Improve security with Nagios-Monitor-Server: Difference between revisions

From ICO wiki
Jump to navigationJump to search
No edit summary
No edit summary
Line 1: Line 1:
[[File:Nagios.|thumb|300px| Zabbix monitoring system]]
[[File:image.png|thumb|300px| Nagios monitoring system]]


Author:  
Author:  
Line 6: Line 6:
Cyber Security Engineering (C21)
Cyber Security Engineering (C21)


Page Created: 19 November 2017
Page Created: 25 November 2017


‎Last modified: ‎25 November 2017
‎Last modified: ‎25 November 2017
Line 35: Line 35:
! Software
! Software
! Version
! Version
! Comments
|-
|-
| Apache
| Apache
| 1.3.12 or later
| 1.3.12 or later
|
|-
|-
| PHP
| PHP
Line 53: Line 51:
*Customized Dashboards
*Customized Dashboards
*Ease of Use
*Ease of Use
*Monitor everything
*Infinite Scalability
*Data in Real Time
*Network Security
*Network Security
*Performance
*Agentless Monitoring
*Hardware Monitoring


= Why monitoring is important for cyber security =
= Why monitoring is important for cyber security =
Line 66: Line 62:
*Fifth the debugging, when system have error the monitor tool should have a readable debugging..  
*Fifth the debugging, when system have error the monitor tool should have a readable debugging..  


= Setting up Zabbix=
= Setting up Nagios=
<span style="color:#FF0000">
<span style="color:#FF0000">
In the following tutorial, Ubuntu 16.04 64-bit distribution will be used LTS.
In the following tutorial, Ubuntu 16.04 64-bit distribution will be used LTS.
Line 72: Line 68:
==== Prerequisites ====
==== Prerequisites ====
Ubuntu Linux machine, sudo access and some Linux beginner skills are needed.
Ubuntu Linux machine, sudo access and some Linux beginner skills are needed.
[[|thumb|300px| Zabbix monitoring system]]




This tutorial describes the commands and configuration to make the services work together Zabbix.
This tutorial describes the commands and configuration to make the services work together Nagios.


*It is important to have the latest package lists to update them to get info on the newest versions of packages and their dependencies. So we need to run the following command to update them:
*It is important to have the latest package lists to update them to get info on the newest versions of packages and their dependencies. So we need to run the following command to update them:
Line 87: Line 82:


Begin with the commands:
Begin with the commands:
<code> sudo apt install mysql-server </code>


<code> wget http://repo.zabbix.com/zabbix/3.2/ubuntu/pool/main/z/zabbix-release/zabbix-release_3.2-1+xenial_all.deb </code>
<code> sudo apt install wget build-essential apache2 php apache2-mod-php7.0 php-gd libgd-dev sendmail unzip </code>


<code> dpkg -i zabbix-release_3.2-1+xenial_all.deb </code>
User and group configuration


<code> apt-get update </code>
<code> useradd nagios </code>
<code> groupadd nagcmd </code>
<code> usermod -a -G nagcmd nagios </code>
<code> usermod -a -G nagios,nagcmd www-data </code>


<code> apt-get install zabbix-server-mysql zabbix-frontend-php zabbix-agent zabbix-get zabbix-sender snmp snmpd snmp-mibs-downloader php7.0-bcmath php7.0-xml php7.0-mbstring </code>
Download and extract the Nagios core


<code> mysql -u root -p your password </code>
<code> wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.2.0.tar.gz </code>


<code> create database zabbix character set utf8 collate utf8_bin; </code>
Extract the file
<code> tar -xzf nagios*.tar.gz </code>


<code> grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbix'; </code>
System administrator need to configure it with the user and the group you have created earlier


<code> exit; </code>


<code> cd /usr/share/doc/zabbix-server-mysql/ </code>
<code> ./configure --with-nagios-group=nagios --with-command-group=nagcmd </code>
<code> make all </code>
<code> make install </code>
<code> make install-commandmode </code>
<code> make install-init </code>
<code> make install-config </code>
<code> /usr/bin/install -c -m 644 sample-config/httpd.conf /etc/apache2/sites-available/nagios.conf </code>


