Lab_02_NetworkMonitoringWithNagios

Lab_02_NetworkMonitoringWithNagios - Copyright 2005...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Copyright 2005 Carnegie Mellon University Network Monitoring with Nagios Confidentiality, Integrity, and Availability are 3 central components of Information Security. It is considered a best practice for system administrators to automate the availability monitoring of critical systems and services on their networks. This lab will let you practice installing, configuring, and using the Nagios service monitoring application. Nagios is an opensource network monitoring framework. All monitoring functionality is left to plugins, which are separate from the main Nagios installation. Fortunately, a set of default plugins is available from the Nagios website, ( www.nagios.org) and these have all the monitoring functionality you will need. As of the time of this writing, version 2.0 of Nagios is still in Beta development, so you will be using the latest stable release, version 1.2. In this lab you will also attain the side benefit of practicing some advanced text editing on Linux using the ubiquitous text editor VI. Your lab environment consists of 4 virtual computer systems. Error! Not a valid link. 1. A Linux Server on which you will install and configure Nagios. This system's hostname is Abrams and its IP address is 10.0.4.8. 2. A Linux Server running the BIND name server (DNS). This system's hostname is Powell and its IP address is 10.0.1.3. You will configure Nagios to monitor the DNS server on this system. 3. A Windows 2000 Server running an IIS web server. This system's hostname is Franks and its IP address is 10.0.1.4. You will configure Nagios to monitor the Web server on this system. 4. A Windows Server 2003 launchpad system that will allow you to remotely access and configure the servers above. This system's hostname is VTELaunchpad and its IP address is 10.0.254.254 1 Remotely access the Nagios server via Secure Shell (SSH) 1. From the Desktop of your VTELaunchpad system, double click the Putty.exe icon. Putty is a very popular (and free) SSH client. 2. Type 10.0.4.8 in the Host name (IP Address) box within the Putty application and then click the `Open' button. Note: If Putty asks you if you want to accept Abrams' SSH key, click Yes. 3. Login to the remote server with the following credentials: Network Monitoring with Nagios Page 1 of 16 Copyright 2005 Carnegie Mellon University Username: root Password: tartans 2 Installing Nagios 1. Mount the Tools CD by typing the following at the command prompt: (note: Do NOT type the # sign it is in these instructions to represent the command prompt on your Linux system). Remember to try to use the Tab complete (tab button) and previous command (up arrow button) features within Linux, as this can save you on time and typing errors. # mount /dev/cdrom /mnt/cdrom 2. The following files are required: nagios1.2.tar.gz nagiosplugins1.3.1.tar.gz Copy the required modules to the root directory with the command: # cp /mnt/cdrom/Tools/Linux/Nagios/* /root 3. Get a directory listing of the /root directory to ensure all of the files were copied there with the following command: # ls l /root 4. Switch into the root directory (if you are not already there): # cd /root 5. Create a directory for Nagios to be installed in: # mkdir /usr/local/nagios 6. Create a user for Nagios to run as: # useradd nagios 7. Install Nagios with the following series of commands (tar unpackages and then unzips the zipped tarball which is a set of files packaged together): Note: This can take a few minutes for all of the code to compile. # tar zxvf nagios1.2.tar.gz # cd nagios1.2 # ./configure # make all # clear Network Monitoring with Nagios Page 2 of 16 Copyright 2005 Carnegie Mellon University # make install # make installinit # make installconfig # clear 8. Enable Nagios to run at boottime: # chkconfig add nagios 9. Install the Nagios plugins with the following series of commands: # cd /root # tar zxvf nagiosplugins1.3.1.tar.gz # cd nagiosplugins1.3.1 # ./configure # make all # clear # make install # clear 3 Installing and Configuring Apache Nagios uses a web interface to report monitoring information, and therefore requires a web server to be configured. Nagios requires two virtual directories on the web server--one for CGI programs and one for static content. You will require basic authentication on each of these directories. 