Installing Cacti for network monitoring

2016.09.25

Short form install instructions for Debian-based Linuxes:

 apt-get install cacti

You may be prompted to install Apache and MySQL if you don’t have them installed.

You will prompted to select the webserver for which Cacti should be configured; select the appropriate one and then if MySQL is being installed, you’ll be prompted to set the MySQL ‘root’ user password.

The next prompt will be:

 The cacti package must have a database installed and configured before it can be used. 
 This can be optionally handled with dbconfig-common.
 Configure database for cacti with dbconfig-common?

Select yes and then enter the MySQL ‘root’ password when prompted. This will create the MySQL db and db user for cacti. You’ll be prompted for a password to set for that db user:

 Please provide a password for cacti to register with the database server. If left blank, a random password will be generated.
 MySQL application password for cacti:

Put a password in and then open your browser to http://$_the_server_you_installed_cacti_on/cacti ($_the_server_you_installed_cacti_on is either the FQDN or IP address of the server), select New Installation and click next: http://i.imgur.com/yI4sfm1.png

Configure the options and paths, if any paths are not filled in, do a “which” on the command line of the server you’re installing on, and it should give you the full path.

$ which php /usr/bin/php

If it’s not installed, install it with apt-get.

Log in with the username admin and password admin and you will be prompted to change the password.

Short form install for Redhat-based distributions:

Install the required packages: yum install httpd httpd-devel mysql mysql-server php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp net-snmp-utils net-snmp-libs rrdtool

MariaDB can be used instead of MySQL if you’ve already transitioned to it from mysql.

Start the www, db and snmp services:

 systemctl start httpd.service
 systemctl start mariadb.service
 systemctl start snmpd.service

and enable the services to autostart (chkconfig if you’re on older systems):

 systemctl enable httpd.service
 systemctl enable mariadb.service
 systemctl enable snmpd.service

Create a cacti database in your mysql:

 # mysql -u root -p -e 'create database cacti'

Create a cacti user with password ‘12345whatacoincidence’:

 # mysql -u root -p
 mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY '12345whatacoincidence';
 mysql> FLUSH privileges;
 mysql> \q

Installing cacti is made easier if you have the EPEL repo enabled, because then it’s just:

 yum install cacti

More info on EPEL repo: http://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/

The other (slightly more finicky) method is the tried and true compile-it-yourself method: http://www.cacti.net/download_cacti.php

In any case, when you have it installed, you’ll want to import the cacti tables from cacti.sql, so first, find ‘cacti.sql’:

 # rpm -ql cacti | grep cacti.sql

and then (assuming it told you the file is in “/opt/cacti/cacti-0.8.7d/cacti.sql”,) import the file:

 # mysql -u cacti -p cacti < /opt/cacti/cacti-0.8.7d/cacti.sql

Then you will need to edit your /etc/cacti/db.php file, using your actual values:

 $database_type = "mysql";
 $database_default = "cacti";
 $database_hostname = "localhost";
 $database_username = "cacti";
 $database_password = "12345whatacoincidence";
 $database_port = "3306";

Update your httpd config (probably /etc/httpd/conf.d/cacti.conf) to allow traffic to your cacti site and then restart httpd (or setup .htpasswd for that directory)

Edit the file /etc/cron.d/cacti to uncomment the cacti line.

Finally you’re able to open your browser to http://$_the_server_you_installed_cacti_on/cacti ($_the_server_you_installed_cacti_on is either the FQDN or IP address of the server), select New Installation and click next:http://i.imgur.com/yI4sfm1.png

 

 

 

 

 

Configure the options and paths, if any paths are not filled in, do a “which” on the command line of the server you’re installing on, and it should give you the full path. If it’s not installed, install it with yum:

$ which php /usr/bin/php

Log in with the username admin and password admin and you will be prompted to change the password.

Installing Cacti in Windows

If you have a WAMP install (because no one will give you a nickel to get a real computer), then you can still install cacti: http://myconfigure.blogspot.com/2013/02/the-easiest-way-to-install-cacti-on.html

Followup

  1. login to cacti and set up your systems/switches/routers/firewalls to be monitored
  2. install and configure Network Weathermap and tell it to use your cacti (or mrtg etc) data so you can get a nice realtime(-ish) graph of your speeds and feeds.
  3. install and configure the thold plugin to alert you if the systems you’re monitoring are dropping below a particular threshold

 

Categories : HowTo  Networking

Xwindows and Windows

2015.06.19

Exceed is the best. Unfortunately, it is pricey: http://connectivity.opentext.com/buy-online.aspx

Your other options are:

MobaXterm: in free and pay versions, pretty simple to install/setup and use.

Xming: free (old version) or pay (current version), also pretty simple to use.

Cygwin/X: complicated, kludgey and you should probably avoid it.

