For those who seek help in different areas of software and hardware platform.

Initial Server Setup with Ubuntu 17.10


When you first install a new Ubuntu 17.10 server, there are a few post installation steps that you should take under consideration as part of the basic server setup. This will enhance the security and usability of your server and will provide you a solid foundation for subsequent actions.
Share:

How to Set Up DNS Servers with BIND on Ubuntu 17.10



BIND (Berkeley Internet Name Domain) is the most wanted DNS software over the Internet. The BIND package is available for all Linux distributions including Ubuntu, which makes the installation simple and straightforward.


In this tutorial, we will show you how to install, configure and administer BIND 9 as a private DNS server on a Ubuntu 17.10. For the purpose of this guide, we will use the 172.22.10.0/24 subnet.


Prerequisites:


  • Two Ubunutu Servers (nsrv1 and nsrv2) connected to a private network
  • A DNS clients (Windows, Linux, Unix) machine that will connect to your DNS servers


Install BIND on Both Servers

If you are done with above prerequisites, you are ready to begin installing the packages on both servers:

sudo apt-get update
sudo apt-get install bind9 bind9utils

Sample Output
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libirs141
Suggested packages:
  bind9-doc resolvconf
The following NEW packages will be installed:
  bind9 bind9utils libirs141
0 upgraded, 3 newly installed, 0 to remove and 17 not upgraded.
Need to get 604 kB of archives.
After this operation, 2,996 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://us.archive.ubuntu.com/ubuntu artful/main amd64 libirs141 amd64 1:9.10.3.dfsg.P4-12.6ubuntu1 [18.3 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu artful/main amd64 bind9utils amd64 1:9.10.3.dfsg.P4-12.6ubuntu1 [206 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu artful/main amd64 bind9 amd64 1:9.10.3.dfsg.P4-12.6ubuntu1 [380 kB]
Fetched 604 kB in 3s (187 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libirs141:amd64.
(Reading database ... 110883 files and directories currently installed.)
Preparing to unpack .../libirs141_1%3a9.10.3.dfsg.P4-12.6ubuntu1_amd64.deb ...
Unpacking libirs141:amd64 (1:9.10.3.dfsg.P4-12.6ubuntu1) ...
Selecting previously unselected package bind9utils.
Preparing to unpack .../bind9utils_1%3a9.10.3.dfsg.P4-12.6ubuntu1_amd64.deb ...
Unpacking bind9utils (1:9.10.3.dfsg.P4-12.6ubuntu1) ...
Selecting previously unselected package bind9.
Preparing to unpack .../bind9_1%3a9.10.3.dfsg.P4-12.6ubuntu1_amd64.deb ...
Unpacking bind9 (1:9.10.3.dfsg.P4-12.6ubuntu1) ...
Setting up bind9utils (1:9.10.3.dfsg.P4-12.6ubuntu1) ...
Processing triggers for ufw (0.35-5) ...
Rules updated for profile 'Apache Full'

Processing triggers for ureadahead (0.100.0-20) ...
Setting up libirs141:amd64 (1:9.10.3.dfsg.P4-12.6ubuntu1) ...
Processing triggers for libc-bin (2.26-0ubuntu2) ...
Processing triggers for systemd (234-2ubuntu12.1) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up bind9 (1:9.10.3.dfsg.P4-12.6ubuntu1) ...
Adding group `bind' (GID 119) ...
Done.
Adding system user `bind' (UID 114) ...
Adding new user `bind' (UID 114) with group `bind' ...
Not creating home directory `/var/cache/bind'.
wrote key file "/etc/bind/rndc.key"
#
Created symlink /etc/systemd/system/multi-user.target.wants/bind9.service → /lib/systemd/system/bind9.service.
Processing triggers for systemd (234-2ubuntu12.1) ...
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for ufw (0.35-5) ...
Rules updated for profile 'Apache Full'

To set BIND to IPv4 mode, you will do that by editing the “/etc/default/bind9” file on both servers and adding “-4” to the OPTIONS variable:

sudo nano /etc/default/bind9

The edited file should look something like this:

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-4 -u bind"

Save and exit the file.


