Professional Documents
Culture Documents
How To - Install Libre NMS 2018
How To - Install Libre NMS 2018
Contents
Minimal Install – CentOS 7 x6 [DualCore minimum), 4GB RAM , 16GB storage] .................................. 2
Install Webtatic ................................................................................................................................. 2
Install PHP – latest version ................................................................................................................ 2
Install initial packages... .................................................................................................................... 2
Check the network is functioning as expected... ............................................................................... 2
Temporarily Disable Servers ‘Internal’ Firewall................................................................................. 2
Download & Configure LibreNMS ......................................................................................................... 3
Add LibreNMS User ........................................................................................................................... 3
Download LibreNMS ......................................................................................................................... 3
Create a new directory for the LibreNMS logs and the rrd files: ....................................................... 3
Configure PHP-FPM for the installation of LibreNMS ........................................................................... 4
Open the PHP-FPM configuration file. .............................................................................................. 5
Install WEBMIN ..................................................................................................................................... 6
Check that WEBMIN is running ok... ................................................................................................. 6
Install MariaDB server........................................................................................................................... 6
Securing MariaDB server................................................................................................................... 6
Define MariaDB SQL root password .................................................................................................. 7
How To Configure MySQL ................................................................................................................. 7
Configure NGINX ................................................................................................................................... 7
How to Configure the LibreNMS Virtual Host ................................................................................... 7
Install Fping........................................................................................................................................... 9
Configure SNMPd.................................................................................................................................. 9
Configure Cron job(s) ........................................................................................................................ 9
Copy logrotate config........................................................................................................................ 9
Set permissions ................................................................................................................................. 9
FIREWALL - ‘firewalld’ ......................................................................................................................... 10
Configure Firewall in CentOS 7 ....................................................................................................... 10
SSL and Nginx VHost configurations ................................................................................................... 10
Installing ClamAV ................................................................................................................................ 11
Configuring Firewall / SELinux ......................................................................................................... 11
Verify its working, run: ................................................................................................................ 11
Configuring ClamAV ........................................................................................................................ 12
Generate the SSL certificates: ......................................................................................................... 13
Create a new virtual host. ............................................................................................................... 13
Install Webtatic
# yum -y update
# systemctl stop firewalld (temporarily stop the firewall {gets in the way early on!})
Once the user has been created and added to the respective group, we will go to the /opt/ directory and
download the LibreNMS source code using the git clone command as follows:
Download LibreNMS
# cd /opt
# composer create-project --no-dev --keep-vcs librenms/librenms librenms dev-master
Create a new directory for the LibreNMS logs and the rrd files:
Create a new directory for the LibreNMS logs and the rrd files:
# mkdir -p /opt/librenms/logs/
# mkdir -p /opt/librenms/rrd/
# chmod 775 /opt/librenms/rrd/
Change the ownership of all files and directories in the / opt / librenms directory to the librenms user and group by
executing the following:
May 02 23:05:07 nms.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy
server...
May 02 23:05:07 nms.localdomain nginx[25890]: nginx: the configuration file
/etc/nginx/nginx.conf syntax is ok
May 02 23:05:07 nms.localdomain nginx[25890]: nginx: configuration file /etc/nginx/nginx.conf
test is s...sful
May 02 23:05:07 nms.localdomain systemd[1]: Started The nginx HTTP and reverse proxy server.
Hint: Some lines were ellipsized, use -l to show in full.
# timedatectl
Open the loaded configuration file by PHP in an editor and replace *date.timezone with value from
‘timedatectl’ above.
# vi /etc/php.ini
Find the following lines, uncomment and change their value as shown.
cgi.fix_pathinfo= 0
memory_limit = -1
date.timezone = Europe/London
listen = 127.0.0.1:9000
Replace it with the following line.
listen = /var/run/php-fpm/php7.2-fpm.sock
Further edit/uncomment the following lines.
;user = apache
user = nginx
;listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php7.2-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
Save the file and exit from the editor. Restart PHP-FPM and enable it to start at boot time.
