How To - Install Libre NMS 2021-02 v22

How To - Install LibreNMS (Systems Monitoring)
Contents
Newer version CentOS 8 – in progress..................................................................................................2
How to Install LibreNMS on CentOS 8...................................................................................................2
Installation....................................................................................................................................2
Step 1: Pre-Requisites...............................................................................................................3
Step 2: SELinux..........................................................................................................................3
Step 3: Dependencies................................................................................................................4
Step 4: Setting up Database......................................................................................................5
Step 5: PHP-FPM and Nginx set up.........................................................................................7
Step 6: Miscellaneous:...............................................................................................................9
Step 7: Web Installer................................................................................................................11
Step 8: Adding a New Device..................................................................................................17
Minimal Install – CentOS 7 x6 [DualCore minimum), 4GB RAM , 16GB storage].................................20
Install Webtatic................................................................................................................................20
Install PHP – latest version..............................................................................................................20
Install initial packages......................................................................................................................20
Check the network is functioning as expected................................................................................20
Temporarily Disable Servers ‘Internal’ Firewall...............................................................................21
Download & Configure LibreNMS........................................................................................................22
Add LibreNMS User.........................................................................................................................22
Download LibreNMS........................................................................................................................22
Create a new directory for the LibreNMS logs and the rrd files:.....................................................22
Configure PHP-FPM for the installation of LibreNMS..........................................................................23
Open the PHP-FPM configuration file..............................................................................................24
Install WEBMIN....................................................................................................................................25
Check that WEBMIN is running ok...................................................................................................25
Install MariaDB server.........................................................................................................................25
Securing MariaDB server.................................................................................................................25
Define MariaDB SQL root password................................................................................................26
How To Configure MySQL................................................................................................................26
Configure NGINX..................................................................................................................................26
How to Configure the LibreNMS Virtual Host..................................................................................26
Install Fping.........................................................................................................................................28
Configure SNMPd................................................................................................................................28
Configure Cron job(s).......................................................................................................................28
Copy logrotate config......................................................................................................................28
Set permissions................................................................................................................................28
M. Salmon v1.1 2020-03 Page 1 of 34

Re-enable server Firewall....................................................................................................................29
FIREWALL - ‘firewalld’......................................................................................................................29
Configure Firewall in CentOS 7....................................................................................................29
SSL and Nginx VHost configurations....................................................................................................29
Installing ClamAV.................................................................................................................................30
Configuring Firewall / SELinux.........................................................................................................30
Verify its working, run:................................................................................................................30
Configuring ClamAV.........................................................................................................................31
Generate the SSL certificates:..........................................................................................................32
Create a new virtual host.................................................................................................................32
Newer version CentOS 8 – in progress
https://www.devopstutorials.io/how-to-install-librenms-on-centos-8/
How to Install LibreNMS on CentOS 8

LibreNMS is an open-source network monitoring tool. We can monitor a wide range
of network devices such as Cisco, Juniper, Foundry, FreeBSD, Brocade, HP,
different operating systems such as Linux, FreeBSD, Windows as well and pretty
much anything that supports SNMP polling.
It’s feature set includes automatic discovery, customizable alerts, API access, billing
system for ports on the network, automatic updates and many more. It also has
multiple authentication methods like MySQL, HTTP, LDAP, Radius, Active Directory.
We can also get the LibreNMS native Android and iOS app so that we can monitor
our devices while roaming everywhere.
Installation
For this tutorial, we will be using CentOS 8 as the host operating system. Here is a
brief overview of the steps we will be following in the tutorial.
1. Some pre-requisite operations

2. Configuring SELinux
3. Installing Dependencies and setting user permission
4. Setup Database
5. Web engine configuration (Nginx)
6. Setup Web Interface
7. Adding a device to monitor
Step 1: Pre-Requisites
Before we begin with the installation let us make sure that our system is up to date.
dnf -y update
Now let’s install all repos which are required to install LibreNMS on Centos 8. All
dependencies are found in both Epel and Remi repository. Remi repo to get the
latest PHP package and EPEL repo to satisfy the dependencies.
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
We are also required to enable PHP-7.4 stream because by default PHP-7.2 is

enabled and latest LibreNMS requires PHP-7.3 and above.
dnf module reset php
dnf module enable php:remi-7.4
dnf update
Step 2: SELinux
Before we can start with our installation it is advised that we disable SELinux or set it
to permissive mode so that it will not hinder the installation process. To do this, we
will edit the SELinux config file.
nano /etc/selinux/config