1. There is one module that you need to implement Apache: httpd2.0.408.i386.rpm Copy the required files to the /root directory with this command: # cp /mnt/cdrom/Tools/Linux/Apache/httpd* /root 2. Using the following commands, change to the /root directory and get a directory listing to confirm all of the httpd files were copied: # cd /root # ls l 3. Install the Apache modules: # rpm ivh httpd2.0.4632.ent.WB1.i386.rpm 4. Entering the following command will create init scripts at run levels 25 to start the httpd service every time the system is started up. # chkconfig level 2345 httpd on Network Monitoring with Nagios Page 3 of 16 Copyright 2005 Carnegie Mellon University 5. Use chkconfig to ensure that httpd is configured to be running on the correct run levels (2,3,4,5): # chkconfig list | grep httpd httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off 6. Start the web server: # service httpd start 7. Make sure that Apache is running: # ps eaf | grep httpd If the output from the above command is similar to the output in the following screenshot, then Apache is up and running. root 3937 1 0 10:29 ? 00:00:00 /usr/sbin/httpd apache 3940 3927 0 10:29 ? 00:00:00 /usr/sbin/httpd apache 3941 3927 0 10:29 ? 00:00:00 /usr/sbin/httpd apache 3942 3927 0 10:29 ? 00:00:00 /usr/sbin/httpd apache 3943 3927 0 10:29 ? 00:00:00 /usr/sbin/httpd apache 3944 3927 0 10:29 ? 00:00:00 /usr/sbin/httpd apache 3945 3927 0 10:29 ? 00:00:00 /usr/sbin/httpd apache 3946 3927 0 10:29 ? 00:00:00 /usr/sbin/httpd apache 3947 3927 0 10:29 ? 00:00:00 /usr/sbin/httpd 4 VI Introduction Configuring Nagios requires quite a bit of text file manipulation--while in VI, please work methodically. You can however, speed things up considerably by learning some VI basics. There are two modes in VI, command mode and insert mode. When you first open VI it will be in command mode. One way to enter insert mode is by pressing the [Insert] button (other ways will be discussed soon). To return to command mode press [Esc]. Insert mode simply allows you to type text into a file. Command mode offers many ways to manipulate text. Most commands are of the form: number+command+location, meaning the command will be applied to the given location a certain number of times. For example, the command `5dw' will issue the delete command on the five words to the right of the cursor. The number part of the command is optional, and the default is once. The following are the commands you will be using in the upcoming sections. Remember that you must be in command mode to use commands. If you Network Monitoring with Nagios Page 4 of 16 Copyright 2005 Carnegie Mellon University are not sure which mode VI is in, hit [Esc] to be certain you are in command mode. VI Command Reference / Find n find next <shift>N find previous y yank (copy) yy yank line d delete (cut) dd delete line x delete character p put (paste) after cursor <shift>P put before cursor c change text <shift>C change all text on line to right of cursor 0 (zero) move cursor to beginning of line <shift>$ move cursor to end of line h,j,k,l move cursor [left,down,up,right] {,} move cursor [up,down] to next empty line w,b move cursor [right,left] one word <shift>G move cursor to end of file i insert mode to at current cursor position <shift>I insert mode at first nonwhitespace character of line a insert mode to right of cursor (append) <shift>A insert mode at end of line o add new line below cursor, insert mode on new line <shift>O add new line above cursor, insert mode on new line u undo last command . repeat last command :w<enter> write file (save) [advice: write early, write often!] :q<enter> quit VI :wq<enter> write and quit 1. Edit the httpd.conf file with VI to add the virtual directories: # clear # vi /etc/httpd/conf/httpd.conf 2. Press [Shift]`G' to move to the end of the file. 3. Press `o' to add a new line and enter insert mode. Press [Enter] to ensure there is a blank line after the #</VirtualHost> line. Carefully add the following lines to the file to create a scripts virtual directory: ScriptAlias /nagios/cgibin /usr/local/nagios/sbin/ <Directory "/usr/local/nagios/sbin/"> Options ExecCGI Network Monitoring with Nagios Page 5 of 16 Copyright 2005 Carnegie Mellon University AuthName "Nagios Access" AuthType "Basic" AuthUserFile /usr/local/nagios/etc/htpasswd.users require validuser Satisfy all allow from 10.0.0.0/16 deny from all order deny,allow AuthAuthoritative on ServerSignature Off </Directory> 