Code: Select all
yum install epel-release
yum install checkpolicy
yum install nano########## Apache httpd : Install ##########
[1] Install httpd.
Code: Select all
[root@www ~]# dnf -y install httpd
# rename or remove welcome page
[root@www ~]# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.org[2] Configure httpd. Replace Server name to your own environment.
Code: Select all
[root@www ~]# nano /etc/httpd/conf/httpd.conf
# line 89 : change to admin's email address
ServerAdmin root@srv.world
# line 98 : change to your server's name
ServerName www.telcoforum.com:80
# line 147 : change (remove [Indexes])
Options FollowSymLinks
# line 154 : change
AllowOverride All
# line 167 : add file name that it can access only with directory's name
DirectoryIndex index.html index.php index.cgi
# add follows to the end
# server's response header
ServerTokens Prod
[root@www ~]# systemctl enable --now httpd[3] If Firewalld is running, allow HTTP service. HTTP uses 80/TCP.
Code: Select all
[root@www ~]# firewall-cmd --add-service=http --permanent
success
[root@www ~]# firewall-cmd --reload
success########## Install PHP 7.4. ##########
[1] Confirm the current enabled version of PHP and Install it.
Code: Select all
[root@dlp ~]# dnf module list php
CentOS Stream 8 - AppStream
Name Stream Profiles Summary
php 7.2 [d] common [d], devel, minimal PHP scripting language
php 7.3 [e] common [d], devel, minimal PHP scripting language
php 7.4 common [d], devel, minimal PHP scripting language
# if other versions are enabled, reset once and switch to the version
Code: Select all
[root@dlp ~]# dnf module reset php
[root@dlp ~]# dnf module enable php:7.4Code: Select all
[root@dlp ~]# dnf module -y install php:7.4/common================================================================================
Package Arch Version Repository Size
================================================================================
Upgrading:
php-cli x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 3.1 M
php-common x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 696 k
php-fpm x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 1.6 M
php-json x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 74 k
php-mbstring x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 484 k
php-xml x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 174 k
Installing module profiles:
php/common
Transaction Summary
================================================================================
Upgrade 6 Packages
.....
.....
Code: Select all
[root@dlp ~]# php -v# verify to create test scriptPHP 7.4.6 (cli) (built: May 12 2020 08:09:15) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
Code: Select all
[root@dlp ~]# echo "<?php echo 'PHP 7.4 Test Page'.\"\n\"; ?>" > php_test.php
[root@dlp ~]# php php_test.php
PHP 7.4 Test Page########## Install MariaDB to configure Database Server. ##########
[1] Install MariaDB.
Code: Select all
[root@www ~]# dnf module -y install mariadb:10.3
[root@www ~]# nano /etc/my.cnf.d/charset.cnf# set default charaset
# if not set, default is [latin1]
# for the case of 4 bytes UTF-8, specify [utf8mb4]
Code: Select all
[mysqld]
character-set-server = utf8mb4
[client]
default-character-set = utf8mb4
[root@www ~]# systemctl enable --now mariadbCode: Select all
[root@www ~]# firewall-cmd --add-service=mysql --permanent
success
[root@www ~]# firewall-cmd --reload
success[3] Initial Settings for MariaDB.
Code: Select all
[root@www ~]# mysql_secure_installationSERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
# set root password
Code: Select all
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
# remove anonymous users
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
# disallow root login remotely
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
# remove test database
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
# reload privilege tables
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
# connect to MariaDB with root
Code: Select all
[root@www ~]# mysql -u root -p
Enter password: # password you set
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 17
Server version: 10.3.11-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
Code: Select all
show user list+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| root | 127.0.0.1 | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| root | ::1 | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
+------+-----------+-------------------------------------------+
3 rows in set (0.000 sec)
Code: Select all
show database list+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
# create test database
Code: Select all
MariaDB [(none)]> create database test_database;
Query OK, 1 row affected (0.000 sec)Code: Select all
MariaDB [(none)]> create table test_database.test_table (id int, name varchar(50), address varchar(50), primary key (id));
Query OK, 0 rows affected (0.108 sec)Code: Select all
MariaDB [(none)]> insert into test_database.test_table(id, name, address) values("001", "CentOS", "Hiroshima");
Query OK, 1 row affected (0.036 sec)Code: Select all
MariaDB [(none)]> select * from test_database.test_table;
+----+--------+-----------+
| id | name | address |
+----+--------+-----------+
| 1 | CentOS | Hiroshima |
+----+--------+-----------+
1 row in set (0.000 sec)Code: Select all
MariaDB [(none)]> drop database test_database;
Query OK, 1 row affected (0.111 sec)
MariaDB [(none)]> exit
ByeInstall Cacti and SNMP.
