System Monitoring with Xymon/Administration Guide/Compiling on CentOS

First obtain a disk image from the Centos 6.2 Mirrorlist. This guide is for 6.2/isos/i386/CentOS-6.2-i386-minimal.iso.

Boot from the CD and when the boot menu shows up hit tab and append "linux text". That means hit the tab key, space bar and then linux text.

• Skip media test
• OK to welcome screen
• OK to English
• OK to us keyboard layout
• Partition disk(s), for the most part it will be
  • /boot with 100MB
  • swap with 1024MB
  • / with remainder of disk (also enable force to be primary partition)
• OK to use GRUB
• OK - no kernel options needed
• OK leaving no GRUB password
• OK to use default boot loader configuration
• Use /dev/sda or /dev/hda to use the MBR part of the disk for the boot loader
• Default ethernet device settings are DHCP
• OK for system to use UTC and New York time zone
• Root password - make it good!
• Select Basic Server for the set of software

Now you have the minimal packages for working with a CentOS system.

Starting with root...

yum -y install yum-priorities
#first line is tools that are not included in minimal install
yum -y install wget httpd make vim nano man
yum -y install gcc gcc-c++ pcre-devel libpng-devel openssl-devel openldap-devel rrdtool-devel libtirpc-devel
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
rpm -i rpmforge-release-*.rpm
yum -y install fping
yum -y update
echo "all done with yum"

Now reboot with the new kernel

Once you've rebooted we've got to get to configuring. Let's start by changing the ServerTokens directive in httpd.conf

nano /etc/httpd/conf/httpd.conf

Change ServerTokens OS to ServerTokens Major

Add a user for Xymon to use. A popular user is xymon.

Make this easier and enable copy and paste

XYMONUSER=xymon
echo $XYMONUSER

The echo should spit out changethis or whatever you want your Xymon user to be.

echo "helo" > /var/www/html/index.html
ln -s /etc/init.d/httpd /etc/rc3.d/S83httpd
/etc/init.d/httpd start
useradd $XYMONUSER
passwd $XYMONUSER

Make sure you pick a good password!

chmod o+rx /usr/sbin/fping
chmod go+rx /home/$XYMONUSER
yum check-update
su - $XYMONUSER
cd ~
wget http://iweb.dl.sourceforge.net/project/xymon/Xymon/4.3.10/xymon-4.3.10.tar.gz
tar -xzf xymon*tar.gz
cd xymon*

Now compiling Xymon...

./configure.server

I found fping in /usr/sbin/fping
Do you want to use it [Y/n] ?
y

Do you want to be able to test SSL-enabled services (y) ?
y

Do you want to be able to test LDAP servers (y) ?
y
Enable experimental support for LDAP/SSL (OpenLDAP 2.x only) (y) ?
y

What userid will be running Xymon [xymon] ?
$XYMONUSER

At this point accept the defaults until you see...

What group-ID does your webserver use ?
apache

The rest will use default except the name of the host and IP address. These two options will vary depending on the host's destined network installation. Now compile the code:

make

Now exit out to become root and finish with...

cd /home/$XYMONUSER/xymon*
make install

Let's stop those crawlers at the door!

echo -e User-agent: *"\n"Disallow: / > /var/www/html/robots.txt
mkdir -p ~$XYMONUSER/server/www
echo -e User-agent: *"\n"Disallow: / > ~$XYMONUSER/server/www/robots.txt

You will need to take the configuration from the Xymon created xymon-apache.conf and place it in the Apache HTTPD running configuration.

cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.orig
cat /home/$XYMONUSER/server/etc/xymon-apache.conf >> /etc/httpd/conf/httpd.conf

and also add some more configuration to httpd.conf around line 292 and 595 (under the Redirect comment)

nano /etc/httpd/conf/httpd.conf

DocumentRoot "/home/xymon/server/www"
RedirectMatch ^/robots.txt$ /xymon/robots.txt

Now test the new httpd.conf and restart Apache HTTPD to those configurations.

apachectl configtest
apachectl graceful

Create a user for the administrative scripts on Xymon and we're done working with Apache.

htpasswd -c /home/$XYMONUSER/server/etc/xymonpasswd YOURUSERNAME

Next we'll want to steal the Xymon startup script and use it to start Xymon upon entering run level 3.

cd /etc/init.d
wget http://iam8up.com/xymon-initd/xymon
chmod 755 xymon
ln -s /etc/init.d/xymon /etc/rc3.d/S70xymon

YOU ABSOLUTELY MUST MODIFY /etc/init.d/xymon and will probably only need to change STARTBIN, STARTDIR and USERNAME as this example shows:

STARTBIN=Xymon.sh
STARTDIR=/home/xymon
USERNAME=xymon

Now you want to open the firewall to allow this viewer to see Xymon's web page outputs.

nano /etc/sysconfig/iptables

-A INPUT -p tcp --destination-port 80 -j ACCEPT

This can go a lot of places, but this works

# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp --destination-port 80 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

SELinux causes a lot of problems for me. You can do it the right way, but this guide is just to get it working.

Disable it for now

echo 0 >/selinux/enforce

Disable it upon boot

nano /etc/selinux/config

SELINUX=permissive

You will need NTP for a time based application =)

yum -y install ntp
cd /etc/rc3.d/
ln -s /etc/init.d/ntpd S11ntpd
ntpdate time.iam8up.com
/etc/init.d/ntpd start
clock -w

Make it so that Xymon has the capability of reading /var/log/messages

chgrp $XYMONUSER /var/log/messages
chmod g+r /var/log/messages

You should have a Xymon server with basic configuration ready to go. You can either reboot to confirm you have a working init script or just start it with

/etc/init.d/xymon start

Wait about 5 seconds for Xymon to do it's initial run and you should be able to browse to your server at http://servername.com/xymon/

I personally disable SELinux and the firewall on my installations. I have a dedicated firewall and a strong hate for SELinux. I suggest installing security software - at the very least DenyHosts.

If you want to run Xymon under SELinux, here is one recipe System_Monitoring_with_Xymon/Selinux.