4. Press [Enter] to ensure there is a blank line after the `</Directory>' line. The second virtual directory will be very similar to this one, so you will copy and paste the text you just typed (or "yank" and "put" in VI jargon). Press [Esc] to leave insert mode and then press `{' to move to the blank line before "ScriptAlias...". Now type `y}'. Now press `p' to put the text you just yanked. Now press `i' to enter Insert mode, and use the arrow nd keys to navigate to the 2 of the two blank lines separating the two blocks of text. Press the [backspace] key to ensure that there is only one blank line between them. Now, make the following changes to the second virtual directory information: The original pasted text: ScriptAlias /nagios/cgibin /usr/local/nagios/sbin/ <Directory "/usr/local/nagios/sbin/"> Options ExecCGI Must be changed to the following: Alias /nagios /usr/local/nagios/share/ <Directory "/usr/local/nagios/share/"> Options None 5. Because this web server will not serve any content aside from Nagios, add a directive to redirect requests for the root virtual directory to the Nagios virtual directory. Press [Esc] to leave insert mode and then Press <shift>+'G' to move to the end of the file, then press `o' to enter insert mode on a new line, and type the following: RedirectMatch ^/$ http://10.0.4.8/nagios/ 6. Now you will use VI's Find command to edit the ServerName information. Press [Esc] and then press `/' now type "ServerName" and you should be taken to the description of this Entry in the configuration file. Now press `i' to reenter Insert mode, and use the arrow keys to navigate to #ServerName... (just below the description). Network Monitoring with Nagios Page 6 of 16 Copyright 2005 Carnegie Mellon University Edit this line to look like this: (make sure you remove the # sign) ServerName 10.0.4.8:80 7. Press [Esc] to stop editing and then save and exit the file: :wq 8. Clear the screen and then move to the Nagios etc directory: # clear # cd /usr/local/nagios/etc 9. Create a password file for Apache authentication: # htpasswd c htpasswd.users nagios 10.You will be prompted for a password twice enter `tartans' each time. 11.Make sure Apache can access this file by giving it ownership, and make sure it is the only user that can access the file: # chown apache.apache htpasswd.users # chmod 700 htpasswd.users 12.Restart the Apache service: # service httpd restart If you see the following, Apache is running correctly: Stopping httpd: [ OK ] Starting httpd: [ OK ] 5 Configuring Nagios Nagios comes with sample configuration files. You will start with these sample configurations, and customize them for our network. 5.1 Backup sample configuration and rename files 1. Move to the Nagios etc directory if not already there: # cd /usr/local/nagios/etc 2. Create a directory for the backup sample configuration: Network Monitoring with Nagios Page 7 of 16 Copyright 2005 Carnegie Mellon University # mkdir sample 3. Copy the sample files into the backup directory: # cp *.cfgsample sample/ 4. Now we'll use a "for loop" script to change .cfgsample extensions to .cfg (note: this command should be typed in as a single line also, the "`" character in the command is a backtick, not a single quote: it is usually located to the left of the "1" key): # for i in *cfgsample do mv $i `echo $i | sed e s/cfg sample/cfg/` done 5.2 Add Access Privileges By default many of the Nagios features are inaccessible by any user. You need to explicitly allow access to use these features. 1. Edit cgi.cfg with VI. This file controls settings for the Nagios web interface CGI programs. # vi cgi.cfg 2. Use the VI find command (`/') to find the system information access setting: /system_information 3. Press `0' (zero) to move to the beginning of the line. Press `x' to remove the "#". Press <shift>+`A' to enter insert mode at the end of the line. Press [backspace] until the finished line looks as follows: authorized_for_system_information=nagios 4. Press [Esc] to return to command mode. Use the VI search command (`/') to find the host access setting: /all_hosts 5. Use the technique above to change the line as follows: authorized_for_all_hosts=nagios 6. Press [Esc] to return to command mode, then save and exit: Network Monitoring with Nagios Page 8 of 16 Copyright 2005 Carnegie Mellon University :wq 5.3 Configure Monitoring of Hosts and Services Nagios uses a template model for configuration. For example, to configure