I.T. Security and Linux Administration

Mar 20 2011   11:42PM GMT

Installing Nagios on Linux Part 1: Handling the Core

Eric Hansen Eric Hansen Profile: Eric Hansen

When it comes to intrusion detection systems (IDSs), there’s more than a handful of choices out there, especially for cross-platform and variant systems like Linux.  However, I don’t think any of them have taken the security world by storm as Nagios has.

While I have covered Trend Micro’s IDS product, OSSEC, here, I do believe also that one of the “king of the domains” deserves it’s own place here as well.  While OSSEC claims itself as being compliant to various standards (including governmental and health [i.e.: HIPAA]), Nagios totes itself as being the industry-standard.  A drawback with Nagios though is that while you can install and configure the core, it doesn’t include the monitoring tools you need for it to be a useful IDS, so you need to install the plug ins as well.  But, if you look past this part, you’ll see that Nagios is quite powerful in what it does, and that is be a very robust host-based intrusion detection system.  In this guide, I’ll walk through how to install Nagios core on Linux, and following posts will go through installing other components as well.

Step 1: Downloading and Extracting

Unlike my OSSEC posts, where I pre-installed the software and just walked through the steps of what I did, I’ll be documenting all the steps I take as I do them, so it’ll be as though you’re installing it along with me.  For those wondering, Nagios is native to the Linux system, but does have ports and (limited) support for Windows systems (using NSC++) as well.

But, first, you’ll need to download the tarball and extract the files:

  1. Visit http://www.nagios.org/download/core/thanks/
    1. Or directly download it: wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.3.tar.gz
  2. Extract the tarball
    1. tar xf nagios-3.2.3.tar.gz
  3. Change directories to Nagios
    1. cd nagios-3.2.3

In case you haven’t noticed in my previous posts, when I use tar, I don’t use the v or z commands like some guides direct you to.  Quite honestly, I don’t see the extra printout with “v” (which just shows you the files being extracted) being useful, and “z” I’ve found is only useful if you decide to use tar with a non-tar.gz file.

Step 2: Creating Nagios Users and Groups

After handling the downloading and extracting of Nagios, we need to prep our system as well.  To do this, we need to create a user and group for Nagios so that we can complete the install.  You can run ./configure and make just fine, but once you try make install, and you skip you this step, make will error out mentioning no user for Nagios.  Please note that the username (“nagios”) and group name (“nagcmd”) can be replaced by you, but you do need to make things consistent, so if you change these in your install, replace what needs to be.

  1. Create the Nagios user account (and give it a password):
    1. useradd -m nagios
    2. passwd nagios
      1. A password is given to nagios because it’s non-sysadmin-like to leave an account without a password, even dummy ones.  You could also add a fake login shell, but that’ll be up to the admin.
  2. Create the Nagios group
    1. groupadd nagcmd
  3. Assign usernames to nagcmd
    1. usermod -a -G nagcmd nagios
    2. usermod -a -G nagcmd www-data
      1. This is for the web UI.  If you don’t have your files/server chown’ed to it’s own specific user, make sure that the user that the web server is owned to can access the Nagios files.  If your web server is owned by someone else, then replace www-data with that username.

Step 3: Running ./configure & make

It does require g++ and make to be installed in order to pass this step, but most systems I run into have these installed already.  If not, then install these before moving on.  Depending on the system and how it’s set up, it’ll install Nagios into different directories by default.

  1. Run this command (use ./configure –help for more switches):
    1. ./configure –with-nagios-user=nagios –with-nagios-group=nagios –with-command-user=nagcmd –with-command-group=nagcmd
      1. At the end of this running, make sure you make note of the user and group names you used for both command and Nagios.  Also, make note of the URLs that it supplies to you as well.
  2. Run make to complete the compilation process
    1. make all
      1. This doesn’t take long even on my old AMD Sempron 3100+ processor with 720 MB of RAM (about 5 minutes max).
      2. This makes sure that everything fits nicely and compiles certain files in compiled CGI files.
    2. After make all finishes without errors, you’ll have to run the following in this order:
      1. make install
        1. Installs the core Nagios files into the system
      2. make install-init
        1. Installs files where ever your init (boot up) scripts are stored; usually /etc/init.d/ or /etc/rc.d
      3. make install-commandmode
        1. Installs and configures directories and files for Nagios to use them (such as sendmail)
      4. make install-config
        1. Installs template configuration files that are needed
      5. make install-webconf
        1. Installs the Apache files for the web UI.  If your web configuration path isn’t /etc/httpd/conf.d, then edit the nagios-3.2.3/Makefile line 35.

After running all the make commands above, Nagios itself is finally installed.  From here, it’d be best not to start Nagios just yet

The next guide will go over Nagios plug ins, and probably configuring the web server.

(Photo: Nagios.org)

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: