获取操作系统Centos源更新
修改更新源
rpm --import
yum update
yum -y install gcc gcc-c++ bison patch unzip mlocate flex wget automake autoconf gd cpp gettext readline-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel libidn libidn-devel openldap openldap-devel openldap-clients openldap-servers nss_ldap expat-devel libtool libtool-ltdl-devel
如果系统默认安装了apache,请先卸载.执行:
yum remove httpd
下载最新稳定版的程序源码包,以下都是到官方网站或sourceforge下载的源码包.
wget
wget wget wget wget wget wget wget wget wget wget wget wget ftp://ftp.p_w_picpathmagick.org/pub/ImageMagick/ImageMagick.tar.gz wget wget wget wget wget wget一.安装Mysql.安装最新稳定版5.1.44版本
tar -zxf mysql-5.1.44.tar.gz
cd mysql-5.1.44
./configure --prefix=/usr/local/mysql --enable-assembler --enable-thread-safe-client --with-extra-charsets=all --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-plugins=partition,innodb_plugin,myisam,myisammrg
make && make install
cd ../
groupadd mysql -g 27
useradd mysql -u 27 -g 27 -c "MySQL Server" -d /var/lib/mysql -M
cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf
/usr/local/mysql/bin/mysql_install_db --user=mysql
chown -R mysql /usr/local/mysql/var
chgrp -R mysql /usr/local/mysql/.
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql
chmod u+x /etc/init.d/mysql
chkconfig --level 345 mysql on
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
echo "/usr/local/lib" >>/etc/ld.so.conf
ldconfig
ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
ln -s /usr/local/mysql/include/mysql /usr/include/mysql
ln -s /usr/local/mysql/bin/mysql_config /usr/bin/mysql_config
service mysql start
/usr/local/mysql/bin/mysqladmin -u root password root
service mysql restart
service mysql stop
二.编译安装apache(httpd).apache的执行用户为httpd.
groupadd httpd
useradd -g httpd -s /sbin/nologin -M httpd
cd /usr/local/src
tar zxvf httpd-2.2.8.tar.gz
cd httpd-2.2.8
./configure --prefix=/usr/local/apache --enable-headers --enable-mime-magic --enable-proxy --enable-rewrite --enable-ssl --enable-suexec --disable-userdir --with-included-apr --with-mpm=prefork --with-ssl=/usr --with-suexec-caller=nobody --with-suexec-docroot=/ --with-suexec-gidmin=100 --with-suexec-logfile=/usr/local/apache/logs/suexec_log --with-suexec-uidmin=100 --with-suexec-userdir=public_html
make
make install
mkdir /usr/local/apache/domlogs
cp /usr/local/apache/bin/apachectl /etc/init.d/httpd
1.编辑/etc/init.d/httpd,在首行#!/bin/sh下添加:
# Startup script for the Apache Web Server
# # chkconfig: - 85 15 # description: Apache is a World Wide Web server. It is used to serve \ # HTML files and CGI. # processname: httpd # pidfile: /usr/local/apache/logs/httpd.pid # config: /usr/local/apache/conf/httpd.conf ulimit -n 1024 ulimit -n 4096 ulimit -n 8192 ulimit -n 16384 ulimit -n 32768 ulimit -n 65535保存退出.
