Nagios is a powerful open-source monitoring system that allows you to keep track of your IT infrastructure and ensure the smooth operation of your networks, servers, applications, and processes. By detecting and addressing potential issues before they escalate, Nagios helps businesses save costs and minimize downtime. In this comprehensive guide, we will walk you through the step-by-step process of installing and configuring Nagios on a Rocky Linux 9 server. We will also cover the installation of the Nagios Remote Plugin Executor (NRPE), which enables monitoring of remote hosts.

Prerequisites

Before we begin, make sure you have the following prerequisites in place:

• A server running Rocky Linux 9
• A non-sudo user with root privileges
• SELinux disabled (optional, but recommended for ease of configuration)

Step 1: Configuring the Firewall

The first step in setting up Nagios is to configure the firewall on your Rocky Linux 9 server. By default, Rocky Linux comes with the Firewalld firewall. Follow these steps to configure the firewall:

1. Check if the firewall is running by executing the following command:

sudo firewall-cmd --state

2. Verify the currently allowed services/ports by running:

sudo firewall-cmd --permanent --list-services

3. Allow HTTP and HTTPS ports by executing the following commands:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

4. Reload the firewall to apply the changes:

sudo firewall-cmd --reload

Step 2: Installing Apache and PHP

To run Nagios, you need to have Apache and PHP installed on your Rocky Linux 9 server. Follow these steps to install and configure these dependencies:

1. Install and enable the Apache service by executing the following commands:

sudo dnf install httpd
sudo systemctl enable httpd

2. Install the Remi Repository and enable PHP 8.1 by running these commands:

sudo dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-9.rpm
sudo dnf module reset php -y
sudo dnf module enable php:remi-8.1 -y

3. Install PHP and necessary PHP modules by executing the following command:

sudo dnf install -y php php-gd php-curl

4. Verify the PHP installation by running:

php --version

5. Restart the Apache service for the changes to take effect:

sudo systemctl restart httpd

Step 3: Installing Nagios

In this step, we will install and configure Nagios on your Rocky Linux 9 server. Follow the instructions below:

1. Install the necessary development libraries and dependencies by running:

sudo dnf install gcc glibc glibc-common gd gd-devel make net-snmp openssl-devel unzip wget gettext autoconf net-snmp-utils postfix automake perl-Net-SNMP

2. Download the latest version of Nagios from theNagios GitHub releases page using the wget command. Make sure to replace the URL with the latest release URL:

cd~
sudo wget -O nagios.tar.gz https://github.com/NagiosEnterprises/nagioscore/releases/download/nagios-4.4.10/nagios-4.4.10.tar.gz

3. Extract the tar file using the following command:

sudo tar zxf nagios.tar.gz

4. Move the extracted directory to the /usr/src directory:

sudo mv nagios-4.4.10 /usr/src/nagios

5. Change to the /usr/src/nagios directory:

cd /usr/src/nagios

6. Run the configure script to check for dependencies:

sudo ./configure

7. Compile Nagios by running the following command:

sudo make all

8. Create a new user and group for Nagios to run as:

sudo make install-groups-users

9. Install the Nagios binaries, CGIs, and HTML files:

sudo make install

10. Create the external command directory for Nagios:

sudo make install-commandmode
sudo /bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/var/rw
sudo chmod g+s /usr/local/nagios/var/rw

11. Install the sample configuration files:

sudo make install-config

12. Install the Apache configuration files:

sudo make install-webconf

13. Install the systemd unit file:

sudo make install-daemoninit

14. Enable HTTP authentication for the Nagios web interface by creating a user with the htpasswd command:

sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

15. Restart the Apache service for the changes to take effect:

sudo systemctl restart httpd

Step 4: Installing Nagios Plugins

Nagios plugins are essential for monitoring various services and systems. Follow these steps to install the Nagios plugins:

1. Install the EPEL repository and necessary dependencies:

sudo dnf install epel-release
sudo dnf install -y gcc glibc glibc-common make gettext automake autoconf wget openssl-devel net-snmp net-snmp-utils postgresql-devel openldap-devel bind-utils samba-client fping openssh-clients lm_sensors perl-Net-SNMP