<code> zcat create.sql.gz | mysql -u root -p zabbix </code>


<code> mysql -u root -p your password </code>
Copy even-handler directory to the nagios directory


<code> show databases; </code>
<code> cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/ </code>
<code> chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers </code>


<code> use zabbix; </code>
Install the Nagios Plugins


<code> show tables; </code>
<code> wget https://nagios-plugins.org/download/nagios-plugins-2.1.2.tar.gz </code>


<code> exit; </code>
Extract it


<code> cd /etc/zabbix/ </code>
<code> tar -xzf nagios-plugins*.tar.gz </code>


*And copy evenhandler directory to the nagios directory:


<code> timedatectl list-timezones </code>
Or
<code>timedatectl  </code>


<code> nano apache.conf </code>
Install the Nagios plugin's with the commands below
<code> ./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl </code>
<code> make </code>
<code> make install </code>


<code> nano zabbix_server.conf </code>
System administrator can find the default configuration of Nagios in /usr/local/nagios/. to configure Nagios and Nagios contact. Edit default Nagios configuration with nano  


<code> nano -c /usr/local/nagios/etc/nagios.cfg </code>
uncomment line 51 for the host monitor configuration.
Save and exit.
Add a new folder named servers.
<code> mkdir -p /usr/local/nagios/etc/servers </code>
Change the user and group for the new folder to Nagios:
<code> chown nagios:nagios /usr/local/nagios/etc/server </code>
Enable Apache modules
<code> sudo a2enmod rewrite </code>
<code> sudo a2enmod cgi </code>
System administrator can use the htpasswd command to configure a user nagiosadmin for the Nagios web interface
<code> sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin </code>
Enable the Nagios virtualhost
<code> sudo ln -s /etc/apache2/sites-available/nagios.conf /etc/apache2/sites-enable </code>
Start Apache
<code> service apache2 restart </code>
<code> service apache2 restart </code>


<code> service zabbix-server restart </code>
When Nagios starts, you may see the following error
Starting nagios (via systemctl): nagios.serviceFaile
System administrator can fix with the following


<code> cd nagios-plugins-2.1.2/ </code>


<code> service zabbis-server status </code>
<code> cd /etc/init.d/ </code>
<code> cp /etc/init.d/skeleton /etc/init.d/nagios </code>
<code> nano /etc/init.d/nagios </code>


<code> ifconfig </code>
Paste this code at the end of the file


*Open your web browser and YOURIPADDRESS/zabbix
<pre>
[[File:Screenshot from 2017-11-25 21-26-14.png|thumb|center| Zabbix monitoring system]]
DESC="Nagios"
NAME=nagios
DAEMON=/usr/local/nagios/bin/$NAME
DAEMON_ARGS="-d /usr/local/nagios/etc/nagios.cfg"
PIDFILE=/usr/local/nagios/var/$NAME.lock
</pre>


=Zabbix-Agent=
Make it executable and start Nagios


Before start to install the Zabbbix-agent update the machine
<code> chmod +x /etc/init.d/nagios </code>
<code> apt-get update </code>
<code> service apache2 restart </code>


Zabbix-Agent is easy to install, just one command and it installed into the machine.
<span style="color:#FF0000">
<code> apt-get install zabbix-agent </code>
Still it there is another process to fix the issue


User need to go to the configuration folder to start edit the agent config file
First we are going to create/change the nagios.service
<code> cd /etc/zabbix </code>


Start to edit the file to make the correct configuration to send all the checks to Zabbix-server
<code> nano /etc/systemd/system/nagios.service </code>
<code> nano -c zabbix_agentd.conf </code>


Checking the configuration file
Paste the following code of the file  
 
<pre>
[Unit]
Description=Nagios
BindTo=network.target
 
[Install]
WantedBy=multi-user.target
 
[Service]
User=nagios
Group=nagios
Type=simple
ExecStart=/usr/local/nagios/bin/nagios /usr/local/nagios/etc/nagios.cfg
</pre>
 