the way hosts are monitored, you can define a generic host template that has the settings you want to use for all hosts. Then for each host definition you only need to specify the settings that vary from host to host. 1. Edit hosts.cfg with VI. This file contains all host definitions and templates: # vi hosts.cfg 2. The first host definition is for "generichost". This is will be our host template. You need to add five lines after the "register" line. Press `j' repeatedly to move the cursor down to this line. Press `o' to add a new line and enter insert mode. The final definition should be as follows: (Note: comments have been removed for brevity, type the new lines shown in bold): define host{ name generichost notifications_enabled 1 event_handler_enabled 1 flap_detection_enabled 1 process_perf_data 1 retain_status_information 1 retain_nonstatus_information 1 register 0 check_command checkhostalive max_check_attempts 10 notification_interval 120 notification_period 24x7 notification_options d,u,r } 3. Press [Esc] to leave insert mode. You now need to delete all the sample host definitions. Use `j' to move the cursor to the first blank line after the "generichost" definition. Press `d', then press [Shift]+`G'. This deletes everything from the cursor to the end of the file. 4. Add a host definition for Abrams to the end of the file. The definition will specify which template to use, the host's name, an alias, and the IP address. All other settings are taken from the template. Press `o' to add a new line and enter insert mode, press [Enter] to add a blank line and then add the following lines: Network Monitoring with Nagios Page 9 of 16 Copyright 2005 Carnegie Mellon University define host{ use generichost host_name Abrams alias Abrams address 10.0.4.8 } 5. Press [Enter] to ensure there is a blank line after the `}'. The remaining host definitions will be very similar to this one, so you will yank and put this definition to save on typing. Press [Esc] to leave insert mode and then use `{' to move to the line before "define host{". Now type `y}'. This yanks to the next blank line. You will add 2 more hosts, so use the command `2'<shift>+`P' to put the yanked text two times before the cursor. 6. Now you need to edit the new hosts. The following table contains the other hosts' data: host_name Powell Franks address 10.0.1.3 10.0.1.4 7. Enter Insert mode by pressing `i' and use the [backspace] key to remove Abrams and 10.0.4.8 entries from the pasted text. Then type in the correct host data from the table above. Save and exit the file: :wq 8. Edit hostgroups.cfg with VI. This file contains definitions of hostgroups, which control how hosts are grouped in the Nagios web interface. With Nagios, you can choose to define your hostgroups based on role (i.e., webservers, user workstations, etc.) or by subnet or however it makes the most sense to you. Typically you would define separate hostgroups so you have great flexibility and granularity when checking the availability of your systems. For this lab, we'll add just one hostgroup definition called monitoredhosts. # vi hostgroups.cfg 9. You won't use any of the existing hostgroups, so you start by deleting the contents of the file. Move the cursor to the top of the file, press `d', then press [Shift]+`G'. This deletes everything from the cursor to the end of the file. 10.Press `i' to enter insert mode, and then add the following lines: Network Monitoring with Nagios Page 10 of 16 Copyright 2005 Carnegie Mellon University define hostgroup{ hostgroup_name monitoredhosts alias monitoredhosts contact_groups networkadmins members Powell, Franks, Abrams } 11. In command mode (Press [Esc] if unsure), save and exit the file: :wq 12.Edit contactgroups.cfg with VI. This file defines the groups that can be contacted via email or pager when certain events occur: # vi contactgroups.cfg 13.You won't use any of the existing contact groups, so you start by deleting the contents of the file. Move the cursor to the top of the file, press `d', then press [Shift]+`G'. This deletes everything from the cursor to the end of the file. 14.Add a single contact group definition. Press `i' to enter insert mode, and add the following lines: define contactgroup{ contactgroup_name networkadmins alias All Network Administrators members nagios } 15.Press [Esc] to stop editing and then save and exit the file: :wq 16.Edit contacts.cfg with VI. This file defines individual contacts, their