkconfig --add nagios && chkconfig --level 35 nagios on systemctl enable httpd.service
Next, we’re going to add a permanent firewall rule for HTTPS, you can change this to HTTP if you would prefer and then we’re restarting the service.
firewall-cmd --zone=public --permanent --add-service=https systemctl restart firewalld.service
Return to root user directory and remove installer files for Nagios Core 4.
cd ~ rm -rf nagios-4.3.4*
Install Nagios SELinux packages to allow it to run in Enforcing mode then restart Nagios.
yum install nagios-selinux-4.3.4-2.el7.nuxref.x86_64.rpm –y rm -rf nagios-selinux-4.3.4-2.el7.nuxref.x86_64.rpm service nagios restart
Extract and Install Nagios Monitoring Plugins.
tar -xvf nagios-plugins-2.2.1.tar.gz cd nagios-plugins-2.2.1 ./configure --prefix=/usr/local/nagios --with-cgiurl=/nagios/cgi-bin make make install make install-root
Remove Nagios Monitoring Plugins installer files.
cd ~ rm -rf nagios-plugins-2.2.1*
Extract and install the monitoring plugins.
cd ~ tar xvf monitoring-plugins-2.2.tar.gz cd monitoring-plugins-2.2 ./configure -with-nagios-user=nagios -with-nagios-group=nagios --prefix=/usr/local/nagios make make install
Remove the monitoring plugins installer files.
cd ~ rm -rf monitoring-plugins-2.2*
Install SELinux policy for Plugins.
yum install nagios-plugins-selinux-2.2.1-1.el7.nuxref.x86_64.rpm –y rm -rf nagios-plugins-selinux-2.2.1-1.el7.nuxref.x86_64.rpm
Change context of Nagios directories for SELinux.
chcon -R --reference=/var/www/html /usr/local/nagios/share chcon -R --reference=/var/www/html /usr/local/nagios/var chcon -R --reference=/var/www/cgi-bin /usr/local/nagios/sbin chcon -R -t httpd_sys_rw_content_t /usr/local/nagios/var/rw
Restart the Nagios service.
service nagios restart
From here you should be able to navigate to your server and make sure everything is working properly.
https://serverip/nagios/
If everything worked well, you should return and disable root SSH access.
vi /etc/ssh/sshd_config
Add # before PermitRootLogin yes.
#LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10
Save and quit vi.
:wq!
Restart SSH.
service sshd restart
And now you’re ready to start configuring your Nagios server.
—
This post is only one part of a series of Nagios documentation I am be preparing.
Nagios Core 4 on CentOS 7: Part 1 – Installation
Nagios Core 4 on CentOS 7: Part 2 – Installation and Configuration of PNP4Nagios
Nagios Core 4 on CentOS 7: Part 3 – Installation and Configuration of Grafana over HTTPS
Nagios Core 4 on CentOS 7: Part 4 – Installation of V-Shell 2