HOWTO Centos 7 Install

If you figure out how to do something interesting/cool in Cacti and want to share it with the community, please post your experience here.

Moderators: Moderators, Developers

Post Reply
Posts: 1
Joined: Tue Mar 07, 2017 12:56 pm

HOWTO Centos 7 Install

#1 Post by apratchettfan » Tue Mar 07, 2017 1:50 pm

--OS is Centos 7 Minimal ISO with Cacti 1.0.4
--Install OS using normal install, added hostname and static IP
--Lets not bring up the whole never root thing

#this is all via console, you can mostly copy and paste
# Update install and add a couple of utilities
yum update -y
yum install wget -y

#I like phpmyadmin for database stuff, so install the epel to get it
wget ... noarch.rpm
rpm -ivh epel-release-7-9.noarch.rpm

#Using Maria vs MySQL, need to add yum repo --got this right from the mariadb website
# there isnt a default rpm, so we have to make it.
vi /etc/yum.repos.d/MariaDB.repo
# MariaDB 10.1 CentOS repository list - created 2017-03-07 03:37 UTC
name = MariaDB
baseurl =

#New repo, clean up yum
yum clean all

#all our repos are installed so install DB, webserver, php rrdtool and snmp "stuff"
yum install -y yum install MariaDB-server MariaDB-client
yum install httpd httpd-devel php-mysql php-pear php-common php-gd php-devel php php-ldap php-mbstring php-cli -y
yum install php-snmp net-snmp-utils net-snmp-libs rrdtool phpmyadmin -y

#removing the mail server that was installed, not a necessary thing but its a habit
systemctl stop postfix
yum -y remove postfix

# i personally like the iptables vs firewalld -- install ipatbles and turn off firewalld
yum -y install iptables-services
systemctl stop firewalld
systemctl mask firewalld
systemctl enable iptables

#create a default set of rules for iptables
iptables -F
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
service iptables save
systemctl start iptables

# only allow ip address from a 1.1.1.XXX or a 2.2.2.XXX address to connect to the phpmyadmin site
sed -i -e 's/Require ip ip 1.1.1 2.2.2/g' /etc/httpd/conf.d/phpMyAdmin.conf
sed -i -e 's/Allow from from 1.1.1 2.2.2/g' /etc/httpd/conf.d/phpMyAdmin.conf

# start up web, dataBase and SNMP services
service httpd start
service mariadb start
service snmpd start

# Set the services to start on boot
systemctl enable httpd.service
systemctl enable mariadb.service
systemctl enable snmpd.service

# set the default security and root account for the mariaDB this script is provided by the MariaDB

#remove/change some variables in the default php.ini
grep -v "upload_tmp_dir" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "session.save_path" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "allow_url_fopen" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "allow_url_include" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "expose_php" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "disable_functions" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "upload_max_filesize" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini
grep -v "post_max_size" /etc/php.ini > tempphp.ini; mv -f tempphp.ini /etc/php.ini

echo 'date.timezone = America/New_York' >> /etc/php.ini
echo 'upload_tmp_dir = "/tmp"' >> /etc/php.ini
echo 'session.save_path = "var/lib/php/session"' >> /etc/php.ini
echo 'allow_url_fopen = Off' >> /etc/php.ini
echo 'allow_url_include = Off' >> /etc/php.ini
echo 'expose_php = Off' >> /etc/php.ini
echo 'upload_max_filesize = 10M' >> /etc/php.ini
echo 'post_max_size = 10M' >> /etc/php.ini

#using this server with SeLinux enabled, so need to let apache read the php.ini file
chcon -t httpd_sys_content_t /etc/php.ini

#modify the httpd.conf to allow virtual hosts
sed -i -e 's/#NameVirtualHost /NameVirtualHost /g' /etc/httpd/conf/httpd.conf
sed -i -e 's/#ServerName' /etc/httpd/conf/httpd.conf

#allow .htaccess files in the cacti web directory
echo '<Directory "/var/www/html/">' >> /etc/httpd/conf/httpd.conf
echo 'AllowOverride All' >> /etc/httpd/conf/httpd.conf
echo '</Directory>' >> /etc/httpd/conf/httpd.conf

#make directories to store indiviual vhost configurations and then add the directory for apache to include
mkdir /etc/httpd/conf.d/vhost
echo 'IncludeOptional conf.d/vhost/*.conf' >> /etc/httpd/conf/httpd.conf

#make directories to store the cacti web files and log files
mkdir /var/www/html/
mkdir /var/www/html/

#SeLinux needs to allow apache to use the logs folder
chcon -R -t httpd_log_t /var/www/html/

#Rotate the log files so they dont get to be one huge file
touch /etc/logrotate.d/
echo '/var/www/html/''/logs/access.log /var/www/html/''/logs/error.log{' >> /etc/logrotate.d/
echo 'missingok' >> /etc/logrotate.d/
echo 'daily' >> /etc/logrotate.d/
echo 'dateext' >> /etc/logrotate.d/
echo 'extension .log' >> /etc/logrotate.d/
echo 'rotate 30' >> /etc/logrotate.d/
echo 'notifempty' >> /etc/logrotate.d/
echo 'sharedscripts' >> /etc/logrotate.d/
echo 'delaycompress' >> /etc/logrotate.d/
echo 'postrotate' >> /etc/logrotate.d/
echo ' /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true' >> /etc/logrotate.d/
echo 'endscript' >> /etc/logrotate.d/
echo '}' >> /etc/logrotate.d/