# wget http://www.webmin.com/jcameron-key.asc
# rpm --import jcameron-key.asc
# yum -y install webmin
# /etc/init.d/webmin stop
# /etc/init.d/webmin restart
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] InnoDB: 5.7.21...9987
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140189125039872 [Note] InnoDB: Loadin...pool
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] Plugin 'FEEDBA...led.
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140189125039872 [Note] InnoDB: Buffer...7:54
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] Server socket ...::'.
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] Reading of all...eded
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] Added new Mast...able
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] /usr/sbin/mysq...ons.
May 03 04:07:54 nms.localdomain mysqld[4142]: Version: '10.2.14-MariaDB' socket: '/var/lib/mysql/mysql...rver
May 03 04:07:54 nms.localdomain systemd[1]: Started MariaDB 10.2.14 database server.
Hint: Some lines were ellipsized, use -l to show in full.
Now, open the MySQL configuration file.
# mysql_secure_installation
Set root password? [Y/n] Y
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
Create a new database called ‘librenms’, a new user ‘libreanms’ with password ‘password123’
MariaDB [(none)]>
MariaDB [(none)]>
MariaDB [(none)]> exit <enter>
Bye
[mysqld]
innodb_file_per_table=1
sql-mode=""
lower_case_table_names=0
Configure NGINX
# vi /etc/nginx/conf.d/librenms.conf
In this new file we will paste the following:
server {
# LibreNMS logs
access_log /opt/librenms/logs/access_log;
error_log /opt/librenms/logs/error_log;
location / {
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
location ~ /\.ht {
deny all;
}
}
Now you should delete the [server] section from the [/etc/nginx/nginx.conf] file
Remark out (#) each of the lines, as shown below…. then save the file
# vi /etc/nginx/nginx.conf
# server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}
Configure SNMPd
# cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
# vi /etc/snmp/snmpd.conf
# cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
Set permissions
# chown -R librenms:librenms /opt/librenms
# setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
# setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
# cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
# cd /opt/librenms
# systemctl stop firewalld (temporarily stop the firewall {gets in the way early on!})
FIREWALL - ‘firewalld’
Configure Firewall in CentOS 7
# yum -y install firewalld
Once installed, we will start firewalld and enable it to run at boot with the following systemctl commands:
Once enabled, we will add the following lines to enable the respective services:
# firewall-cmd --reload
We can list the rules to confirm that the services have been added correctly:
# firewall-cmd --list-all
We will configure Nginx to use SSL generated with Let's Encrypt free SSL.
Before you can request the certificates, you will need to allow port 80 and 443, or
standard HTTP and HTTPS services through the firewall.
# setsebool -P antivirus_can_scan_system 1
# setsebool -P clamd_use_jit 1
antivirus_can_scan_system --> on
antivirus_use_jit --> on
Before Clam configuration can be enabled, you need to remove Example string from the configuration file:
Next, you will have to specify the server type. Open configuration file with your favorite text editor, in this example
we will use nano. If it’s not already installed, install it using yum:
# vi /etc/clamd.d/scan.conf
#LocalSocket /var/run/clamd.scan/clamd.sock
LocalSocket /var/run/clamd.scan/clamd.sock
Save the changes by hitting CTRL + X shortcut (or COMMAND+X if you are on MAC).
Almost done, now remove Example string from ClamAV’s freshclam update engine configuration file:
# freshclam
Install Certbot, which is the client application for Let's Encrypt CA.
The SSL certificate will be stored as fullchain.pem and private key will be stored as privkey.pem.
# vi /etc/nginx/conf.d/nms.example.com.conf <enter>
server {
listen 80;
# server_name nms.localdomain; *remove the < > from below, replacing with registered domain
server_name <nms.domain.org>;
return 301 https://$host$request_uri;
}
server {
listen 443;
# server_name nms.localdomain;
server_name nms.welovebees.cloudns.org;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /opt/librenms/logs/librenms.nginx.access.log;
root /opt/librenms/html;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript
image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
location ~ \.php {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}