Configure the Primary DNS Server

You need to edit the named.conf.options file:

sudo nano /etc/bind/named.conf.options

On top of the options block, add a new block called trusted.This list will allow the clients specified in it to send recursive DNS queries to our primary server. We will also add a couple of configuration settings to enable recursive queries on our nsrv1 and to have the server listen on our private network, add the configuration settings under the directory “/var/cache/bind” directive like in the example below:

acl "trusted" {
172.22.10.100;
172.22.10.200;
172.22.10.210;
172.22.10.220;
};
options {
directory "/var/cache/bind";
recursion yes;
        allow-recursion { trusted; };
        listen-on { 172.22.10.100; };
        allow-transfer { none; };

forwarders {
8.8.8.8;
8.8.4.4;
};
};

If the “listen-on-v6” directive is present in the named.conf.options file, delete it as we want BIND to listen only on IPv4.

When you are finished, Save and close the file

Now on nsrv1, open the named.conf.local file for editing:

sudo nano /etc/bind/named.conf.local

zone "example.com" {
    type master;
    file "/etc/bind/zones/db.example.com";
    allow-transfer { 172.22.10.200; };
};

zone "10.22.172.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.172.22.10";
    allow-transfer { 172.22.10.200; };
};

If your servers are in multiple private subnets in the same physical location, you need to specify a zone and create a separate zone file for each subnet.

When you are finished, save and close the file.

Now we’ll create the directory where we will store our zone files in:

sudo mkdir /etc/bind/zones

We will use the sample db.local file to make our forward zone file, let’s copy the file first:

cd /etc/bind/zones
sudo cp ../db.local ./db.example.com

Now edit the forward zone file we just copied:

sudo nano /etc/bind/zones/db.example.com

Replace localhost with your nsrv1 server’s FQDN, then replace “root.localhost” with “admin.example.com”.Every time you edit the zone file, increment the serial value before you restart named otherwise BIND won’t apply the change to the zone, we will increment the value to “3”. Add the nameserver records at the end of the file. After that add the A records for the hosts that need to be in this zone. That means any server whose name we want to end with “.example.com”:

The db.example.com file should look something like the following:

$TTL 604800
@ IN SOA nsrv1.example.com. admin.example.com. (
      3 ; Serial
604800 ; Refresh
  86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL

; name servers - NS records
IN NS nsrv1.example.com.
IN NS nsrv2.example.com.

; name servers - A records
nsrv1.example.com. IN A 172.22.10.100
nsrv2.example.com IN A 172.22.10.200

; 172.22.10.0/24 - A records
anyhost1.example.com IN A 172.22.10.210
anyhost2.example.com IN A 172.22.10.220

When you are done, save and close the file


Create the Reverse Zone File

We specify the PTR records for reverse DNS lookups in the reverse zone files. When the DNS server receives a PTR lookup query for an example for IP: “172.22.10.220”, it will check the reverse zone file to retrieve the FQDN of the IP address, in our case that would be “anyhost2.example.com”.

We will create a reverse zone file for every single reverse zone specified in the named.conf.local file we created on nsrv1. We will use the sample db.127 zone file to create our reverse zone file:

cd /etc/bind/zones
sudo cp ../db.127 ./db.172.22.10

Edit the reverse zone file so it matches the reverse zone defined in named.conf.local:

sudo nano /etc/bind/zones/db.172.22.10

You should modify the SOA record and increment the serial value. Add the nameserver records at the end of the file. Add the PTR records for all hosts that are on the same subnet in the zone file you created. This consists of our hosts that are on the 172.22.10.0/24 subnet. In the first column we reverse the order of the last two octets from the IP address of the host we want to add:

The “/etc/bind/zones/db.172.22.10” reverse zone file should look something like this:

$TTL 604800
@ IN SOA nsrv1.example.com. admin.example.com. (
      2 ; Serial
604800 ; Refresh
  86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers - NS records
IN NS nsrv1.example.com.
IN NS nsrv2.example.com.
; PTR records
100.10 IN PTR nsrv1.example.com. ;172.22.10.100
200.10 IN PTR nsrv2.example.com. ;172.22.10.200
210.10 IN PTR anyhost1.example.com. ;172.22.10.210
220.10 IN PTR anyhost2.example.com. ;172.22.10.220

Save and exit the reverse zone file.


