Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Sat May 27, 2017 9:07 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: HOWTO Centos 7 Install
PostPosted: Tue Mar 07, 2017 1:50 pm 
Offline

Joined: Tue Mar 07, 2017 12:56 pm
Posts: 1
--OS is Centos 7 Minimal ISO with Cacti 1.0.4
--Install OS using normal install, added hostname and static IP
--Lets not bring up the whole never root thing

#this is all via console, you can mostly copy and paste
# Update install and add a couple of utilities
yum update -y
yum install wget -y

#I like phpmyadmin for database stuff, so install the epel to get it
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
rpm -ivh epel-release-7-9.noarch.rpm

#Using Maria vs MySQL, need to add yum repo --got this right from the mariadb website
# there isnt a default rpm, so we have to make it.
vi /etc/yum.repos.d/MariaDB.repo
# MariaDB 10.1 CentOS repository list - created 2017-03-07 03:37 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

#New repo, clean up yum
yum clean all

#all our repos are installed so install DB, webserver, php rrdtool and snmp "stuff"
yum install -y yum install MariaDB-server MariaDB-client
yum install httpd httpd-devel php-mysql php-pear php-common php-gd php-devel php php-ldap php-mbstring php-cli -y
yum install php-snmp net-snmp-utils net-snmp-libs rrdtool phpmyadmin -y

#removing the mail server that was installed, not a necessary thing but its a habit
systemctl stop postfix
yum -y remove postfix

# i personally like the iptables vs firewalld -- install ipatbles and turn off firewalld
yum -y install iptables-services
systemctl stop firewalld
systemctl mask firewalld
systemctl enable iptables

#create a default set of rules for iptables
iptables -F
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
service iptables save
systemctl start iptables

# only allow ip address from a 1.1.1.XXX or a 2.2.2.XXX address to connect to the phpmyadmin site
sed -i -e 's/Require ip 127.0.0.1/Require ip 1.1.1 2.2.2/g' /etc/httpd/conf.d/phpMyAdmin.conf
sed -i -e 's/Allow from 127.0.0.1/Allow from 1.1.1 2.2.2/g' /etc/httpd/conf.d/phpMyAdmin.conf

# start up web, dataBase and SNMP services
service httpd start
service mariadb start
service snmpd start

# Set the services to start on boot
systemctl enable httpd.service
systemctl enable mariadb.service
systemctl enable snmpd.service

# set the default security and root account for the mariaDB this script is provided by the MariaDB
/usr/bin/mysql_secure_installation

#remove/change some variables in the default php.ini
grep -v "upload_tmp_dir" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "session.save_path" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "allow_url_fopen" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "allow_url_include" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "expose_php" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "disable_functions" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "upload_max_filesize" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "post_max_size" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini

echo 'date.timezone = America/New_York' >> /etc/php.ini
echo 'upload_tmp_dir = "/tmp"' >> /etc/php.ini
echo 'session.save_path = "var/lib/php/session"' >> /etc/php.ini
echo 'allow_url_fopen = Off' >> /etc/php.ini
echo 'allow_url_include = Off' >> /etc/php.ini
echo 'expose_php = Off' >> /etc/php.ini
echo 'upload_max_filesize = 10M' >> /etc/php.ini
echo 'post_max_size = 10M' >> /etc/php.ini

#using this server with SeLinux enabled, so need to let apache read the php.ini file
chcon -t httpd_sys_content_t /etc/php.ini

#modify the httpd.conf to allow virtual hosts
sed -i -e 's/#NameVirtualHost /NameVirtualHost /g' /etc/httpd/conf/httpd.conf
sed -i -e 's/#ServerName www.example.com:80/ServerName cacti.yourdomain.com:80/g' /etc/httpd/conf/httpd.conf

#allow .htaccess files in the cacti web directory
echo '<Directory "/var/www/html/cacti.yourdomain.com/public_html">' >> /etc/httpd/conf/httpd.conf
echo 'AllowOverride All' >> /etc/httpd/conf/httpd.conf
echo '</Directory>' >> /etc/httpd/conf/httpd.conf