 

http://stackoverflow.com/questions/40453/what-is-a-good-and-free-x-server-for-windows

Tags :             

Configuring cacti for 1-minute polling

2014.10.24

Trickier than it sounds, just because there’s lots of moving parts. Here is a handy guide that gets all the notes right: http://www.tolaris.com/2013/07/09/cacti-and-1-minute-polling/

Categories : HowTo

Linux user auth against Active Directory

2014.07.30

Enabling user authentication on linux against Active Directory, using ubuntu, sssd and AD 2008 (should work with 2003r2)
1. Install the software you need:

apt-get install realmd sssd samba-common samba-common-bin samba-libs sssd-tools krb5-user adcli

2. vi /etc/sssd/sssd.conf and put this in it:

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3

3. chmod 0600 /etc/sssd/sssd.conf

4. vi /etc/realmd.conf and put this in it:

[service]
 automatic-install = no

5. run kinit Administrator@YOURDOMAIN.ALLINCAPS.TLD
6. run realm –verbose join yourdomain.allincaps.tld \
–user-principal=ubuntuserverhostname/Administrator@YOURDOMAIN.ALLINCAPS.TLD –unattended

You should have more content inside sssd.conf now, in the [domain/YOURDOMAIN.ALLINCAPS.TLD] section.
7. vi /etc/sssd/sssd.conf and comment out the line use_fully_qualified_names = True

 

You should now be able to su – to a domain user.

That’s it, you’re done: you can login to your linux box by authenticating to your Active Directory domain.

Additional (and optional) stuff is below, like adding groups and restricting logins based on groups.

 

Additional settings inside /etc/sssd/sssd.conf [domain] section to enable groups:

 [domain/yourdomain.allincaps.tld]
 ad_domain = yourdomain.allincaps.tld
 krb5_realm = YOURDOMAIN.ALLINCAPS.TLD
 realmd_tags = manages-system joined-with-adcli
 cache_credentials = True
 id_provider = ad
 krb5_store_password_if_offline = True
 default_shell = /bin/bash
 ldap_id_mapping = True
## comment out
#use_fully_qualified_names = True
## these will need to be created manually or you will need to modify pam to 
## mkdir them with pam_mkhomedir.so or use oddjob-mkhomedir, see below
 override_homedir = /home/%u
 fallback_homedir = /home/%d/%u
##group settings##
 ldap_group_uuid = objectGUID
 ldap_user_uuid = objectGUID
 ldap_group_member = member
 ldap_user_member_of = memberOf
 ldap_user_uid_number = uidNumber
 ldap_group_nesting_level = 1
 ldap_force_upper_case_realm = True
 ldap_user_principal = userPrincipalName
 ldap_user_object_class = user
 ldap_user_gid_number = gidNumber
 ldap_group_modify_timestamp = whenChanged
 ldap_group_object_class = group
 ldap_group_name = cn
 ldap_user_name = sAMAccountName
 ldap_ns_account_lock = userAccountControl
 ldap_user_home_directory = unixHomeDirectory
 ldap_user_modify_timestamp = whenChanged
 ldap_group_gid_number = gidNumber
 ldap_referrals = false
 ldap_group_nesting_level = 0

Test that groups are working by su’ing to an AD user and typing in “groups”, which will show you what groups your user is a member of.

To make the homedirectory autocreate:

1. edit /etc/pam.d/common-session (/etc/pam.d/session-auth in RHEL)and add this line before any pam_ldap or pam_krb5 lines:

#autocreate user homedirs
 session required pam_mkhomedir.so umask=0022 skel=/etc/skel

To limit login by AD group:

  1. Create a file that will have the group names allowed to login:
    vi /etc/login.allowed.per.ad.group

    and populate it with group names, one per line (I created an AD group called linux-login, to limit which users were allowed to login), like so:

    root
    wheel
    domain\ admins
    linux-login
  2. edit /etc/pam.d/common-auth (in RHEL this is /etc/pam.d/system-auth) and add this line to it:
    auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/login.allowed.per.ad.group

 

To allow an AD group to have access to sudo:

  1. visudo
  2. add the AD groups

%domain\ admins ALL=(ALL) ALL

%linux-sudo ALL=(ALL) ALL

Further reading:
Allow/Deny login per group:
http://www.cyberciti.biz/tips/howto-deny-allow-linux-user-group-login.html

Various bits, mostly to do with LDAP authentication, but can be translated for use with AD/sssd/pam (e.g. homedir creation)
https://help.ubuntu.com/community/LDAPClientAuthentication

http://www.chriscowley.me.uk/blog/2014/06/17/new-linux-active-directory-integration/

http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd/

http://linux.tvortex.net/2011/10/sssd-against-active-directory-2003.html

https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server