Here we set it to the permissive mode
Make sure to reboot your server after changing the SELinux config.
Step 3: Dependencies
Let’s install the packages required for LibreNMS to run on Ubuntu 20.
dnf install bash-completion cronie fping git ImageMagick mariadb-server mtr net-
snmp net-snmp-utils nginx nmap php-fpm php-cli php-common php-curl php-gd php-json
php-mbstring php-process php-snmp php-xml php-zip php-mysqlnd python3 python3-
PyMySQL python3-redis python3-memcached python3-pip rrdtool unzip
Now let’s create LibreNMS user.
useradd librenms -d /opt/librenms -M -r -s /usr/bin/bash
Finally, it’s time to clone the latest LibreNMS repo under /opt
cd /opt && git clone https://github.com/librenms/librenms.git
Since we have a new user to manage LibreNMS, we are required to provide the user
with the privileges and set permissions for directories.
chown -R librenms:librenms /opt/librenms
chmod 771 /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs

/opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs

/opt/librenms/bootstrap/cache/ /opt/librenms/storage/

We are provided with a PHP script that will install the composer dependencies. To
execute that script we need to switch to librenms user.
su - librenms
./scripts/composer_wrapper.php install --no-dev
exit
Step 4: Setting up Database
We will be using MariaDB on Centos8 for LibreNMS. It is a fork of MySQL and is

quite similar to mysql-server. We have already installed the MariaDB in the
dependencies section.
systemctl start mariadb
systemctl enable mariadb
To set up MariaDB, we will use
mysql_secure_installation
Here we will:
 Set up root password for database

 Remove anonymous users
 Disallow root login remotely
 Remove test databases
 Reload Privileges table
We will now create our database which will be used by LibreNMS. First login as the
root user with the password you set.
mysql -u root -p
Next we are required to create a database and a user, Do not forget to change the
‘password’ below to something secure
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit
In the MariaDB config file, we need to add two lines.
nano /etc/my.cnf.d/mariadb-server.cnf
Add the following lines under [mysqld] section

innodb_file_per_table=1
lower_case_table_names=0
Then restart MariaDB
systemctl restart mariadb
Step 5: PHP-FPM and Nginx set up
For PHP-FPM to work with Nginx, we are required to make changes to the config file
cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/librenms.conf
nano /etc/php-fpm.d/librenms.conf
We will edit the following values.
# Change "www" to "librenms"
[librenms]
# Change user and group to "librenms"
user = librenms
group = librenms
# Change listen to a unique name
listen = /run/php-fpm-librenms.sock
After a quick restart, PHP-FPM should be now ready to go.
systemctl start php-fpm
For Nginx, we will make a config file.

nano /etc/nginx/conf.d/librenms.conf
Now add the following lines in the librenms.conf file and replace server_name with
your IP Address or FQDN.
server {
listen 80;
server_name librenms.example.com;
root /opt/librenms/html;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-

javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / { try_files $uri $uri/ /index.php?$query_string;
location ~ [^/]\.php(/|$) { fastcgi_pass unix:/run/php-fpm-librenms.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi.conf;
location ~ /\.(?!well-known).* {
deny all;
Also, we should not forget to remove the default server section from the nginx.conf
file.

nano /etc/nginx/nginx.conf
Here we
removed the contents of server section
Now start and enable the Nginx so that it will start with system restart
systemctl start nginx
systemctl enable nginx
Step 6: Miscellaneous:
FIREWALLD ACCESS
We can either disable the firewalld
systemctl stop firewalld
systemctl disable firewalld
Or we can allow access through the firewalld by using the following commands.
firewall-cmd --zone public --add-service http
firewall-cmd --permanent --zone public --add-service http
firewall-cmd --zone public --add-service https
firewall-cmd --permanent --zone public --add-service https
SNMPD CONFIG
Copy the sample config file to its required destination
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

We have to edit the RANDOMSTRINGGOESHERE provided in the snmpd.conf file.
nano /etc/snmp/snmpd.conf
Now we will run the following commands to get it set up and started
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd
CRON JOB
LibreNMS has it’s own cron jobs that are used to poll and discover the devices in
your network, copy it’s cron file and paste it inside /etc/cron.d directory.
cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
LOGROTATE
LibreNMS logs can be found in /opt/librenms/logs directory which can grow up to be
quite large at some time in future. We can use the logrotate config provided to
counter this problem.
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
TIMEZONES
It is important for each component that we have installed to work on the same
timezone as our server.
On CentOS
M. Salmon v1.1 2020-03 Page 10 of 34