Verify the Configuration Files

Use the following command to check the configuration syntax of all the named.conf files that we configured:

sudo named-checkconf

If your configuration files don’t have any syntax problems, the output will not contain any error messages. However if you do have problems with your configuration files, compare the settings in the “Configuring the Primary DNS Server” section with the files you have errors in and make the correct adjustment, then you can try executing the named-checkconf command again.

The named-checkzone can be used to check the proper configuration of your zone files.You can use the following command to check the forward zone “example.com”:

sudo named-checkzone example.com db.example.com

And if you want to check the reverse zone configuration, execute the following command:

sudo named-checkzone 10.22.172.in-addr.arpa /etc/bind/zones/db.172.22.10

Once you have properly configured all the configuration and zone files, restart the BIND service:

sudo systemctl restart bind9
sudo systemctl status bind9

Sample output
bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2017-11-23 10:58:29 PKT; 29min ago
     Docs: man:named(8)
  Process: 108624 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
 Main PID: 108627 (named)
    Tasks: 4 (limit: 19660)
   Memory: 9.4M
      CPU: 16ms
   CGroup: /system.slice/bind9.service
           └─108627 /usr/sbin/named -f -4 -u bind

Nov 23 10:58:30 nsrv1.example.com named[108627]: zone 0.in-addr.arpa/IN: loaded serial 1
Nov 23 10:58:30 nsrv1.example.com named[108627]: zone localhost/IN: loaded serial 2
Nov 23 10:58:30 nsrv1.example.com named[108627]: zone example.com/IN: NS 'nsrv2.example.com' has no address records (A or AAAA)
Nov 23 10:58:30 nsrv1.example.com named[108627]: zone example.com/IN: not loaded due to errors.
Nov 23 10:58:30 nsrv1.example.com named[108627]: zone 255.in-addr.arpa/IN: loaded serial 1
Nov 23 10:58:30 nsrv1.example.com named[108627]: zone 127.in-addr.arpa/IN: loaded serial 1
Nov 23 10:58:30 nsrv1.example.com named[108627]: zone 10.22.172.in-addr.arpa/IN: loaded serial 1
Nov 23 10:58:30 nsrv1.example.com named[108627]: all zones loaded
Nov 23 10:58:30 nsrv1.example.com named[108627]: running
Nov 23 10:58:30 nsrv1.example.com named[108627]: zone 10.22.172.in-addr.arpa/IN: sending notifies (serial 1)


Configure the Secondary DNS Server

Setting up a secondary DNS server is always a good idea as it will serve as a failover and will respond to queries if the primary server is unresponsive.

On nsrv2, edit the named.conf.options file:

sudo nano /etc/bind/named.conf.options

At the top of the file, add the ACL with the private IP addresses for all your trusted servers:

acl "trusted" {
        172.22.10.100;
        172.22.10.200;
        172.22.10.210;
        172.22.10.220;
};
options {
recursion yes;
        allow-recursion { trusted; };
        listen-on { 172.22.10.100; };
        allow-transfer { none; };

        forwarders {
                8.8.8.8;
                8.8.4.4;
        };

Save and exit the file.

Now open the named.conf.local file for editing:

sudo nano /etc/bind/named.conf.local

Now you should specify slave zones that match the master zones on the nsrv1 DNS server. The masters directive should be set to the nsrv1 DNS server’s private IP address:

zone "example.com" {
    type slave;
    file "slaves/db.example.com";
    masters { 172.22.10.100; };
};

zone "10.22.172.in-addr.arpa" {
    type slave;
    file "slaves/db.172.22.10";
    masters { 172.22.10.100; };
};

Save and exit the file.

Use the following command to check the syntax of the configuration files:

sudo named-checkconf

Then restart the BIND service:

sudo systemctl restart bind9


Configure the DNS Clients

We will now configure the hosts in our 172.22.10.0/24 subnet to use the nsrv1 and nsrv2 servers as their primary and secondary DNS servers. This greatly depends on the OS the hosts are running but for most Linux distributions the settings that need to be changed reside in the /etc/resolv.conf file.