2. Download the latest version of the Nagios plugins from the Nagios plugins’ GitHub page using the wget command. Replace the URL with the latest release URL:

cd~
sudo wget -O nagios-plugins.tar.gz https://github.com/nagios-plugins/nagios-plugins/releases/download/release-2.4.3/nagios-plugins-2.4.3.tar.gz

3. Extract the downloaded tar file:

sudo tar zxf nagios-plugins.tar.gz

4. Move the extracted directory to the /usr/src directory:

sudo mv nagios-plugins-2.4.3 /usr/src/nagios-plugins

5. Change to the /usr/src/nagios-plugins directory:

cd /usr/src/nagios-plugins

6. Configure and install the plugins:

sudo ./configure
sudo make
sudo make install

Step 5: Installing the NRPE Plugin

The NRPE plugin allows you to monitor remote hosts using Nagios. Follow these steps to install the NRPE plugin:

1. Download the latest version of NRPE from the NRPE GitHub releases page using the wget command. Replace the URL with the latest release URL:

cd~
wget https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-4.1.0/nrpe-4.1.0.tar.gz

2. Extract the downloaded tar file:

tar zxf nrpe-*.tar.gz

3. Move the extracted directory to the /usr/src directory:

sudo mv nrpe-4.1.0 /usr/src/nrpe

4. Change to the /usr/src/nrpe directory:

cd /usr/src/nrpe

5. Configure and install the plugin:

sudo ./configure --enable-command-args
sudo make check_nrpe
sudo make install-plugin

6. Update the services file to allow NRPE traffic:

sudo sh -c "echo >> /etc/services"
sudo sh -c "sudo echo '# Nagios services' >> /etc/services"
sudo sh -c "sudo echo 'nrpe 5666/tcp' >> /etc/services"

7. Install the NRPE service daemon:

sudo make install-init
sudo systemctl enable nrpe

8. Configure the NRPE daemon by opening the /usr/local/nagios/etc/nrpe.cfg file:

sudo nano /usr/local/nagios/etc/nrpe.cfg

9. Add the IP address of your Nagios server to the allowed_hosts line:

allowed_hosts=127.0.0.1,10.25.5.2

10. Uncomment the necessary commands and their arguments in the configuration file. For example:

command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -r -w .15,.10,.05 -c .30,.25,.20

11. Save the file and exit the text editor.
12. Allow port 5666, which is used by the NRPE plugin, in the firewall:

sudo firewall-cmd --permanent --add-port=5666/tcp

13. Reload the firewall to apply the changes:

sudo firewall-cmd --reload

14. Start the NRPE service:

sudo systemctl start nrpe

Step 6: Starting Nagios

With Nagios and its plugins installed, it’s time to start the Nagios service. Follow these steps:

1. Start the Nagios service by running the following command:

sudo systemctl start nagios

2. Check the status of the service to ensure it is running properly:

sudo systemctl status nagios

Nagios Web Interface

To access the Nagios web interface and monitor your hosts, follow these steps:

1. Open your web browser and enter the URL http://<serverIP>/nagios.
2. You will be prompted for login credentials. Enter the username nagiosadmin and the password you set during the HTTP authentication setup.
3. Upon successful login, you will be greeted with the Nagios web interface, where you can monitor the status of your hosts and services.

Step 7: Monitoring Hosts

To monitor a host using Nagios, you need to install the NRPE daemon and Nagios plugins on the remote host. Here’s how:

1. Log in to the remote host that you want to monitor using SSH:

ssh shapehost@monitored_server_ip

2. Install the Nagios plugins on the remote host by following the steps outlined in Step 4: Installing Nagios Plugins.
3. Install the NRPE daemon and its dependencies on the remote host by following the steps in Step 5: Installing the NRPE Plugin.
4. Configure the NRPE daemon on the remote host by opening the /usr/local/nagios/etc/nrpe.cfg file and adding the IP address of your Nagios server to the allowed_hosts line.
5. Save the file and restart the NRPE service on the remote host:

sudo systemctl restart nrpe

6. Switch back to your main Nagios server and check whether NRPE is working by running the following command:

/usr/local/nagios/libexec/check_nrpe -H monitored_server_ip

7. You should see the output NRPE v4.1.0, indicating that NRPE is working correctly.

Step 8: Installing Nginx

In this step, we will install Nginx and configure it as a reverse proxy in front of the Apache webserver. This will allow us to access Nagios over HTTPS and provide additional security. Follow these steps:

1. Change the default Apache listening port from 80 to 8080:

• Open the /etc/httpd/conf/httpd.conf file for editing:

sudo nano /etc/httpd/conf/httpd.conf

• Change the line Listen 80 to Listen 8080.
• Save the file and exit the text editor.
• Restart the Apache service:

sudo systemctl restart httpd

2. Install Nginx on your Rocky Linux 9 server by adding the official Nginx repository and running the following commands:

sudo dnf install -y nginx
sudo systemctl enable --now nginx

3. Create a configuration file for Nagios in the /etc/nginx/conf.d directory:

sudo nano /etc/nginx/conf.d/nagios.conf

4. Add the following configuration to the file, replacing nagios.example.com with your own domain or IP address:

server {
listen 80;
listen [::]:80;
server_name nagios.example.com;
return 301 https://$host$request_uri;
}

server {
server_name nagios.example.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
access_log /var/log/nginx/nagios.access.log;
error_log /var/log/nginx/nagios.error.log;

ssl_certificate /etc/letsencrypt/live/nagios.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nagios.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/nagios.example.com/chain.pem;

ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;

location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

5. Save the file and exit the text editor.
6. Validate the Nginx configuration by running the following command:

sudo nginx -t

7. If the configuration is valid, restart the Nginx service to apply the changes:

sudo systemctl restart nginx

Step 9: Installing and Configuring SSL

To secure the communication between your Nagios server and clients, you should install an SSL certificate. We will use Certbot to generate a free SSL certificate from Let’s Encrypt. Follow these steps:

1. Install the Certbot package and its dependencies by running the following commands:

sudo dnf install -y snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
echo 'export PATH=$PATH:/var/lib/snapd/snap/bin' | sudo tee -a /etc/profile.d/snapd.sh
source /etc/profile.d/snapd.sh
sudo snap install core && sudo snap refresh core
sudo ln -s /snap/bin/certbot /usr/bin/certbot

2. Verify the installation by running:

certbot --version

3. Generate an SSL certificate for your Nagios domain by executing the following command:

sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m test@example.com -d nagios.example.com

4. Certbot will guide you through the process of obtaining and installing the SSL certificate. Make sure to select the correct domain and agree to the terms of service.
5. Once the certificate is generated, create a Diffie-Hellman group certificate for enhanced security:

sudo openssl dhparam-dsaparam-out /etc/ssl/certs/dhparam.pem4096

Step 10: Configuring Nginx

Now that you have installed Nginx and obtained an SSL certificate, it’s time to configure Nginx to serve Nagios over HTTPS. Follow these steps:

1. Open the /etc/nginx/conf.d/nagios.conf file for editing:

sudo nano /etc/nginx/conf.d/nagios.conf

2. Modify the server_name directive to match your Nagios domain or IP address.
3. Save the file and exit the text editor.
4. Validate the Nginx configuration by running the following command:

sudo nginx -t

5. If the configuration is valid, restart the Nginx service to apply the changes:

sudo systemctl restart nginx

Configuring SELinux (Optional)

If you have SELinux enabled, you may need to make some adjustments to allow Nginx to connect to the network. Follow these steps:

1. Allow Nginx to connect to the network by running the following command:

sudo setsebool -P httpd_can_network_connect on

Congratulations! You have successfully installed and configured Nagios on your Rocky Linux 9 server. You can now access the Nagios web interface using your domain or IP address and monitor your hosts and services effectively.

Please note that this guide provides a basic setup for Nagios. You can further enhance its functionality by adding additional plugins and configuring more advanced monitoring options. Refer to the official Nagios documentation for more information.

In case you need reliable and scalable cloud hosting solutions, consider exploring Shape.host. Shape.host provides Linux SSD VPS services with exceptional performance and superior customer support.