System administrator need to enable created nagios.service config
 
<code> systemctl enable /etc/systemd/system/nagios.service </code>
<code> service nagios start </code>
 
 
To check the service is working
$ service nagios status
 
*Open web browser and YOURIPADDRESS/nagios
 
[[File:nagios|thumb|center| Nagios monitoring system]]


*Uncomment line 43
*If user need to enable the debugging mode uncomment line 57
*Enable the remote command uncomment line 73
*Enable the log remote command uncomment line 82
*Server IP address line 95
*Listen-port 10050 uncomment line 103
*Enable the server-active uncomment line 136
*Hostname depends on the user configuration




Line 254: Line 304:
<VirtualHost *:80>
<VirtualHost *:80>
         ServerName  
         ServerName  
         Redirect "/" "https://Zabbix-server/"
         Redirect "/" "https://Nagios-server/"
</VirtualHost>
</VirtualHost>
</pre>
</pre>


=Summary=
=Summary=
Zabbix is an open source application for monitoring a system. Zabbix has been widely used because of the ease of configuration. Zabbix also in support by various plugins. Look here for more information [https://www.zabbix.com/documentation/3.2/start zabbix-main-documentation].
Nagios is an open source application for monitoring a system. Nagios has been widely used because of the ease of configuration. Nagios in support by various plugins, and you can even create your own plugins. Look here for more information. [https://www.nagios.org/about/overview/ Nagios-main-documentation].


=See also=
=See also=


Zabbix installation by Cyber-Tect-Tips
Nagios installation by Cyber-Tect-Tips
 
1- [https://www.youtube.com/watch?v=EpzTJH85y8Y Nagios-Server-Installation Step one]
 
2- [https://www.youtube.com/watch?v=4vZELdYa7O4  Nagios-Agent configuration using NRPE plugin - Step two]
 
3- [https://www.youtube.com/watch?v=TzlYyzj7BkQ Nagios-Agent send checks to Nagios-Server - Step three]


1- [https://www.youtube.com/watch?v=-uxApkZ-K0w&t=1015s Zabbix-Server-Installation]
4- [https://www.youtube.com/watch?v=Ci_FgH-dwr0 Nagios-Agent using NRPE plugin with the Monitor Server side (Full configuration)]


2- [https://www.youtube.com/watch?v=AeNRo2P-6DY&t=1s&list=PLKAuFoXV02Volco2M8VEZxkKHOCcdHhWw&index=5 Zabbix-Agent]
5- [https://www.youtube.com/watch?v=Kz-Z-dL0T_U&list=PLKAuFoXV02VqeLyddX-CIMcMdqWcI2UoP&index=5 Customize Nagios (Agent - Server) adding new services check (Swap - SSH) Final step]


=References=
=References=
1- [https://en.wikipedia.org/wiki/Zabbix System monitoring]
1- [https://www.nagios.org/ Nagios System monitoring]


2- [https://en.wikipedia.org/wiki/Information_security CIA]
2- [https://en.wikipedia.org/wiki/Information_security CIA]


3- [https://www.zabbix.com/monitor_everything Zabbix-Information]
3- [https://en.wikipedia.org/wiki/Nagios Nagios-Information]


4- [https://www.youtube.com/channel/UChHzqszXw_5edX-9DOK4JxA Cyber-Tech-Tips]
4- [https://www.youtube.com/channel/UChHzqszXw_5edX-9DOK4JxA Cyber-Tech-Tips]


5- [https://www.zabbix.com/documentation/1.8/manual/installation/requirements Requirements table reference]
------
------


[[Category:Monitoring]]
[[Category:Monitoring]]

Revision as of 02:03, 26 November 2017

Nagios monitoring system

Author: Mohanad Aly

Cyber Security Engineering (C21)

Page Created: 25 November 2017

‎Last modified: ‎25 November 2017


Introduction

This article introduces the Monitoring application called Nagios.

