System Monitoring with Xymon/Administration Guide/Compiling on CentOS

Installing the OS
First obtain a disk image from the Centos 6.2 Mirrorlist. This guide is for 6.2/isos/i386/CentOS-6.2-i386-minimal.iso.

Boot from the CD and when the boot menu shows up hit tab and append "linux text". That means hit the tab key, space bar and then linux text.


 * Skip media test
 * OK to welcome screen
 * OK to English
 * OK to us keyboard layout
 * Partition disk(s), for the most part it will be
 * /boot with 100MB
 * swap with 1024MB
 * / with remainder of disk (also enable force to be primary partition)
 * OK to use GRUB
 * OK - no kernel options needed
 * OK leaving no GRUB password
 * OK to use default boot loader configuration
 * Use /dev/sda or /dev/hda to use the MBR part of the disk for the boot loader
 * Default ethernet device settings are DHCP
 * OK for system to use UTC and New York time zone
 * Root password - make it good!
 * Select Basic Server for the set of software

Now you have the minimal packages for working with a CentOS system.

Obtaining the package and installing it
Starting with root...

yum -y install yum-priorities yum -y install wget httpd make vim nano man yum -y install gcc gcc-c++ pcre-devel libpng-devel openssl-devel openldap-devel rrdtool-devel libtirpc-devel wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm rpm -i rpmforge-release-*.rpm yum -y install fping yum -y update echo "all done with yum"
 * 1) first line is tools that are not included in minimal install

Now reboot with the new kernel

Once you've rebooted we've got to get to configuring. Let's start by changing the ServerTokens directive in httpd.conf

nano /etc/httpd/conf/httpd.conf

Change ServerTokens OS to ServerTokens Major

Add a user for Xymon to use. A popular user is xymon.

Make this easier and enable copy and paste

XYMONUSER=xymon echo $XYMONUSER

The echo should spit out changethis or whatever you want your Xymon user to be.

echo "helo" > /var/www/html/index.html ln -s /etc/init.d/httpd /etc/rc3.d/S83httpd /etc/init.d/httpd start useradd $XYMONUSER passwd $XYMONUSER

Make sure you pick a good password!

chmod o+rx /usr/sbin/fping chmod go+rx /home/$XYMONUSER yum check-update su - $XYMONUSER cd ~ wget http://iweb.dl.sourceforge.net/project/xymon/Xymon/4.3.10/xymon-4.3.10.tar.gz tar -xzf xymon*tar.gz cd xymon*

Now compiling Xymon...

./configure.server

I found fping in /usr/sbin/fping Do you want to use it [Y/n] ? y

Do you want to be able to test SSL-enabled services (y) ? y

Do you want to be able to test LDAP servers (y) ? y Enable experimental support for LDAP/SSL (OpenLDAP 2.x only) (y) ? y

What userid will be running Xymon [xymon] ? $XYMONUSER

At this point accept the defaults until you see...

What group-ID does your webserver use ? apache The rest will use default except the name of the host and IP address. These two options will vary depending on the host's destined network installation. Now compile the code:

make

Now exit out to become root and finish with...

cd /home/$XYMONUSER/xymon* make install

Groundwork Configuration
Let's stop those crawlers at the door!

echo -e User-agent: *"\n"Disallow: / > /var/www/html/robots.txt mkdir -p ~$XYMONUSER/server/www echo -e User-agent: *"\n"Disallow: / > ~$XYMONUSER/server/www/robots.txt

You will need to take the configuration from the Xymon created xymon-apache.conf and place it in the Apache HTTPD running configuration.

cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.orig cat /home/$XYMONUSER/server/etc/xymon-apache.conf >> /etc/httpd/conf/httpd.conf

and also add some more configuration to httpd.conf around line 292 and 595 (under the Redirect comment)

nano /etc/httpd/conf/httpd.conf

DocumentRoot "/home/xymon/server/www" RedirectMatch ^/robots.txt$ /xymon/robots.txt

Now test the new httpd.conf and restart Apache HTTPD to those configurations.

apachectl configtest apachectl graceful

Create a user for the administrative scripts on Xymon and we're done working with Apache.

htpasswd -c /home/$XYMONUSER/server/etc/xymonpasswd YOURUSERNAME

Next we'll want to steal the Xymon startup script and use it to start Xymon upon entering run level 3.

cd /etc/init.d wget http://iam8up.com/xymon-initd/xymon chmod 755 xymon ln -s /etc/init.d/xymon /etc/rc3.d/S70xymon

YOU ABSOLUTELY MUST MODIFY /etc/init.d/xymon and will probably only need to change STARTBIN, STARTDIR and USERNAME as this example shows:

STARTBIN=Xymon.sh STARTDIR=/home/xymon USERNAME=xymon

Now you want to open the firewall to allow this viewer to see Xymon's web page outputs.

nano /etc/sysconfig/iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT

This can go a lot of places, but this works


 * 1) cat /etc/sysconfig/iptables
 * 2) Firewall configuration written by system-config-firewall
 * 3) Manual customization of this file is not recommended.
 * filter
 * INPUT ACCEPT [0:0]
 * FORWARD ACCEPT [0:0]
 * OUTPUT ACCEPT [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -p tcp --destination-port 80 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

SELinux causes a lot of problems for me. You can do it the right way, but this guide is just to get it working.

Disable it for now echo 0 >/selinux/enforce

Disable it upon boot

nano /etc/selinux/config SELINUX=permissive

You will need NTP for a time based application =)

yum -y install ntp cd /etc/rc3.d/ ln -s /etc/init.d/ntpd S11ntpd ntpdate time.iam8up.com /etc/init.d/ntpd start clock -w

Make it so that Xymon has the capability of reading /var/log/messages

chgrp $XYMONUSER /var/log/messages chmod g+r /var/log/messages

Installation Completion
You should have a Xymon server with basic configuration ready to go. You can either reboot to confirm you have a working init script or just start it with

/etc/init.d/xymon start

Wait about 5 seconds for Xymon to do it's initial run and you should be able to browse to your server at http://servername.com/xymon/

Important Network Information
I personally disable SELinux and the firewall on my installations. I have a dedicated firewall and a strong hate for SELinux. I suggest installing security software - at the very least DenyHosts.

If you want to run Xymon under SELinux, here is one recipe System_Monitoring_with_Xymon/Selinux.