Generally on the Ubuntu, Debian and CentOS distributions just edit the /etc/resolv.conf file, execute the following command as root:

nano /etc/resolv.conf

Then replace the existing nameservers with:

nameserver 172.22.10.100 #nsrv1
nameserver 172.22.10.200 #nsrv2

Save and exit the file

Now, test if your clients can send queries to the DNS servers you just configured:

nslookup anyhost1.example.com

Sample Output:
Server:     172.22.10.100
Address:    172.22.10.100#53

Name:   anyhost1.example.com
Address: 172.22.10.210

You can also test the reverse lookup by querying the DNS server with the IP address of the host:

nslookup 172.22.10.210

Sample Output:
Server:     172.22.10.100
Address:    172.22.10.100#53

210.10.22.172.in-addr.arpa   name = anyhost1.example.com.

Check if all of the hosts resolve correctly using the commands above, if they do that means that you’ve configured everything properly.
Share:

How To Install Linux, Apache, MySQL, PHP (LAMP) Stack on Ubuntu 17.10

This tutorial will walk you through the steps to set up a LAMP on an Ubuntu 17.10.

LAMP Stack is a group of open source software that is typically installed together to enable a server to host dynamic websites and web apps. This term is actually an acronym which represents the Linux operating system, with the Apache web server. The site data is stored in a MySQL database, and dynamic content is processed by PHP.
Share:

Microsoft Announces Azure Migrate Service for VMware Workloads


Azure Migrate service will guide VMware users on how to quickly and cost-effectively move their workloads to Microsoft's cloud.
Share:

How To Secure Apache with Let's Encrypt on Ubuntu 17.10



SSL certificates are used within web servers to encrypt the traffic between the server and client, providing extra layer of security for users accessing your applications. Let’s Encrypt provides an easy way to obtain and install trusted certificates free of cost.
Share:

The disastrous effect of advanced technology


Perhaps the most fundamental and direct impact that technology has on the everyday life of most people is economic in nature.
Share:

How To Set Up Apache Web Server on Ubuntu 17.10



The Apache web server is the most popular way of serving web content on the internet. Apache distributes its functionality and components into individual units that can be customized and configured independently. The basic unit that describes an individual site or domain is called a virtual host.
Share:

How To Resolve "Out of Memory" Errors on Ubuntu 17.10



Swap is an area on a disk drive that has been created as a place where the operating system can temporarily store data that it can no longer hold in Memory. The easiest way of increasing the performance of your Ubuntu server and guarding against out of memory errors in applications is to increase some swap space.
Share:

Basic Server Setup with Ubuntu 17.10 64bit


This step by step guide will walk you through the steps to install and configure your first Ubuntu Server 17.10.
Share:

How To Set Up an OpenVPN Server on Ubuntu 17.10


OpenVPN is a full-featured open source Secure Socket Layer (SSL) VPN solution that accommodates a wide range of configurations. In this guide, we'll set up an OpenVPN server on a Ubuntu machine and then configure access to it from Windows, OS X, iOS and Android.
Share:

How To Set Up Point-To-Point VPN with WireGuard on Ubuntu 16.04


This step by step guide will walk you through the steps to establish a point-to-point VPN connection with WireGuard using two Ubuntu 16.04 machines. First, we will begin installing the software and then generating cryptographic key pairs for each node. Afterwards, we will create a short configuration file to define the peer's connection information. Once we start up the interface, we will be able to send secure messages between the servers over the WireGuard interface.
Share:

How To Manage Virtual I/O Server using Command Line


VIOS (Virtual I/O Server) is a special purpose partition that can serve I/O resources to other partitions. The type of LPAR is set at creation. The VIOS LPAR type allows for the creation of virtual server adapters, where a regular AIX/Linux LPAR does not.
Share:

How to Install Nagios 4 on Ubuntu 16.04

This step by step guide will walk you through the steps to install and configure Nagios 4 on Ubuntu 16.04 Server. 