Monitoring

Monitoring is the process of keep tracking of system resources.

Monitoring is the process of observing and checking the progress or quality of something over a period of time; keep under systematic review.[1] Monitoring cannot be achieved without logging. That is the reason integrated solutions combine the two processes. Monitoring is used to:

  • Check performance
  • Detect if something worth noticing happened
  • Prevent something to happen
  • Detect whether a system is under attack and that is the most important part for the cyber security

Nagios Monitoring system

Nagios now known as Nagios Core, is a free and open source computer-software application that monitors systems, networks and infrastructure. Nagios offers monitoring and alerting services for servers, switches, applications and services. It alerts users when things go wrong and alerts them a second time when the problem has been resolved. [2]

Monitoring is made of three components:


Software Version
Apache 1.3.12 or later
PHP 5.0 or later
MySQL php-mysql 3.22 or later

The main advantages of Nagios

  • Open-source
  • Customized Dashboards
  • Ease of Use
  • Infinite Scalability
  • Data in Real Time
  • Network Security

Why monitoring is important for cyber security

  • First thing is important for the cyber security professional is the CIA (Confidentiality, Integrity and Availability)What is CIA, and to get to the standards we need to implement the tools that provides the security for our data and servers that hosting the data.
  • Second system administrator need tools to react when something happened to the server, so system administrator need real time checks to make sure that everything is working in order.
  • Third Monitoring tools alerts should be readable for the administrator and fast, when something happened to the server or the service the monitoring tool should send the alerts in the exact time to give the administrator the time to fix it.
  • Fourth the attacks and threats which is more difficult to the system administrator to figure out what is going in the server, and the monitoring tools should has the detection solution for the common attacks.
  • Fifth the debugging, when system have error the monitor tool should have a readable debugging..

Setting up Nagios

In the following tutorial, Ubuntu 16.04 64-bit distribution will be used LTS.

Prerequisites

Ubuntu Linux machine, sudo access and some Linux beginner skills are needed.


This tutorial describes the commands and configuration to make the services work together Nagios.

  • It is important to have the latest package lists to update them to get info on the newest versions of packages and their dependencies. So we need to run the following command to update them:

Command sudo apt update sudo apt upgrade

Installing the prerequisites

  • The server has the ability to check standard networking services (HTTP, FTP, SMTP, IMAP etc) without the need to install extra software on the monitored hosts.

Begin with the commands:

sudo apt install wget build-essential apache2 php apache2-mod-php7.0 php-gd libgd-dev sendmail unzip

User and group configuration

useradd nagios groupadd nagcmd usermod -a -G nagcmd nagios usermod -a -G nagios,nagcmd www-data

Download and extract the Nagios core

wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.2.0.tar.gz

Extract the file tar -xzf nagios*.tar.gz

System administrator need to configure it with the user and the group you have created earlier


./configure --with-nagios-group=nagios --with-command-group=nagcmd make all make install make install-commandmode make install-init make install-config /usr/bin/install -c -m 644 sample-config/httpd.conf /etc/apache2/sites-available/nagios.conf


Copy even-handler directory to the nagios directory

cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/ chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers

Install the Nagios Plugins

wget https://nagios-plugins.org/download/nagios-plugins-2.1.2.tar.gz

Extract it

tar -xzf nagios-plugins*.tar.gz


Install the Nagios plugin's with the commands below ./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl make make install

System administrator can find the default configuration of Nagios in /usr/local/nagios/. to configure Nagios and Nagios contact. Edit default Nagios configuration with nano

nano -c /usr/local/nagios/etc/nagios.cfg uncomment line 51 for the host monitor configuration. Save and exit.