#make directories to store indiviual vhost configurations and then add the directory for apache to include
mkdir /etc/httpd/conf.d/vhost
echo 'IncludeOptional conf.d/vhost/*.conf' >> /etc/httpd/conf/httpd.conf

#make directories to store the cacti web files and log files
mkdir /var/www/html/cacti.yourdomain.com
mkdir /var/www/html/cacti.yourdomain.com/logs

#SeLinux needs to allow apache to use the logs folder
chcon -R -t httpd_log_t /var/www/html/cacti.yourdomain.com/logs

#Rotate the log files so they dont get to be one huge file
touch /etc/logrotate.d/cacti.yourdomain.com
echo '/var/www/html/'cacti.yourdomain.com'/logs/access.log /var/www/html/'cacti.yourdomain.com'/logs/error.log{' >> /etc/logrotate.d/cacti.yourdomain.com
echo 'missingok' >> /etc/logrotate.d/cacti.yourdomain.com
echo 'daily' >> /etc/logrotate.d/cacti.yourdomain.com
echo 'dateext' >> /etc/logrotate.d/cacti.yourdomain.com
echo 'extension .log' >> /etc/logrotate.d/cacti.yourdomain.com
echo 'rotate 30' >> /etc/logrotate.d/cacti.yourdomain.com
echo 'notifempty' >> /etc/logrotate.d/cacti.yourdomain.com
echo 'sharedscripts' >> /etc/logrotate.d/cacti.yourdomain.com
echo 'delaycompress' >> /etc/logrotate.d/cacti.yourdomain.com
echo 'postrotate' >> /etc/logrotate.d/cacti.yourdomain.com
echo ' /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true' >> /etc/logrotate.d/cacti.yourdomain.com
echo 'endscript' >> /etc/logrotate.d/cacti.yourdomain.com
echo '}' >> /etc/logrotate.d/cacti.yourdomain.com

#Create the vhost configuration file for the website fqdn
touch /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf
echo '<VirtualHost *:80>'cacti.yourdomain.com >> /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf
echo 'Alias /cacti /var/www/html/cacti.yourdomain.com/public_html' >> /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf
echo 'ServerName 'cacti.yourdomain.com >> /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf
echo 'ServerAlias www.'cacti.yourdomain.com >> /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf
echo 'DocumentRoot /var/www/html/'cacti.yourdomain.com'/public_html' >> /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf
echo 'ServerAdmin ed.harvey@cacti.yourdomain.com' >> /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf
echo 'ErrorLog /var/www/html/'cacti.yourdomain.com'/logs/error.log' >> /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf
echo 'CustomLog "/var/www/html/'cacti.yourdomain.com'/logs/access.log" combined' >> /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf
echo 'DirectoryIndex index.php' >> /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf
echo 'Options Indexes FollowSymLinks' >> /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf
echo '</VirtualHost>' >> /etc/httpd/conf.d/vhost/cacti.yourdomain.com.conf

#download and unzip cacti
cd /var/www/html/cacti.yourdomain.com/
wget http://www.cacti.net/downloads/cacti-1.0.4.tar.gz
tar -zxf cacti-1.0.4.tar.gz

#change to folder name to public_html vs the deafult cacti-1.0.4
mv cacti-1.0.4/ public_html

#after changing and adding http configs, restart the web server
systemctl restart httpd.service

#make the cacti db cacti and user cacti (phpmyadmin will allow you to make a user and a db at one time)
# i used phpmyadmin to do this, but it is possible to do it via the mysql command line.
#to use php myadmin, go to http://yourservername/phpmyadmin or http://yourserveripaddress/phpmyadmin

systemctl restart mariadb.service

#import deafult cacti data into the new datatabse
cd /var/www/html/cacti.yourdomain.com/public_html/
mysql -u cacti -p cacti < cacti.sql

#cacti uses an include file to define the dabatase name, the database user and user password in the config.php file
#replace the existing values with the new made ones
vi /var/www/html/cacti.yourdomain.com/public_html/include/config.php

#Cacti requires SeLinux changes on at least 2 directories as well as allowing apache to write to the folders
chcon -R -t httpd_sys_content_rw_t /var/www/html/cacti.yourdomain.com/public_html/rra/
chcon -R -t httpd_sys_content_rw_t /var/www/html/cacti.yourdomain.com/public_html/log/
chown -R apache /var/www/html/cacti.yourdomain.com/public_html/rra/ /var/www/html/cacti.yourdomain.com/public_html/log/

#Have the poller run every 5 minutes
vi /etc/cron.d/cacti
*/5 * * * * /usr/bin/php /var/www/html/cacti.yourdomain.com/public_html/poller.php > /dev/null 2>&1

#During the cacti install, the installer requires the DB server to have timezone tables and permission to reference.
#the maria install didnt populate the data, so have to load it into the default system database
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql

#cati requires the new cacti db user to have select on one of the newley created time zone tables.
# i used phpmyadmin to do this but it can be done via command line
#grant cacti user select permission on mysql db, timezone name table

#During the web Install file permissions need to be loosened
chown -R apache:apache /var/www/html/cacti.yourdomain.com/public_html
chcon -R -t httpd_sys_content_rw_t /var/www/html/cacti.yourdomain.com/public_html/

#actual cacti install, the installer is web based
# browse to http://yourserverip.com and it should run an installer.

#after the install is completed, reapply some default permissions
chown -R root:root /var/www/html/cacti.yourdomain.com/public_html/
chown -R apache:apache /var/www/html/cacti.yourdomain.com/public_html/log
chown -R apache:apache /var/www/html/cacti.yourdomain.com/public_html/cache/boost
chown -R apache:apache /var/www/html/cacti.yourdomain.com/public_html/cache/mibcache
chown -R apache:apache /var/www/html/cacti.yourdomain.com/public_html/cache/realtime
chown -R apache:apache /var/www/html/cacti.yourdomain.com/public_html/cache/spikekill

#all newly created folders and directories need proper SeLinux so re-write SeLinux
chcon -R -t httpd_sys_content_t /var/www/html/cacti.yourdomain.com/public_html
chcon -R -t httpd_sys_content_rw_t /var/www/html/cacti.yourdomain.com/public_html/log
chcon -R -t httpd_sys_content_rw_t /var/www/html/cacti.yourdomain.com/public_html/cache/boost
chcon -R -t httpd_sys_content_rw_t /var/www/html/cacti.yourdomain.com/public_html/cache/mibcache
chcon -R -t httpd_sys_content_rw_t /var/www/html/cacti.yourdomain.com/public_html/cache/realtime
chcon -R -t httpd_sys_content_rw_t /var/www/html/cacti.yourdomain.com/public_html/cache/spikekill


Top
 Profile  
 
 Post subject: Re: HOWTO Centos 7 Install
PostPosted: Fri Mar 17, 2017 9:55 am 
Offline
Cacti User
User avatar

Joined: Mon Oct 02, 2006 1:22 pm
Posts: 189
Location: Belgium
Thanks,

looks like I still got some issues getting selinux to play ball with ping...
I know it's selinux, but can't figure it out.

I know this is not te solution :
"SELinux is preventing /usr/bin/ping from getopt access on the rawip_socket Unknown.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that ping should be allowed getopt access on the Unknown rawip_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'ping' --raw | audit2allow -M my-ping
# semodule -i my-ping.pp
"

_________________
Joris.
http://www.routerjanitor.com


Top
 Profile  
 
 Post subject: Re: HOWTO Centos 7 Install
PostPosted: Tue Mar 21, 2017 7:05 am 
Offline
Cacti User
User avatar

Joined: Mon Jan 05, 2015 10:10 am
Posts: 289
https://github.com/Cacti/cacti/issues/185

_________________
Before history, there was a paradise, now dust.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group