# install from EPEL
Code: Select all
[root@dlp ~]# dnf --enablerepo=epel -y install cacti net-snmp net-snmp-utils php-mysqlnd php-snmp php-bcmath rrdtoolCode: Select all
[root@dlp ~]# nano /etc/snmp/snmpd.confCode: Select all
#com2sec notConfigUser default public# change [mynetwork] to your own network
# change comunity name except public, private (for security reason)
## sec.name source community
Code: Select all
com2sec local localhost Serverworld
com2sec mynetwork 10.0.0.0/24 Serverworld## group.name sec.model sec.name
Code: Select all
group MyRWGroup v2c local
group MyROGroup v2c mynetworkCode: Select all
## incl/excl subtree mask
view all included .1 80
Code: Select all
## context sec.model sec.level prefix read write notif
access MyROGroup "" v2c noauth exact all none none
access MyRWGroup "" v2c noauth exact all all allCode: Select all
[root@dlp ~]# systemctl enable --now snmpd# replace [Serverworld] to the comunity name you set
Code: Select all
[root@dlp ~]# snmpwalk -v2c -c Serverworld localhost system
SNMPv2-MIB::sysDescr.0 = STRING: Linux dlp.srv.world 4.18.0-305.el8.x86_64 #1 SMP Tue May 18 14:52:12 UTC 2021 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1250) 0:00:12.50
SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: dlp.srv.world
.....
.....[6] Change MariaDB settings to Cacti required or recommended settings.
Code: Select all
[root@dlp ~]# nano /etc/my.cnf.d/mariadb-server.cnfCode: Select all
[mysqld]
.....
.....
default-time-zone='Asia/Karachi'
character-set-server=utf8mb4
character_set_client=utf8mb4
collation-server=utf8mb4_unicode_ci
max_heap_table_size=128M
tmp_table_size=128M
join_buffer_size=256M
innodb_file_format=Barracuda
innodb_large_prefix=1
innodb_buffer_pool_size=2048M
innodb_flush_log_at_timeout=3
innodb_read_io_threads=32
innodb_write_io_threads=16
innodb_buffer_pool_instances=17
innodb_io_capacity=5000
innodb_io_capacity_max=10000Code: Select all
[root@dlp ~]# mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
Enter password:
Warning: Unable to load '/usr/share/zoneinfo/leapseconds' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/tzdata.zi' as time zone. Skipping it.
[root@dlp ~]# systemctl restart mariadbCreate a Database for Cacti and import tables.
Code: Select all
[root@dlp ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
# replace [password] to any password
Code: Select all
MariaDB [(none)]> create database cacti;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on cacti.* to cacti@'localhost' identified by 'cactipassword';
Query OK, 0 rows affected (0.00 sec)Code: Select all
MariaDB [(none)]> grant select on mysql.time_zone_name to cacti@'localhost';
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
ByeCode: Select all
[root@dlp ~]# mysql -u cacti -p cacti < /usr/share/doc/cacti/cacti.sql
Enter password: # cacti user passwordCode: Select all
[root@dlp ~]# setsebool -P httpd_can_network_connect on
[root@dlp ~]# setsebool -P httpd_unified on
[root@dlp ~]# setsebool -P domain_can_mmap_files onCode: Select all
[root@dlp ~]# nano cacti-phpfpm.teCode: Select all
module cacti-phpfpm 1.0;
require {
type admin_home_t;
type httpd_t;
type httpd_log_t;
class file { getattr map open read unlink write };
class dir { remove_name };
}
#============= httpd_t ==============
allow httpd_t admin_home_t:file map;
allow httpd_t admin_home_t:file { getattr open read };
allow httpd_t httpd_log_t:dir remove_name;
allow httpd_t httpd_log_t:file { unlink write };Code: Select all
[root@dlp ~]# checkmodule -m -M -o cacti-phpfpm.mod cacti-phpfpm.te
checkmodule: loading policy configuration from cacti-phpfpm.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 19) to cacti-phpfpm.mod
[root@dlp ~]# semodule_package --outfile cacti-phpfpm.pp --module cacti-phpfpm.mod
[root@dlp ~]# semodule -i cacti-phpfpm.ppCode: Select all
[root@dlp ~]# nano /etc/cron.d/cacti
# uncomment
*/5 * * * * apache /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1Code: Select all
[root@dlp ~]# nano /usr/share/cacti/include/config.phpCode: Select all
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "cactipassword";
$database_port = "3306";
$database_ssl = false;Code: Select all
[root@dlp ~]# nano /etc/php.iniCode: Select all
max_execution_time = 60
# line 409 : change to Cacti recommended
memory_limit = 512M
# line 923 : set default timezone (replace to your own one)
date.timezone = Asia/Karachi
[root@dlp ~]# nano /etc/httpd/conf.d/cacti.conf
# line 17 : add access permission if you need
Require host localhost
Require ip 10.0.0.0/24Code: Select all
[root@dlp ~]# systemctl restart httpd php-fpm########## Spine installation ##########
Preinstall
Code: Select all
yum install cmake
yum install wget
yum install make
dnf --enablerepo=powertools install help2man
yum install -y gcc mysql-devel net-snmp-devel autoconf automake libtool dos2unixCode: Select all
wget https://files.cacti.net/spine/cacti-spine-1.2.19.tar.gz
tar xfz cacti-spine-1.2.19.tar.gzCode: Select all
cd cacti-spine-1.2.19Code: Select all
./bootstrap
./configure
make
make install
chown root:root /usr/local/spine/bin/spine
chmod u+s /usr/local/spine/bin/spineCode: Select all
mv /usr/local/spine/etc/spine.conf.dist /usr/local/spine/etc/spine.confCode: Select all
nano /usr/local/spine/etc/spine.confCode: Select all
DB_Host localhost
DB_Database cacti
DB_User cacti
DB_Pass cactipassword