Improve security with Zabbix-Monitor-Server

From ICO wiki
Jump to navigationJump to search

Author: Mohanad Aly,

Cyber Security Engineering (C21)

Page Created: 19 November 2017

‎Last modified: ‎19 November 2017


Introduction

This article introduces the Monitoring application called Zabbix.

Monitoring

Monitoring is the process of keep tracking of system resources.

Monitoring is the process of observing and checking the progress or quality of something over a period of time; keep under systematic review.[1] Monitoring cannot be achieved without logging. That is the reason integrated solutions combine the two processes. Monitoring is used to:

  • Check performance
  • Detect if something worth noticing happened
  • Prevent something to happen
  • Detect whether a system is under attack and that is the most important part for the cyber security

Zabbix Monitoring system

Zabbix is an Open Source, high-level enterprise software designed to monitor and keep track of networks, servers and applications in real time. Build in a server-client model, Zabbix can collect different type of data than are used to create historical graphics and output performance or load trends of the monitored targets.

Monitoring is made of three components:


Software Version Comments
Apache, 1.3.12 or later
PHP, 5.0 or later PHP modules: php-gd, GD 2.0 or later, PHP GD module must support PNG images.



PHP TrueType support --with-ttf PHP bc support php-bcmath, --enable-bcmath PHP XML support php-xml or php5-dom, if provided as a separate package by the distributor PHP session support php-session, if provided as a separate package by the distributor PHP socket support php-net-socket, --enable-sockets. Required for user script support. PHP multibyte support php-mbstring, --enable-mbstring IBM DB2 ibm_db2 Required if IBM DB2 is used as Zabbix back end database. MySQL php-mysql 3.22 or later Required if MySQL is used as Zabbix back end database. Oracle oci8 Required if Oracle is used as Zabbix back-end database. PostgreSQL php-pgsql 7.0.2 or later if Zabbix < 1.8.9 7.4 or later if Zabbix >= 1.8.9 Required if PostgreSQL is used as Zabbix back-end database. Consider using PostgreSQL 8.x or later for much better performance. It is suggested to use at least PostgreSQL 8.3, which introduced much better VACUUM performance. SQLite php-sqlite3 3.3.5 or later Required if SQLite is used as Zabbix back-end database.

The main advantages of Zabbix are:

  • Open-source
  • Customized Dashboards
  • Ease of Use
  • Monitor everything
  • Network Security
  • Performance
  • Agentless Monitoring
  • Hardware Monitoring

Why monitoring is important for cyber security

  • First thing is important for the cyber security professional is the CIA (Confidentiality, Integrity and Availability)What is CIA, and to get to the standards we need to implement the tools that provides the security for our data and servers that hosting the data.
  • Second system administrator need tools to react when something happened to the server, so system administrator need real time checks to make sure that everything is working in order.
  • Third Monitoring tools alerts should be readable for the administrator and fast, when something happened to the server or the service the monitoring tool should send the alerts in the exact time to give the administrator the time to fix it.
  • Fourth the attacks and threats which is more difficult to the system administrator to figure out what is going in the server, and the monitoring tools should has the detection solution for the common attacks.
  • Fifth the debugging, when system have error the monitor tool should have a readable debugging..

Setting up Zabbix

In the following tutorial, Ubuntu 16.04 64-bit distribution will be used LTS.

Prerequisites

Ubuntu Linux machine, sudo access and some Linux beginner skills are needed. [[|thumb|300px| Zabbix monitoring system]]


This tutorial describes the commands and configuration to make the services work together Zabbix.

  • It is important to have the latest package lists to update them to get info on the newest versions of packages and their dependencies. So we need to run the following command to update them:

Command sudo apt update sudo apt upgrade

Installing the prerequisites

  • The server has the ability to check standard networking services (HTTP, FTP, SMTP, IMAP etc) without the need to install extra software on the monitored hosts.

Begin with the commands: sudo apt install mysql-server

wget http://repo.zabbix.com/zabbix/3.2/ubuntu/pool/main/z/zabbix-release/zabbix-release_3.2-1+xenial_all.deb

dpkg -i zabbix-release_3.2-1+xenial_all.deb

apt-get update

apt-get install zabbix-server-mysql zabbix-frontend-php zabbix-agent zabbix-get zabbix-sender snmp snmpd snmp-mibs-downloader php7.0-bcmath php7.0-xml php7.0-mbstring

mysql -u root -p your password

create database zabbix character set utf8 collate utf8_bin;

grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbix';

exit;

cd /usr/share/doc/zabbix-server-mysql/

zcat create.sql.gz | mysql -u root -p zabbix

mysql -u root -p your password

show databases;

use zabbix;

show tables;

exit;

cd /etc/zabbix/

  • And copy evenhandler directory to the nagios directory:

timedatectl list-timezones Or timedatectl

nano apache.conf

nano zabbix_server.conf

service apache2 restart

service zabbix-server restart

cd nagios-plugins-2.1.2/

service zabbis-server status

ifconfig

  • Open your web browser and YOURIPADDRESS/zabbix


Summary

Zabbix is an open source application for monitoring a system. Zabbix has been widely used because of the ease of configuration. Zabbix also in support by various plugins. Look here for more information zabbix-main-documentation.

See also

Zabbix installation by Cyber-Tect-Tips

1- Zabbix-Server-Installation

2- Zabbix-Agent

References

1- System monitoring

2- CIA

3- Zabbix-Information

4- Cyber-Tech-Tips