#Create the vhost configuration file for the website fqdn
touch /etc/httpd/conf.d/vhost/
echo '<VirtualHost *:80>' >> /etc/httpd/conf.d/vhost/
echo 'Alias /cacti /var/www/html/' >> /etc/httpd/conf.d/vhost/
echo 'ServerName ' >> /etc/httpd/conf.d/vhost/
echo 'ServerAlias www.' >> /etc/httpd/conf.d/vhost/
echo 'DocumentRoot /var/www/html/''/public_html' >> /etc/httpd/conf.d/vhost/
echo 'ServerAdmin [email protected]' >> /etc/httpd/conf.d/vhost/
echo 'ErrorLog /var/www/html/''/logs/error.log' >> /etc/httpd/conf.d/vhost/
echo 'CustomLog "/var/www/html/''/logs/access.log" combined' >> /etc/httpd/conf.d/vhost/
echo 'DirectoryIndex index.php' >> /etc/httpd/conf.d/vhost/
echo 'Options Indexes FollowSymLinks' >> /etc/httpd/conf.d/vhost/
echo '</VirtualHost>' >> /etc/httpd/conf.d/vhost/

#download and unzip cacti
cd /var/www/html/
tar -zxf cacti-1.0.4.tar.gz

#change to folder name to public_html vs the deafult cacti-1.0.4
mv cacti-1.0.4/ public_html

#after changing and adding http configs, restart the web server
systemctl restart httpd.service

#make the cacti db cacti and user cacti (phpmyadmin will allow you to make a user and a db at one time)
# i used phpmyadmin to do this, but it is possible to do it via the mysql command line.
#to use php myadmin, go to http://yourservername/phpmyadmin or http://yourserveripaddress/phpmyadmin

systemctl restart mariadb.service

#import deafult cacti data into the new datatabse
cd /var/www/html/
mysql -u cacti -p cacti < cacti.sql

#cacti uses an include file to define the dabatase name, the database user and user password in the config.php file
#replace the existing values with the new made ones
vi /var/www/html/

#Cacti requires SeLinux changes on at least 2 directories as well as allowing apache to write to the folders
chcon -R -t httpd_sys_content_rw_t /var/www/html/
chcon -R -t httpd_sys_content_rw_t /var/www/html/
chown -R apache /var/www/html/ /var/www/html/

#Have the poller run every 5 minutes
vi /etc/cron.d/cacti
*/5 * * * * /usr/bin/php /var/www/html/ > /dev/null 2>&1

#During the cacti install, the installer requires the DB server to have timezone tables and permission to reference.
#the maria install didnt populate the data, so have to load it into the default system database
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql

#cati requires the new cacti db user to have select on one of the newley created time zone tables.
# i used phpmyadmin to do this but it can be done via command line
#grant cacti user select permission on mysql db, timezone name table

#During the web Install file permissions need to be loosened
chown -R apache:apache /var/www/html/
chcon -R -t httpd_sys_content_rw_t /var/www/html/

#actual cacti install, the installer is web based
# browse to and it should run an installer.

#after the install is completed, reapply some default permissions
chown -R root:root /var/www/html/
chown -R apache:apache /var/www/html/
chown -R apache:apache /var/www/html/
chown -R apache:apache /var/www/html/
chown -R apache:apache /var/www/html/
chown -R apache:apache /var/www/html/

#all newly created folders and directories need proper SeLinux so re-write SeLinux
chcon -R -t httpd_sys_content_t /var/www/html/
chcon -R -t httpd_sys_content_rw_t /var/www/html/
chcon -R -t httpd_sys_content_rw_t /var/www/html/
chcon -R -t httpd_sys_content_rw_t /var/www/html/
chcon -R -t httpd_sys_content_rw_t /var/www/html/
chcon -R -t httpd_sys_content_rw_t /var/www/html/

User avatar
Cacti User
Posts: 212
Joined: Mon Oct 02, 2006 1:22 pm
Location: Belgium

Re: HOWTO Centos 7 Install

#2 Post by JorisFRST » Fri Mar 17, 2017 9:55 am


looks like I still got some issues getting selinux to play ball with ping...
I know it's selinux, but can't figure it out.

I know this is not te solution :
"SELinux is preventing /usr/bin/ping from getopt access on the rawip_socket Unknown.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that ping should be allowed getopt access on the Unknown rawip_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'ping' --raw | audit2allow -M my-ping
# semodule -i my-ping.pp

User avatar
Cacti Pro User
Posts: 835
Joined: Mon Jan 05, 2015 10:10 am

Re: HOWTO Centos 7 Install

#3 Post by Osiris » Tue Mar 21, 2017 7:05 am

Before history, there was a paradise, now dust.

Post Reply