Installing Nagios 4

There are multiple ways to install Nagios, but we'll install Nagios and its components from source to ensure we get the latest features, security updates, and bug fixes.

Log into your Ubuntu Server that runs Apache.
ssh username@your_nagios_server_ip 
Create a nagios user and nagcmd group. You'll use these to run the Nagios process.
sudo useradd nagios
sudo groupadd nagcmd
Then add the user to the group:
sudo usermod -a -G nagcmd nagios
Since we are building Nagios and its components from source, we must install a few development libraries to complete the build, including compilers, development headers, and OpenSSL.

Update package lists to ensure we can download the latest versions of the prerequisites:
sudo apt-get update
Now install the required packages:
sudo apt-get install build-essential libgd2-xpm-dev openssl libssl-dev unzip
Download the source code for the latest stable release of Nagios Core. Go to the Nagios downloads page, and click the Skip to download link below the form. Copy the link address for the latest stable release so you can download it to your Nagios server.

Download the release to your home directory with the curl command:
cd ~
curl -L -O https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.3.4.tar.gz
Extract the Nagios archive:
tar zxf nagios-*.tar.gz
Then change to the extracted directory:
cd nagios-*
Before building Nagios, run the configure script to specify the user and group you want Nagios to use. Use the nagios user and nagcmd group you created:
./configure --with-nagios-group=nagios --with-command-group=nagcmd
You'll see the following output from the configure command:
Output
*** Configuration summary for nagios 4.3.4 2017-11-09 ***:

 General Options:
 -------------------------
        Nagios executable:  nagios
        Nagios user/group:  nagios,nagios
       Command user/group:  nagios,nagcmd
             Event Broker:  yes
        Install ${prefix}:  /usr/local/nagios
    Install ${includedir}:  /usr/local/nagios/include/nagios
                Lock file:  /run/nagios.lock
   Check result directory:  ${prefix}/var/spool/checkresults
           Init directory:  /etc/init.d
  Apache conf.d directory:  /etc/apache2/sites-available
             Mail program:  /bin/mail
                  Host OS:  linux-gnu
          IOBroker Method:  epoll

 Web Interface Options:
 ------------------------
                 HTML URL:  http://localhost/nagios/
                  CGI URL:  http://localhost/nagios/cgi-bin/
 Traceroute (used by WAP):


Review the options above for accuracy.  If they look okay,
type 'make all' to compile the main program and CGIs.
Now compile Nagios with below command:
make all
Now run these make commands to install Nagios, its init scripts, and its default configuration files:
sudo make install
sudo make install-commandmode
sudo make install-init
sudo make install-config
You'll use Apache to serve Nagios' web interface, so copy the sample Apache configuration file to the /etc/apache2/sites-available folder:
sudo /usr/bin/install -c -m 644 sample-config/httpd.conf /etc/apache2/sites-available/nagios.conf
In order to issue external commands via the web interface to Nagios, add the web server user, www-data, to the nagcmd group:
sudo usermod -G nagcmd www-data
Nagios is now installed.

Now we'll install a plugin which will allow Nagios to collect data from various hosts.


Installing the check_nrpe Plugin

Nagios monitors remote hosts using the Nagios Remote Plugin Executor, or NRPE. It consists of two pieces:

1. The check_nrpe plugin which is used by Nagios server.
2. The NRPE daemon, which runs on the remote hosts and sends data to the Nagios server.

Let's install the check_nrpe plugin on our Nagios server.

Find the download URL for the latest stable release of NRPE at the Nagios Exchange site.

Download it to your home directory with curl:
cd ~curl -L -O https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-3.2.1/nrpe-3.2.1.tar.gz
Extract the NRPE archive:
tar zxf nrpe-*.tar.gz
Then change to the extracted directory:
cd nrpe-*
Configure the check_nrpe plugin:
./configure
Now build and install check_nrpe:
make check_nrpe
sudo make install-plugin
Let's configure the Nagios server next.


Configuring Nagios

Now let's perform the initial Nagios configuration, which involves editing some configuration files and configuring Apache to serve the Nagios web interface. You only need to perform this step once on your Nagios server.