2.配置apache配置参数文件httpd.conf,位于/usr/local/apache/conf/目录
cd /usr/local/apache/conf/
mv httpd.conf httpd.conf.bak
mkdir vhosts
vi httpd.conf
输入以下内容:
PidFile logs/httpd.pid
LockFile logs/accept.lock ServerRoot "/usr/local/apache" Listen 0.0.0.0:80 User httpd Group httpd ServerAdmin ServerName nagios.gviva.comTimeout 300
KeepAlive Off MaxKeepAliveRequests 100 KeepAliveTimeout 5 UseCanonicalName Off AccessFileName .htaccess TraceEnable Off ServerTokens ProductOnly FileETag None ServerSignature Off HostnameLookups Off# LoadModule perl_module modules/mod_perl.so
DocumentRoot "/usr/local/apache/htdocs"
<Directory "/">
Options ExecCGI FollowSymLinks Includes IncludesNOEXEC -Indexes -MultiViews SymLinksIfOwnerMatch Order allow,deny Allow from all AllowOverride All </Directory><Directory "/usr/local/apache/htdocs">
Options Includes -Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>DefaultType text/plain
RewriteEngine on AddType text/html .shtml AddHandler cgi-script .cgi .pl .plx .ppl .perl AddHandler server-parsed .shtml <IfModule mime_module>TypesConfig conf/mime.types
AddType application/perl .pl .plx .ppl .perl AddType application/x-img .img AddType application/x-httpd-php .php .php3 .php4 .php5 .php6 AddType application/x-httpd-php-source .phps AddType application/cgi .cgi AddType text/x-sql .sql AddType text/x-log .log AddType text/x-config .cnf conf AddType text/x-registry .reg AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddType application/x-tar .tgz AddType application/rar .rar AddType application/x-compressed .rar AddType application/x-rar .rar AddType application/x-rar-compressed .rar AddType text/vnd.wap.wml .wml AddType p_w_picpath/vnd.wap.wbmp .wbmp AddType text/vnd.wap.wmlscript .wmls AddType application/vnd.wap.wmlc .wmlc AddType application/vnd.wap.wmlscriptc .wmlsc </IfModule><IfModule dir_module>
DirectoryIndex index.html index.htm index.shtml index.php index.perl index.pl index.cgi </IfModule><Files ~ "^error_log$">
Order allow,deny Deny from allSatisfy All
</Files><FilesMatch "^\.ht">
Order allow,deny Deny from all Satisfy All </FilesMatch>ErrorLog "logs/error_log"
LogLevel warn<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule> CustomLog "logs/access_log" common </IfModule><IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" </IfModule><Directory "/usr/local/apache/cgi-bin">
AllowOverride None Options None Order allow,deny Allow from all </Directory><IfModule mpm_prefork_module>
StartServers 3 MinSpareServers 3 MaxSpareServers 5 MaxClients 150 MaxRequestsPerChild 1024 </IfModule><IfModule mod_headers.c>
<FilesMatch "\.(html|htm|shtml)$">Header set Cache-Control "max-age=3600, must-revalidate"
</FilesMatch> </IfModule>ReadmeName README.html
HeaderName HEADER.htmlIndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
Include conf/extra/httpd-languages.conf
<Location /server-status>
SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 </Location> ExtendedStatus On<Location /server-info>
SetHandler server-info Order deny,allow Deny from all Allow from 127.0.0.1</Location>
<IfModule ssl_module>
Listen 0.0.0.0:443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLCipherSuite ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLPassPhraseDialog builtin SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/usr/local/apache/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule>#Vhosts
NameVirtualHost 127.0.0.1:80 NameVirtualHost *<VirtualHost 127.0.0.1:80 *>
ServerName host.evlit.com DocumentRoot /var/www/html ServerAdmin </VirtualHost>Include conf/vhosts/*上述出现的127.0.0.1请改为你本机公网IP.
配置apache
将下面的内容加入apache配置文件的alias模块<IfModule alias_module>
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
# SSLRequireSSL Options ExecCGI AllowOverride None Order allow,deny Allow from all # Order deny,allow # Deny from all # Allow from 127.0.0.1 AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user </Directory>Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
# SSLRequireSSL Options None AllowOverride None Order allow,deny Allow from all # Order deny,allow # Deny from all # Allow from 127.0.0.1 AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user </Directory>安装服务并开机启动
chmod 755 /etc/init.d/httpd chkconfig --add httpd chkconfig --level 345 httpd on service httpd start三.编译安装php(mod_php)
1.编译安装相关支持库tar -zxf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1/
./configure
make
make install
cd ../
tar -jxf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
cd ../
tar -jxf mhash-0.9.9.9.tar.bz2
cd mhash-0.9.9.9/
./configure
make
make install
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4 ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8 ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2 ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1 ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-configcd ../
tar -zxf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
2.编译php,这里我们为php打入补丁.有助于防止邮件发送被滥用(多用户)以及在邮件中提供有价值的信息.