availability, and their means of contact: # vi contacts.cfg 17.You won't use any of the existing contacts, so you start by deleting the contents of the file. Move the cursor to the top of the file, press `d', then press [Shift]+`G'. This deletes everything from the cursor to the end of the file. 18.Add a single contact definition. Press `i' to enter edit mode, and add the following lines: Network Monitoring with Nagios Page 11 of 16 Copyright 2005 Carnegie Mellon University define contact{ contact_name nagios alias Administrator service_notification_period 24x7 host_notification_period 24x7 service_notification_options w,u,c,r host_notification_options d,u,r service_notification_commands notifybyemail host_notification_commands hostnotifybyemail email [email protected] } 19.Press [Esc] to stop editing and then save and exit the file: :wq 20.Edit resource.cfg with VI. This file contains definitions of macros used in other configuration files. It is particularly useful for storing sensitive information such as user names and passwords. The CGI programs do not directly access this file, so you can set restrictive permissions on it to protect its contents. # vi resource.cfg 21.There is already a section for users and passwords. Move the cursor to the line "#$USER$=someuser" (hint: `3}jj').: 22.Press `0' (zero) to move to the beginning of the line. Press `x' to remove the "#". Move the cursor forward to the "s" of "someuser". Change "someuser" to "nagios" (hint: <shift>+`C'). The line should look as follows: $USER3$=nagios 23.Press [Esc] to return to command mode. Do the same thing for the next line except set it to "administrator": $USER4$=administrator 24. Press [Enter] to create a new line and type the following: $USER5$=tartans 25.Be sure you're in command mode ([Esc]), then save and exit: :wq Network Monitoring with Nagios Page 12 of 16 Copyright 2005 Carnegie Mellon University 26.Make sure this file is only accessible by Nagios and root: # chmod 660 resource.cfg 27.Edit checkcommands.cfg with VI. This file defines the commands that Nagios will use to monitor services: # vi checkcommands.cfg 28.Many of the commands you will need are predefined. However, you need to create a few custom commands. Keep all the existing commands by pressing [Shift]+`G' to skip to the end of the file. Note that many commands use macros in the command line. Some of the macros Nagios uses are: $HOSTADDRESS$ the address of the host for which the command is run $USER1$ the full path to the Nagios plugins directory $USERN$ custom macros defined in resource.cfg $ARGN$ parameters supplied in the service definition 29.Add a command definition for checking Nagios itself. This command will verify that the correct Nagios process is running and the Nagios log file is updated frequently. Press `o' to add a new line and enter edit mode, and press [Enter] to add a blank line. Now add the following lines (note: `command_line' must all appear on one line, even though it spans multiple lines in this document): define command{ command_name check_nagios command_line $USER1$/check_nagios F /usr/local/nagios/var/status.log e 5 C /usr/local/nagios/bin/nagios } 30.Press [Enter] to ensure there is a blank line after the `}'. Press [Esc] and add the following commands. First yank the command definition you just created (hint: `{', `y}'), then put it four times (hint: `4'<shift>+`P'). Now press `i' to enter insert mode and use the keyboard arrows to scroll down to the pasted command definitions and edit them per the table below: command_name command_line check_ssh $USER1$/check_ssh H $HOSTADDRESS$ check_webmin $USER1$/check_http H $HOSTADDRESS$ ssl p 10000 s "Webmin server" check_http_nagios $USER1$/check_http H $HOSTADDRESS$ u /nagios/ a $USER3$:$USER5$ check_dmz_dns $USER1$/check_dns H www.aia.class s Network Monitoring with Nagios Page 13 of 16 Copyright 2005 Carnegie Mellon University $HOSTADDRESS$ 31.In command mode (Press [Esc] if unsure), save and exit the file: :wq 32.Edit services.cfg with VI. This file defines the services running on the network, and specifies which commands should be used to monitor them: # vi services.cfg 33.The first service definition is for "genericservice". This is will be our service template. You need to add nine lines after the "register" line. (hint: type `/register') Press `o' to add a new line and enter insert mode. Type the following new lines in the service definition: is_volatile 0 check_period 