Open the main Nagios configuration file in your text editor:
sudo nano /usr/local/nagios/etc/nagios.cfg
Find this line in the file:


/usr/local/nagios/etc/nagios.cfg
#cfg_dir=/usr/local/nagios/etc/servers
Uncomment this line by deleting the # character from the front of the line:
Save the file and exit the editor.

Now create the directory that will store the configuration file for each server that you will monitor:
sudo mkdir /usr/local/nagios/etc/servers
Open the Nagios contacts configuration in your text editor:
sudo nano /usr/local/nagios/etc/objects/contacts.cfg
Find the email directive and replace its value with your own email address:
/usr/local/nagios/etc/objects/contacts.cfg

define contact{
        contact_name                    nagiosadmin             ; Short name of user
        use                             generic-contact         ; Inherit default values from generic-contact template (defined above)
        alias                           Nagios Admin            ; Full name of user
        email                           your_email@your_domain.com        ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******

Save and exit the editor.
Next, add a new command to your Nagios configuration that lets you use the check_nrpe command in Nagios service definitions. Open the file /usr/local/nagios/etc/objects/commands.cfg in your editor:
sudo nano /usr/local/nagios/etc/objects/commands.cfg
Add the following to the end of the file to define a new command called check_nrpe:
/usr/local/nagios/etc/objects/commands.cfg
...
define command{
        command_name check_nrpe
        command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
This defines the name and specifies the command-line options to execute the plugin. You'll use this command in Step 5.
Save and exit the editor.
Now configure Apache to serve the Nagios user interface. Enable the

Apache rewrite and cgimodules with the a2enmod command:
sudo a2enmod rewrite
sudo a2enmod cgi
    Use the htpasswd command to create an admin user called nagiosadmin that can access the Nagios web interface:
    sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
    
    Enter a password at the prompt. Remember this password, as you will need it to access the Nagios web interface.

    Note:
     If you create a user with a name other than nagiosadmin, you will need to edit /usr/local/nagios/etc/cgi.cfg and change all the nagiosadmin references to the user you created.
    Now create a symbolic link for nagios.conf to the sites-enabled directory. This enables the Nagios virtual host.
    • sudo ln -s /etc/apache2/sites-available/nagios.conf /etc/apache2/sites-enabled/
    Next, open the Apache configuration file for Nagios.
    • sudo nano /etc/apache2/sites-available/nagios.conf
    If you've configured Apache to serve pages over HTTPS, locate both occurrances of this line:
    /etc/apache2/sites-available/nagios.conf
    #  SSLRequireSSL
    
    
    Uncomment both occurrances by removing the # symbol.
    If you want to restrict the IP addresses that can access the Nagios web interface so that only certain IP addresses can access the interface, find the following two lines:
    /etc/apache2/sites-available/nagios.conf
    Order allow,deny
    Allow from all
    
    
    Comment them out by adding # symbols in front of them:
    /etc/apache2/sites-available/nagios.conf
    # Order allow,deny
    # Allow from all
    
    
    Then find the following lines:
    /etc/apache2/sites-available/nagios.conf
    #  Order deny,allow
    #  Deny from all
    #  Allow from 127.0.0.1
    
    
    Uncomment them by deleting the # symbols, and add the IP addresses or ranges (space delimited) that you want to allow to in the Allow from line:
    /etc/apache2/sites-available/nagios.conf
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 your_ip_address
    
    
    These lines appear twice in the configuration file, so ensure you change both occurrences. Then save and exit the editor.
    Restart Apache to load the new Apache configuration:
    • sudo systemctl restart apache2
    With the Apache configuration in place, you can set up the service for Nagios. Nagios does not provide a Systemd unit file to manage the service, so let's create one. Create the nagios.service file and open it in your editor:
    • sudo nano /etc/systemd/system/nagios.service
    Enter the following definition into the file. This definition specifies when Nagios should start and where Systemd can find the Nagios application. 
    /etc/systemd/system/nagios.service
    [Unit]
    Description=Nagios
    BindTo=network.target
    
    [Install]
    WantedBy=multi-user.target
    
    [Service]
    Type=simple
    User=nagios
    Group=nagios
    ExecStart=/usr/local/nagios/bin/nagios /usr/local/nagios/etc/nagios.cfg
    
    
    Save the file and exit your editor.
    Then start Nagios and enable it to start when the server boots:
    sudo systemctl enable /etc/systemd/system/nagios.service
    sudo systemctl start nagios
    Nagios is now running, so let's log in to its web interface.


    Accessing the Nagios Web Interface

    Open your favorite web browser, and go to your Nagios server by visiting http://nagios_server_public_ip/nagios.

    Enter the login credentials for the web interface in the popup that appears. Use nagiosadmin for the username, and the password you created for that user.

    After authenticating, you will see the default Nagios home page. Click on the Hosts link in the left navigation bar to see which hosts Nagios is monitoring:


    Here you can see, Nagios is monitoring only "localhost". Let's monitor other server with Nagios.


    Installing NPRE on a Host

    Let's add a new host so Nagios can monitor it. We'll install the Nagios Remote Plugin Executor (NRPE) on the remote host, install some plugins, and then configure the Nagios server to monitor this host.
    Log in to the second server, which we'll call the monitored server.
    • ssh username@your_monitored_server_ip
    First create create a "nagios" user which will run the NRPE agent.
    sudo useradd nagios
    We'll install NRPE from source, which means you'll need the same development libraries you installed on the Nagios server in Step 1. Update your package sources and install the NRPE prerequisites:
    sudo apt-get update
    sudo apt-get install build-essential libgd2-xpm-dev openssl libssl-dev unzip
    NRPE requires that Nagios plugins is installed on the remote host. Let's install this package from source.
    Find the latest release of Nagios Plugins from the Nagios Plugins Download page. Copy the link address for the latest version, and copy the link address so you can download it to your Nagios server.
    Download Nagios Plugins to your home directory with curl:
    cd ~
    curl -L -O http://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz
    Extract the Nagios Plugins archive:
    tar zxf nagios-plugins-*.tar.gz
    Change to the extracted directory:
    cd nagios-plugins-*
    Before building Nagios Plugins, configure it to use the nagios user and group, and configure OpenSSL support:
    ./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl
    Now compile the plugins:
    make
    Then install them:
    sudo make install
    Next, install NRPE. Find the download URL for the latest stable release of NRPE at the Nagios Exchange site just like you did in Step 1. Download the latest stable release of NRPE to your monitored server's home directory with curl:
    cd ~
    curl -L -O https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-3.2.1/nrpe-3.2.1.tar.gz
    Extract the NRPE archive with this command:
    tar zxf nrpe-*.tar.gz
    Then change to the extracted directory:
    cd nrpe-*
    Configure NRPE by specifying the Nagios user and group, and tell it you want SSL support:
    ./configure --enable-command-args --with-nagios-user=nagios --with-nagios-group=nagios --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu
    Now build and install NRPE and its startup script with these commands:
    make all
    sudo make install
    sudo make install-config
    sudo make install-init
    Next, let's update the NRPE configuration file:
    sudo nano /usr/local/nagios/etc/nrpe.cfg
    Find the allowed_hosts directive, and add the private IP address of your Nagios server to the comma-delimited list:
    /usr/local/nagios/etc/nrpe.cfg
    allowed_hosts=127.0.0.1,::1,your_nagios_server_private_ip
    This configures NRPE to accept requests from your Nagios server via its private IP address.
    Save and exit your editor. Now you can start NRPE:
    sudo systemctl start nrpe.service
    Ensure that the service is running by checking its status:
    sudo systemctl status nrpe.service
    You'll see the following output:
    Output
    ... Oct 16 07:10:00 nagios systemd[1]: Started Nagios Remote Plugin Executor. Oct 16 07:10:00 nagios nrpe[14653]: Starting up daemon Oct 16 07:10:00 nagios nrpe[14653]: Server listening on 0.0.0.0 port 5666. Oct 16 07:10:00 nagios nrpe[14653]: Server listening on :: port 5666. Oct 16 07:10:00 nagios nrpe[14653]: Listening for connections on port 5666 Oct 16 07:10:00 nagios nrpe[14653]: Allowing connections from: 127.0.0.1,::1,207.154.249.232
    Next, allow access to port 5666 through the firewall. If you are using UFW, configure it to allow TCP connections to port 5666:
    sudo ufw allow 5666/tcp  
    Now you can check the communication with the remote NRPE server. Run the following command on the Nagios server:
    /usr/local/nagios/libexec/check_nrpe -H remote_host_ip
    You'll see the following output:
    Output
    NRPE v3.2.1
    Now let's configure some basic checks that Nagios can monitor.
    First, let's monitor the disk usage of this server. Use the df -h command to look for the root filesystem. You'll use this filesystem name in the NRPE configuration:
    df -h /
    You'll see output similar to this:
    Output
    Filesystem Size Used Avail Use% Mounted on udev 490M 0 490M 0% /dev tmpfs 100M 3.1M 97M 4% /run /dev/sda1 29G 1.4G 28G 5% / tmpfs 497M 0 497M 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 497M 0 497M 0% /sys/fs/cgroup /dev/sda2 105M 3.4M 102M 4% /boot/efi tmpfs 100M 0 100M 0% /run/user/0
    Locate the filesystem associated with /. On Ubuntu Server, the filesystem you want is probably /dev/sda1.
    Now open /usr/local/nagios/etc/nrpe.cfg file in your editor:

    The NRPE configuration file is very long and full of comments. There are a few lines that you will need to find and modify:
    • server_address: Set to the private IP address of the monitored server
    • command[check_hda1]: Change /dev/hda1 to whatever your root filesystem is called
    Locate these settings and alter them appropriately:
    /usr/local/nagios/etc/nrpe.cfg
    ...
    server_address=monitored_server_private_ip
    ...
    command[check_vda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/vda1
    ...
    
    
    Save and exit the editor.
    Restart the NRPE service to put the change into effect:
    sudo systemctl restart nrpe.service
    Repeat the steps in this section for each additional server you want to monitor.
    Once you are done installing and configuring NRPE on the hosts that you want to monitor, you will have to add these hosts to your Nagios server configuration before it will start monitoring them. Let's do that next.


    Monitoring Hosts with Nagios

    To monitor your hosts with Nagios, you'll add configuration files for each host specifying what you want to monitor. You can then view those hosts in the Nagios web interface.
    On your Nagios server, create a new configuration file for each of the remote hosts that you want to monitor in /usr/local/nagios/etc/servers/. Replace the highlighted word, monitored_server_host_name with the name of your host:
    sudo nano /usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg 
    Add the following host definition, replacing the host_name value with your remote hostname, the aliasvalue with a description of the host, and the address value with the private IP address of the remote host:
    your_monitored_server_host_name.cfg'>/usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg
    define host {
            use                             linux-server
            host_name                       your_monitored_server_host_name
            alias                           My client server
            address                         your_monitored_server_private_ip
            max_check_attempts              5
            check_period                    24x7
            notification_interval           30
            notification_period             24x7
    }
    
    
    With this configuration, Nagios will only tell you if the host is up or down. Let's add some services to monitor.
    First, add this block to monitor CPU usage:
    your_monitored_server_host_name.cfg'>/usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg
    define service {
            use                             generic-service
            host_name                       your_monitored_server_host_name
            service_description             CPU load
            check_command                   check_nrpe!check_load
    }
    
    
    The use generic-service directive tells Nagios to inherit the values of a service template called generic-service which is predefined by Nagios.
    Next, add this block to monitor disk usage:
    your_monitored_server_host_name.cfg'>/usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg
    define service {
            use                             generic-service
            host_name                       your_monitored_server_host_name
            service_description             /dev/vda1 free space
            check_command                   check_nrpe!check_vda1
    }
    
    
    Now save and quit. Restart the Nagios service to put any changes into effect:
    sudo systemctl restart nagios
    After several minutes, Nagios will check the new hosts and you'll see them in the Nagios web interface. Click on the Services link in the left navigation bar to see all of your monitored hosts and services.


    Conclusion

    You've installed Nagios on a server and configured it to monitor CPU and disk usage of at least one remote machine.
    Share:

    Video Tutorials