补丁介绍信息请点击:http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/tar -zxf php-5.2.13.tar.gz
patch -d php-5.2.13 -p1 < php5-mail-header.patch
cd php-5.2.13
./configure --prefix=/usr/local --with-config-file-path=/etc --with-apxs2=/usr/local/apache/bin/apxs --enable-bcmath --enable-calendar --enable-exif --enable-ftp --enable-gd-native-ttf --enable-libxml --enable-magic-quotes --enable-mbstring --enable-pdo=shared --enable-soap --enable-sockets --enable-zip --with-bz2 --with-curl --with-curlwrappers --with-freetype-dir --with-gd --with-gettext --with-jpeg-dir --with-kerberos --with-libexpat-dir=/usr --with-libxml-dir=/usr --with-mcrypt=/usr --with-mhash=/usr --with-mysql=/usr --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=/usr/bin/mysql_config --with-openssl=/usr --with-openssl-dir=/usr --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-png-dir=/usr --with-sqlite=shared --with-ttf --with-xmlrpc --with-zlib -with-zlib-dir=/usr --enable-pcntl
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist /etc/php.ini
cd ../
3.安装php扩展模块
tar -zxf memcache-2.2.5.tgz
cd memcache-2.2.5/
phpize
./configure --with-php-config=/usr/local/bin/php-config --with-zlib-dir --enable-memcache
make
make install
cd ../
tar -jxf eaccelerator-0.9.6.tar.bz2
cd eaccelerator-0.9.6/
phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/bin/php-config
make
make install
mkdir -p /tmp/eaccelerator
chmod 777 /tmp/eaccelerator
echo "mkdir -p /tmp/eaccelerator" >> /etc/rc.local
echo "chmod 777 /tmp/eaccelerator" >> /etc/rc.local
cd ../
tar -zxf ImageMagick.tar.gz
cd ImageMagick-*
./configure
make
make install
cd ../
tar -zxf imagick-2.3.0.tgz
cd imagick-2.3.0/
phpize
./configure --with-php-config=/usr/local/bin/php-config
make
make install
cd ../
tar -zxf suhosin-0.9.29.tgz
cd suhosin-0.9.29
phpize
./configure
make
make install
cd ../
tar -zxf ioncube_loaders_lin_x86.tar.gz
cd ioncube
mkdir /usr/local/ioncube
mv ioncube_loader_lin_5.2.so /usr/local/ioncube/
cd /usr/local/src
tar -zxf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
mkdir -p /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x
cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
3.1.修改php.ini.
查找/etc/php.ini中的extension_dir = "./".将其修改为extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613/"
查找;include_path = ".:/php/includes",删除前面的分号,并修改为include_path = ".:/usr/lib/php:/usr/local/lib/php"
跳到最后一行,然后添加以下内容:
extension = "memcache.so"
extension = "pdo.so" extension = "pdo_mysql.so" extension = "pdo_sqlite.so" extension = "sqlite.so" extension = "eaccelerator.so" eaccelerator.shm_size = 32 eaccelerator.cache_dir = "/tmp/eaccelerator" eaccelerator.enable = 1 eaccelerator.optimizer = 0 eaccelerator.debug = 0 eaccelerator.name_space = "" eaccelerator.check_mtime = 1 eaccelerator.filter = "" eaccelerator.shm_max = 0 eaccelerator.shm_ttl = 7200 eaccelerator.shm_prune_period = 7200 eaccelerator.shm_only = 1 eaccelerator.compress = 0 eaccelerator.compress_level = 9 eaccelerator.keys = shm eaccelerator.sessions = shm eaccelerator.content = shm zend_extension = "/usr/local/ioncube/ioncube_loader_lin_5.2.so" zend_extension = "/usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so"4,安装Memcached(可选)
cd /usr/local/src
tar -xzf libevent-1.4.13-stable.tar.gz
cd libevent-1.4.13-stable
./configure
make
make install
ln -s /usr/local/lib/libevent-1.4.so.2 /usr/lib
cd ../
tar -xzf memcached-1.4.4.tar.gz
cd memcached-1.4.4
./configure --with-libevent=/usr
make
make install
基本使用方法:
启动:/usr/local/bin/memcached -d -m 64 -p 11211 -u nobody -l localhost
关闭:killall -9 memcached
以下内容为安装Nagios3.2.3: 下载Nagios3.2.3,Nagios-plugins1.4.15,nrpe2.12,nsclient++wget
Nagios3.2.3,Nagios-plugins1.4.15,nrpe2.12安装在监控服务器上。
去下载nrpe和nsclient++插件。
nrpe2.12安装在Linux/Unix被监控端。
nsclient++安装在Windows被监控端。创建帐号及组
创建帐号
useradd -m nagios
passwd nagios加入Nginx用户组
/usr/sbin/usermod -a -G httpd nagios
httpd 为运行Nginx的帐号。
安装nagios
tar xvf nagios-cn-3.2.3.tar.bz2
cd nagios-cn-3.2.3
./configure --with-command-group=httpd --prefix=/usr/local/nagios --with-gd-lib=/usr --with-gd-inc=/usr
make all
使用make install来安装主程序,CGI和HTML文件
make install
使用make install-init在/etc/rc.d/init.d安装启动脚本
make install-init
使用make install-cofig来安装示例配置文件,安装的路径是/usr/local/nagios/etc.
make install-config
使用make install-commandmode来配置目录权限
make install-commandmode
nagios目录功能的简要说明:
bin Nagios执行程序所在目录,nagios文件即为主程序
etc Nagios配置文件位置 sbin Nagios Cgi文件所在目录,也就是执行外部命令所需文件所在的目录 Share Nagios网页文件所在的目录 var Nagios日志文件、spid 等文件所在的目录 var/archives 日志归档目录 var/rw 用来存放外部命令文件创建Nginx目录验证文件
需要使用有apache服务器创建密码文件
/usr/local/apache/bin/htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
New password: (输入密码) Re-type new password: (再输入一次密码) Adding password for user nagiosadmin当然也可以使用perl 创建密码文件 新建 一个 pw.pl 文件 其内容:
#!/usr/bin/perl
use strict; my $pw=$ARGV[0] ; print crypt($pw,$pw)."\n";然后执行 chmod +x pw.pl
./pw.pl password papAq5PwY/QQM papAq5PwY/QQM 就是password 的crypt()密码 然后 将上面用 perl 生成的 加密后的密码 按照 用户名:密码 的格式写到 htpasswd 文件中这样既完成了设置
配置nagios配置文件vi /usr/local/nagios/etc/objects/contacts.cfg
将里面的email地址改为自己的email地址。
cd ../
安装Nagios插件
tar xzvf nagios-plugins-1.4.15.tar.gz
cd nagios-plugins-1.4.15
./configure --with-nagios-user=nagios --with-nagios-group=httpd
make
make install
安装nagios-snmp-plugins
nagios-snmp-plugins是一套用Perl编写的通过SNMP方式监控主机的插件程序。
wget
tar xzf nagios-snmp-plugins.1.1.1.tgz cd nagios_plugins配置check_snmp_int.pl这些插件的使用时需要配置cpan,CPAN是Comprehensive Perl Archive Network的缩写.。它是一个巨大的Perl软件收藏库,收集了大量有用的Perl模块(modules)及其相关的文件。这里主要是使用Perl-Net-SNMP模块。有两种方式安装:
A)通过CPAN来安装
#perl -MCPAN -e shell cpan> install Net::SNMPB) 手工安装
首先去官方网站下载以下几个模块
Crypt::DES Digest::MD5 Digest::SHA1 Digest::HMAC Net::SNMP下载后对于每个模块依次按照下面的方式安装
tar zxf <module>.tar.gz <module>表示模块名,具体请按上面提到的模块替换
cd <module> <module>表示模块名,具体请按上面提到的模块替换 perl Makefile.pl make test make install注意:Net::SNMP模块必须在最后安装。至此Net::SNMP手动安装完毕
./install.sh
执行nagios-snmp-plugins安装脚本,执行之后会将插件命令安装到/usr/local/nagios/libexec下
启动Nagios
配置机器启动时自动启动Nagios
chkconfig --add nagios
chkconfig nagios on
检查Nagios配置文件
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
启动Nagios
service nagios start
2).如果开启防火墙,应该允许访问apache(一般为80端口)并允许nagios去抓取被监控机信息(一般nrpe为5666端口)。
访问Nagios服务器
输入用户名及密码登录。
安装nrpe插件,用来监控Linux机器
tar xzvf nrpe-2.12.tar.gz
cd nrpe-2.12
./configure
make all
在Nagios服务器端只要安装nrpe监控插件就行
make install-plugin
在/usr/local/nagios/etc/objects/commands.cfg中定义check_nrpe命令
vi /usr/local/nagios/etc/objects/commands.cfg
########################################################################
# # 2008.11.18 add by Stone # NRPE COMMAND # ######################################################################## # 'check_nrpe ' command definition define command{ command_name check_nrpe command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ }在被监控服务器(Linux/unix)上安装Nagios-plugins和nrpeuseradd nagios
tar xzvf nagios-plugins-1.4.15.tar.gz
cd nagios-plugins-1.4.15
Nagios-plugins默认安装到/usr/local/nagios
./configure
make
make install
chown nagios.nagios /usr/local/nagios/
chown -R nagios.nagios /usr/local/nagios/libexec/
tar xzvf nrpe-2.12.tar.gz
cd nrpe-2.12
./configure
make all
安装nrpe插件,本监控端可以不装
make install-plugin
安装nrpe守护进程
make install-daemon
安张nrpe配置文件
make install-daemon-config
修改nrpe配置文件,允许Nagios监控服务器(NagiosServer IP)监控
vi /usr/local/nagios/etc/nrpe.cfg
多台机器用逗号隔开
allowed_hosts=127.0.0.1,(NagiosServer IP)
以独立守护进程启动nrpe,也可以使用xinetd启动nrpe,具体清查看nrpe官方文档。
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
开机自动启动nrpe
vi /etc/rc.d/rc.local
加入下面行
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
检查nrpe是否安装正常
/usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12返回nrpe版本说明安装没问题。
查看启动端口
如果有防火墙应该开放5666端口:
***********************************************************注意:我们需要在/usr/local/nagios/etc/nrpe.cfg中定义我们用到的监控本地资源的命令。
下面的命令是默认定义的:
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10 command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20 command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1 command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200复制代码下面的命令是自己定义的:
# 监控交换分区的使用情况,使用超过20%时为警告状态,超过10%时为严重状态
command[check_swap]=/usr/local/nagios/libexec/check_swap -w 20% -c 10%
# 监控根分区磁盘使用情况
command[check_disk_root]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /
***********************************************************附:
做好必要的安全工作
设置用户家目录/home/user,相关配置参数文件,以及访问日志等目录的权限.
chmod 711 /home
chmod 711 /usr/local/pureftpd
chmod 711 /usr/local/apache/conf/vhosts
chmod 711 /usr/local/apache/domlogs
chmod 711 /usr/local/apache/logs