Add a new folder named servers. mkdir -p /usr/local/nagios/etc/servers

Change the user and group for the new folder to Nagios: chown nagios:nagios /usr/local/nagios/etc/server

Enable Apache modules sudo a2enmod rewrite sudo a2enmod cgi

System administrator can use the htpasswd command to configure a user nagiosadmin for the Nagios web interface

sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Enable the Nagios virtualhost sudo ln -s /etc/apache2/sites-available/nagios.conf /etc/apache2/sites-enable

Start Apache service apache2 restart

When Nagios starts, you may see the following error Starting nagios (via systemctl): nagios.serviceFaile System administrator can fix with the following


cd /etc/init.d/ cp /etc/init.d/skeleton /etc/init.d/nagios nano /etc/init.d/nagios

Paste this code at the end of the file

DESC="Nagios"
NAME=nagios
DAEMON=/usr/local/nagios/bin/$NAME
DAEMON_ARGS="-d /usr/local/nagios/etc/nagios.cfg"
PIDFILE=/usr/local/nagios/var/$NAME.lock

Make it executable and start Nagios

chmod +x /etc/init.d/nagios service apache2 restart

Still it there is another process to fix the issue

First we are going to create/change the nagios.service

nano /etc/systemd/system/nagios.service

Paste the following code of the file

[Unit]
Description=Nagios
BindTo=network.target

[Install]
WantedBy=multi-user.target

[Service]
User=nagios
Group=nagios
Type=simple
ExecStart=/usr/local/nagios/bin/nagios /usr/local/nagios/etc/nagios.cfg

System administrator need to enable created nagios.service config

systemctl enable /etc/systemd/system/nagios.service service nagios start


To check the service is working $ service nagios status

  • Open web browser and YOURIPADDRESS/nagios
File:Nagios
Nagios monitoring system


Enable the encryption Front-end Web

SSL support actually comes standard in the Ubuntu 16.04 Apache package. We simply need to enable it to take advantage of SSL on our system.

Enable the module by typing:

sudo a2enmod ssl

Creating a subdirectory within Apache's configuration hierarchy to place the certificate files that we will be making

sudo mkdir /etc/apache2/ssl

Now that we have a location to place our key and certificate, we can create them both in one step by typing

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

Country Name (2 letter code) [AU]:EE
State or Province Name (full name) [Some-State]:Harjumaa
Locality Name (eg, city) []:Tallinn
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Incorporated Company
Organizational Unit Name (eg, section) []:Head
Common Name (e.g. server FQDN or YOUR name) []: domain.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
  • openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
  • req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
  • -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
  • -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
  • -days 365: This specifies that the certificate we are creating will be valid for one year.
  • -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
  • -keyout: This parameter names the output file for the private key file that is being created.
  • -out: This option names the output file for the certificate that we are generating.

Open the file with root privileges now: sudo nano /etc/apache2/sites-available/default-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@example.com
        ServerName your_domain.com
        ServerAlias www.your_domain.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
---->   SSLCertificateFile /etc/apache2/ssl/apache.crt
---->   SSLCertificateKeyFile /etc/apache2/ssl/apache.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>


SSL-enabled virtual host sudo a2ensite default-ssl.conf

Restart Apache to load our new virtual host file service apache2 restart

Test the configuration by visiting the server's domain name or public IP address after specifying the https:// protocol, like this:

https://server_domain_name_or_IP

This to solve the problem to enable the ssl nano 000-default.conf

# Special virtulhost only for redirecting
<VirtualHost *:80>
        ServerName 
        Redirect "/" "https://Nagios-server/"
</VirtualHost>

Summary

Nagios is an open source application for monitoring a system. Nagios has been widely used because of the ease of configuration. Nagios in support by various plugins, and you can even create your own plugins. Look here for more information. Nagios-main-documentation.

See also

Nagios installation by Cyber-Tect-Tips

1- Nagios-Server-Installation Step one

2- Nagios-Agent configuration using NRPE plugin - Step two

3- Nagios-Agent send checks to Nagios-Server - Step three

4- Nagios-Agent using NRPE plugin with the Monitor Server side (Full configuration)

5- Customize Nagios (Agent - Server) adding new services check (Swap - SSH) Final step

References

1- Nagios System monitoring

2- CIA

3- Nagios-Information

4- Cyber-Tech-Tips