24x7 max_check_attempts 3 normal_check_interval 3 retry_check_interval 1 contact_groups networkadmins notification_interval 120 notification_period 24x7 notification_options c,r 34.Press [Esc] to leave edit mode. You now need to delete all the sample service definitions. Move the cursor to the first blank line after the "genericservice" definition (the section you just edited). Press `d', then press [Shift]+`G'. This deletes everything from the cursor to the end of the file. 35.For every host you will define a "ping" service, just to verify that the machine is reachable. Press `o' to add a new line and enter insert mode then press [Enter] to add a blank line. Now add the following lines: define service{ use genericservice host_name * service_description PING check_command check_ping!100.0,20%!500.0,60% } 36. Press [Enter] to ensure there is a blank line after the `}'. Now you will add definitions for the specific services running on the hosts. The following is a list of all the services you will monitor. Press [Esc] to return to command mode. First yank the service definition you just created (hint: `{', `y}'), then put it 6 times (hint: `6'<shift>+`P'). Now press `i' to enter insert mode and use the keyboard arrows to scroll down to the Network Monitoring with Nagios Page 14 of 16 Copyright 2005 Carnegie Mellon University pasted service definitions and edit them per the table below: (note: all settings must be written on a single line and "use" will always be "genericservice"): host_name Abrams Abrams Powell Powell Franks Powell, Abrams service_description Nagios HTTP Nagios Webmin DMZ DNS HTTP SSH check_command check_http_nagios check_nagios check_webmin check_dmz_dns check_http check_ssh 37.Press [Esc] to switch to command mode and then save and exit the file: :wq 38.Finally, you will not be using dependencies or escalations, so you need to remove the settings from these files. However, the files must be present or Nagios will not start properly. Use the following commands to zero out these files: # echo > dependencies.cfg # echo > escalations.cfg 5.4 Test and Start Nagios 1. Run the Nagios configuration verification. You can use the arrow keys to navigate through the verification report. You want to make sure that "Total Warnings" and "Total Errors" are both zero. If you have any warnings or errors, you'll need to open and edit the identified configuration file to correct the problem. These are likely to be typos in the config files. Press `q' to exit the report when your done checking it. # cd /usr/local/nagios/etc # ../bin/nagios v nagios.cfg | less 2. Start Nagios # service nagios start If you see the following message, Nagios is running correctly: Starting network monitor: nagios PID TTY TIME CMD XXXX ? 00:00:00 nagios Network Monitoring with Nagios Page 15 of 16 Copyright 2005 Carnegie Mellon University 6 Using Nagios 1. From your VTE Landing Pad XP system, minimize the putty.exe ssh window and click the Internet Browser icon and log into Nagios by typing as the URL: http://10.0.4.8/nagios Username: nagios Password: tartans (Note: it is recommended to not allow your Internet browser to remember passwords in this exercise) 2. Explore the Nagios interface. Note that some of the features are not enabled by default. Of most interest are the first six items under "Monitoring": Tactical Overview Service Detail Host Detail Status Overview Status Summary Status Grid 3. You should get Green notifications for all hosts within 3 minutes. 4. Now to verify that Nagios is functioning correctly, Double click on the Putty.exe application on your VTE landing pad XP system. Make a new SSH connection to 10.0.1.3 (this is Powell, the DNS server in this lab). Login to Powell as root (password is also tartans) and stop the named service (DNS) by typing the following. # service named stop 5. Now go back to your Internet browser and explore the Nagios web interface console. The DMZ DNS service should go red (critical) within 3 minutes. Nagios provides a powerful availability monitoring capability that can strengthen the overall resiliency and security of your networks and services. And you won't even have to justify it's pricetag, remember... it's free! Network Monitoring with Nagios Page 16 of 16 ...
View Full Document

This note was uploaded on 04/19/2008 for the course INI 14761 taught by Professor May during the Spring '08 term at Carnegie Mellon.

Ask a homework question - tutors are online