To check timezone on CentOS 8 we can use
timedatectl
If you want to change it, we will first look at available timezones
timedatectl list-timezones | grep -i continent
Change the ‘continent’ with your continent to make the search easier. Now to

change the timezone we will use. Edit the following command with your timezone
instead of Europe/London.
timedatectl set-timezone Europe/London
PHP-FPM
Time zone can be set in the php.ini file found in /etc
nano /etc/php.ini
Edit the date_timezone under the [Module Setting] section. Use the same timezone
as used above.
Now restart php-fpm and we are good to go.
systemctl restart php-fpm
Step 7: Web Installer
Now on your browser, open the address of your server, In our case, it was
192.168.122.86. Yours might be different. It will take you to the web interface for the
next steps in the setup process.
M. Salmon v1.1 2020-03 Page 11 of 34

Enter the database user password when prompted.
M. Salmon v1.1 2020-03 Page 12 of 34

Next, it will build the Database. If you do not see any errors then we are good to go.
Then we will be creating a user to manage LibreNMS web interface.
M. Salmon v1.1 2020-03 Page 13 of 34

Now click on ‘validate your install and fix any issues’ To validate our install.
M. Salmon v1.1 2020-03 Page 14 of 34

We will be using the same user we created in the web interface to login
M. Salmon v1.1 2020-03 Page 15 of 34

M. Salmon v1.1 2020-03 Page 16 of 34

If you see the above screen then it means that LibreNMS is properly installed and we
are good to go for further configuration.
Step 8: Adding a New Device
We will be adding a Linux device running Debian 10. We will be using SNMP to
collect and organize information from our device
On the device, we will install snmpd
apt install snmpd
Now replace the snmpd.conf file with the example below. And also change the
community string appropriately.
# Change RANDOMSTRINGGOESHERE to your preferred SNMP community string
com2sec readonly default RANDOMSTRINGGOESHERE
group MyROGroup v2c readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
syslocation Rack, Room, Building, City, Country [GPSX,Y]
syscontact Your Name <your@email.address>
#Distro Detection
extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro
#Hardware Detection (uncomment to enable)
#extend .1.3.6.1.4.1.2021.7890.2 hardware '/bin/cat

/sys/devices/virtual/dmi/id/product_name'
#extend .1.3.6.1.4.1.2021.7890.3 manufacturer '/bin/cat

/sys/devices/virtual/dmi/id/sys_vendor'
#extend .1.3.6.1.4.1.2021.7890.4 serial '/bin/cat

/sys/devices/virtual/dmi/id/product_serial'
M. Salmon v1.1 2020-03 Page 17 of 34

Note: Restart snmpd service after changing it's config file.
Now we will head to the add device section in the Web Interface
Add your hostname or IP in its respective section. The default SNMP port is 161 so
we will enter the port as 161. At last enter the community string in the Community
section
After a few minutes, you will be able to see your device in the devices section.
M. Salmon v1.1 2020-03 Page 18 of 34

You have successfully installed your LibreNMS server on Centos 8.Thank you for
reading this blog, if you guys have any questions or you got stuck anywhere please
feel free to mention in the comment section below
Minimal Install – CentOS 7 x6 [DualCore minimum), 4GB RAM , 16GB

storage]
Install Webtatic
# yum install epel-release

# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# yum -y update
Install PHP – latest version

Remove Old PHP version first, as follows:
# yum remove php-common <enter>
M. Salmon v1.1 2020-03 Page 19 of 34

Install initial packages...
# yum -y install yum-utils wget net-tools mlocate composer cronie fping git ImageMagick jwhois
mariadb mariadb-server mtr MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-
cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd
php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool
# yum -y update
Check the network is functioning as expected...

# netstat -atunpl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3188/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1243/master
tcp 0 0 172.16.232.60:22 172.16.232.143:62727 ESTABLISHED 1790/sshd: <user>
tcp 0 64 172.16.232.60:22 172.16.232.143:62710 ESTABLISHED 1264/sshd: <user>
tcp6 0 0 :::22 :::* LISTEN 3188/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1243/master
udp 0 0 127.0.0.1:323 0.0.0.0:* 3456/chronyd
udp 0 0 0.0.0.0:17610 0.0.0.0:* 819/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:* 819/dhclient
udp6 0 0 ::1:323 :::* 3456/chronyd
udp6 0 0 :::41026 :::* 819/dhclient
Temporarily Disable Servers ‘Internal’ Firewall
# systemctl stop firewalld (temporarily stop the firewall {gets in the way early on!})
M. Salmon v1.1 2020-03 Page 20 of 34

Download & Configure LibreNMS

At this point we will create a new user of the system called ‘librenms’, then we will define the home directory for
the user in the / opt / librenms directory, and finally, we will add the librenms user to the nginx group:
Add LibreNMS User

# useradd librenms -d /opt/librenms -M -r
# usermod -a -G librenms nginx
Once the user has been created and added to the respective group, we will go to the /opt/ directory and
download the LibreNMS source code using the git clone command as follows:
Download LibreNMS
# cd /opt
# composer create-project --no-dev --keep-vcs librenms/librenms librenms dev-master
Create a new directory for the LibreNMS logs and the rrd files:
Create a new directory for the LibreNMS logs and the rrd files:
# mkdir -p /opt/librenms/logs/
# mkdir -p /opt/librenms/rrd/
# chmod 775 /opt/librenms/rrd/
Change the ownership of all files and directories in the / opt / librenms directory to the librenms user and group
by executing the following:
# chown -R librenms:librenms /opt/librenms/
# systemctl start nginx

# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to
/usr/lib/systemd/system/nginx.service.
# systemctl status nginx

● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2018-05-02 23:05:07 BST; 11s ago
Main PID: 25895 (nginx)
CGroup: /system.slice/nginx.service
├─25895 nginx: master process /usr/sbin/nginx
├─25896 nginx: worker process
└─25899 nginx: worker process
May 02 23:05:07 nms.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy
server...
May 02 23:05:07 nms.localdomain nginx[25890]: nginx: the configuration file
/etc/nginx/nginx.conf syntax is ok
May 02 23:05:07 nms.localdomain nginx[25890]: nginx: configuration file /etc/nginx/nginx.conf
test is s...sful
May 02 23:05:07 nms.localdomain systemd[1]: Started The nginx HTTP and reverse proxy server.
Hint: Some lines were ellipsized, use -l to show in full.
M. Salmon v1.1 2020-03 Page 21 of 34

Configure PHP-FPM for the installation of LibreNMS

Check local Date/time
# timedatectl
Local time: Tue 2018-05-22 22:31:31 BST

Universal time: Tue 2018-05-22 21:31:31 UTC
RTC time: Tue 2018-05-22 21:31:31
Time zone: Europe/London (BST, +0100)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2018-03-25 00:59:59 GMT
Sun 2018-03-25 02:00:00 BST
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2018-10-28 01:59:59 BST
Sun 2018-10-28 01:00:00 GMT
[root@nms librenms]# timedatectl
Local time: Tue 2018-05-22 22:36:59 BST
Universal time: Tue 2018-05-22 21:36:59 UTC
RTC time: Tue 2018-05-22 21:36:59
Time zone: Europe/London (BST, +0100)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2018-03-25 00:59:59 GMT
Sun 2018-03-25 02:00:00 BST
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2018-10-28 01:59:59 BST
Sun 2018-10-28 01:00:00 GMT
Open the loaded configuration file by PHP in an editor and replace *date.timezone with value from
‘timedatectl’ above.
# vi /etc/php.ini
Find the following lines, uncomment and change their values as shown.
cgi.fix_pathinfo= 0
memory_limit = -1
date.timezone = Europe/London
M. Salmon v1.1 2020-03 Page 22 of 34

Open the PHP-FPM configuration file.
# vi /etc/php-fpm.d/www.conf
Find the following line.
listen = 127.0.0.1:9000
Replace it with the following line.
Further edit/uncomment the following lines.

;user = apache
user = nginx
group = apache ; keep group as apache
;listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php7.2-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
Save the file and exit from the editor. Restart PHP-FPM and enable it to start at boot time.
# systemctl start php-fpm

# systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-

fpm.service to /usr/lib/systemd/system/php-fpm.service
Set the appropriate ownership to the socket file.
# systemctl status php-fpm
php-fpm.service - The PHP FastCGI Process Manager

Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor
preset: disabled)
Active: active (running) since Fri 2018-06-01 16:39:33 BST; 1min 17s ago
Main PID: 7514 (php-fpm)
Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic:
0req/sec"
CGroup: /system.slice/php-fpm.service
├─7514 php-fpm: master process (/etc/php-fpm.conf)
├─7515 php-fpm: pool www
└─7519 php-fpm: pool www
Jun 01 16:39:33 eg3svmlxnms01.phillips-cohen.local systemd[1]: Starting The

PHP FastCGI Process Manager...
Jun 01 16:39:33 eg3svmlxnms01.phillips-cohen.local systemd[1]: Started The
PHP FastCGI Process Manager.
M. Salmon v1.1 2020-03 Page 23 of 34

Install WEBMIN
# vi /etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin Distribution Neutral
#baseurl=https://download.webmin.com/download/yum
mirrorlist=https://download.webmin.com/download/yum/mirrorlist
enabled=1
# wget http://www.webmin.com/jcameron-key.asc
# rpm --import jcameron-key.asc
# yum -y install webmin
# /etc/init.d/webmin stop
# /etc/init.d/webmin restart
Check that WEBMIN is running ok...

# /etc/init.d/webmin status
Webmin (pid 25556) is running
Install MariaDB server

We installed MariaDB Client and Server earlier, so let’s start the MariaDB service and enable it to start
automatically at start-up:
# systemctl enable mariadb

# systemctl start mariadb
Check that MariaDB is functioning as expected...
# systemctl status mariadb

mariadb.service - MariaDB 10.2.14 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/mariadb.service.d
└─migrated-from-my.cnf-settings.conf
Active: active (running) since Thu 2018-05-03 04:07:54 IST; 13s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Main PID: 4142 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
└─4142 /usr/sbin/mysqld
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] InnoDB: 5.7.21...9987
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140189125039872 [Note] InnoDB: Loadin...pool
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] Plugin 'FEEDBA...led.
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140189125039872 [Note] InnoDB: Buffer...7:54
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] Server socket ...::'.
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] Reading of all...eded
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] Added new Mast...able
May 03 04:07:54 nms.localdomain mysqld[4142]: 2018-05-03 4:07:54 140190332725376 [Note] /usr/sbin/mysq...ons.
May 03 04:07:54 nms.localdomain mysqld[4142]: Version: '10.2.14-MariaDB' socket: '/var/lib/mysql/mysql...rver
May 03 04:07:54 nms.localdomain systemd[1]: Started MariaDB 10.2.14 database server.
Hint: Some lines were ellipsized, use -l to show in full.
Now, open the MySQL configuration file.
Securing MariaDB server

Restart MariaDB and enable it to automatically start at boot time.
# mysql_secure_installation
Set root password? [Y/n] Y
Remove anonymous users? [Y/n] Y
M. Salmon v1.1 2020-03 Page 24 of 34

Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
Define MariaDB SQL root password

# mysql -u root -p <password>
Create a new database called ‘librenms’, a new user ‘libreanms’ with password ‘password123’
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;

CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password123';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
Exit MariaDB client by typing ‘exit’ <enter>
MariaDB [(none)]>
MariaDB [(none)]>
MariaDB [(none)]> exit <enter>
Bye
How To Configure MySQL

# vi /etc/my.cnf
Add the following lines at the end of the block.
[mysqld]
innodb_file_per_table=1
sql-mode=""
lower_case_table_names=0
Configure NGINX
How to Configure the LibreNMS Virtual Host
LibreNMS is a Web-based application, and up to this point, we are using a Nginx web server to host it.
We will create a new virtual host file librenms.conf in the nginx conf.d directory by executing the following:
# vi /etc/nginx/conf.d/librenms.conf
In this new file we will paste the following:
server {
# Add your own domain name

listen 80;
server_name nms.phillips-cohen.local;
# LibreNMS Webroot directory

index index.php;
# LibreNMS logs
access_log /opt/librenms/logs/access_log;
error_log /opt/librenms/logs/error_log;
# Enabling Gzip compression on Nginx

charset utf-8;
gzip on;
M. Salmon v1.1 2020-03 Page 25 of 34

gzip_types text/css application/javascript text/javascript application/x-
javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-
icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
# PHP-FPM handle all .php files requests

location ~ \.php {
fastcgi_pass unix:/var/run/php-fpm/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
Now you should delete the [server] section from the [/etc/nginx/nginx.conf] file
Remark out (#) each of the lines, as shown below…. then save the file
# vi /etc/nginx/nginx.conf
# server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
Now we can test the Nginx configuration by executing the following:
[root@nms opt]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
M. Salmon v1.1 2020-03 Page 26 of 34

M. Salmon v1.1 2020-03 Page 27 of 34

Install Fping
# vi /opt/librenms/http_fping.tt
module http_fping 1.0;
require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}
#============= httpd_t ==============

allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
Configure SNMPd
# cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
# vi /etc/snmp/snmpd.conf
# curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro

# chmod +x /usr/bin/distro
# systemctl enable snmpd
# systemctl restart snmpd
Configure Cron job(s)

# cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
Copy logrotate config

LibreNMS keeps logs in /opt/librenms/logs. Over time these can become large and be rotated out. To rotate out
the old logs you can use the provided logrotate config file:
# cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
Set permissions
# chown -R librenms:librenms /opt/librenms
# setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
# setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
# cd /opt/librenms
# ./scripts/composer_wrapper.php install --no-dev
# chown -R librenms:librenms /opt/librenms/logs
# setfacl -R -m g::rwx /opt/librenms/logs

# setfacl -d -m g::rwx /opt/librenms/logs
# semanage fcontext -a -t httpd_sys_content_t ‘/opt/librenms/logs(/.*)?’

# semanage fcontext -a -t httpd_sys_rw_content_t ‘/opt/librenms/logs(/.*)?’
M. Salmon v1.1 2020-03 Page 28 of 34

# restorecon -RFvv /opt/librenms/logs
Re-enable server Firewall
# systemctl stop firewalld (temporarily stop the firewall {gets in the way early on!})
FIREWALL - ‘firewalld’
Configure Firewall in CentOS 7
# yum -y install firewalld
Once installed, we will start firewalld and enable it to run at boot with the following systemctl commands:
# systemctl start firewalld

# systemctl enable firewalld
Once enabled, we will add the following lines to enable the respective services:
# firewall-cmd --add-service=http --permanent

# firewall-cmd --add-service=https --permanent
# firewall-cmd --add-port=161/udp
# firewall-cmd --add-port=161/tcp
We apply the changes by reloading firewalld with the following command:
# firewall-cmd --reload
We can list the rules to confirm that the services have been added correctly:
# firewall-cmd --list-all
SSL and Nginx VHost configurations

Logins and other information sent through the web interface of LibreNMS.
We will configure Nginx to use SSL generated with Let's Encrypt free SSL.
Before you can request the certificates, you will need to allow port 80 and 443, or
standard HTTP and HTTPS services through the firewall.
# firewall-cmd --zone=public --add-service=http --permanent

# firewall-cmd --zone=public --add-service=https --permanent
# firewall-cmd –reload
M. Salmon v1.1 2020-03 Page 29 of 34

Installing ClamAV
# yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-
scanner-systemd clamav-devel clamav-lib clamav-server-systemd
Configuring Firewall / SELinux
# setsebool -P antivirus_can_scan_system 1
# setsebool -P clamd_use_jit 1
Verify its working, run:

# getsebool -a | grep antivirus
You should get this result:
antivirus_can_scan_system --> on
antivirus_use_jit --> on
M. Salmon v1.1 2020-03 Page 30 of 34

Configuring ClamAV
Before Clam configuration can be enabled, you need to remove Example string from the configuration file:
# sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
Next, you will have to specify the server type. Open configuration file with your favorite text editor, in this example
we will use nano. If it’s not already installed, install it using yum:
Open the configuration file:
# vi /etc/clamd.d/scan.conf
Scroll to this line:
#LocalSocket /var/run/clamd.scan/clamd.sock
And change it to:
LocalSocket /var/run/clamd.scan/clamd.sock
Save the changes by hitting CTRL + X shortcut (or COMMAND+X if you are on MAC).
Almost done, now remove Example string from ClamAV’s freshclam update engine configuration file:
# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
Run virus definition database update:
# freshclam
You should get similar output:

ClamAV update process started at Tue Dec 19 09:30:20 2016
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Trying host database.clamav.net (69.163.100.14)...
Downloading daily.cvd [100%]
daily.cvd updated (version: 22739, sigs: 1100989, f-level: 63, builder: neo)
Downloading bytecode-279.cdiff [100%]
bytecode.cld updated (version: 285, sigs: 57, f-level: 63, builder: bbaker)
Database updated (5319836 signatures) from database.clamav.net (IP: 168.143.19.95)
Lastly, start Clamd service and run in on boot:
# systemctl start clamd@scan

# systemctl enable clamd@scan
M. Salmon v1.1 2020-03 Page 31 of 34

FROM THIS POINT FORWARD – SSL IMPLEMENTATION
/ DOCUMENTATION, HAS NOT BEEN UNDERTAKEN or
TESTED!
Install Certbot, which is the client application for Let's Encrypt CA.
# yum -y install certbot
Generate the SSL certificates:

Note: To obtain certificates from Let's Encrypt CA, the domain for which the certificates are to be generated must
be pointed towards the server externally. If not, make the necessary changes to the DNS records of the domain
and wait for the DNS to propagate before making the certificate request again. Certbot checks the domain
authority before providing the certificates.
The SSL certificate will be stored as fullchain.pem and private key will be stored as privkey.pem.
Create a new virtual host.
# vi /etc/nginx/conf.d/nms.example.com.conf <enter>
server {
listen 80;
# server_name nms.localdomain; *remove the < > from below, replacing with registered domain
server_name <nms.domain.org>;
return 301 https://$host$request_uri;
}
server {
listen 443;
# server_name nms.localdomain;
server_name nms.welovebees.cloudns.org;
ssl_certificate /etc/letsencrypt/live/<nms.domain.org> /fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/<nms.domain.org> /privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /opt/librenms/logs/librenms.nginx.access.log;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript
image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
location ~ \.php {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
M. Salmon v1.1 2020-03 Page 32 of 34

# certbot certonly --webroot -w /usr/share/nginx/html -d <nms.domain.org> <enter>
M. Salmon v1.1 2020-03 Page 33 of 33

How To - Install Libre NMS 2021-02 v22

Uploaded by

Copyright:

Available Formats

How To - Install Libre NMS 2021-02 v22

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

How To - Install Libre NMS 2021-02 v22

Uploaded by

Copyright:

Available Formats

How To - Install LibreNMS (Systems Monitoring)

M. Salmon v1.1 2020-03 Page 1 of 34

Newer version CentOS 8 – in progress

How to Install LibreNMS on CentOS 8

1. Some pre-requisite operations

M. Salmon v1.1 2020-03 Page 2 of 34

dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

We are also required to enable PHP-7.4 stream because by default PHP-7.2 is

dnf module reset php

dnf module enable php:remi-7.4

M. Salmon v1.1 2020-03 Page 3 of 34

Here we set it to the permissive mode

Now let’s create LibreNMS user.

useradd librenms -d /opt/librenms -M -r -s /usr/bin/bash

cd /opt && git clone https://github.com/librenms/librenms.git

chown -R librenms:librenms /opt/librenms

chmod 771 /opt/librenms

setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs

setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs

M. Salmon v1.1 2020-03 Page 4 of 34

./scripts/composer_wrapper.php install --no-dev

Step 4: Setting up Database

We will be using MariaDB on Centos8 for LibreNMS. It is a fork of MySQL and is

systemctl start mariadb

systemctl enable mariadb

To set up MariaDB, we will use

 Set up root password for database

M. Salmon v1.1 2020-03 Page 5 of 34

CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;

CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';

GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';

In the MariaDB config file, we need to add two lines.

Add the following lines under [mysqld] section

M. Salmon v1.1 2020-03 Page 6 of 34

Then restart MariaDB

systemctl restart mariadb

Step 5: PHP-FPM and Nginx set up

We will edit the following values.

# Change "www" to "librenms"

# Change user and group to "librenms"

# Change listen to a unique name

After a quick restart, PHP-FPM should be now ready to go.

systemctl start php-fpm

For Nginx, we will make a config file.

M. Salmon v1.1 2020-03 Page 7 of 34

gzip_types text/css application/javascript text/javascript application/x-

location / { try_files $uri $uri/ /index.php?$query_string;

location ~ [^/]\.php(/|$) { fastcgi_pass unix:/run/php-fpm-librenms.sock;

M. Salmon v1.1 2020-03 Page 8 of 34

systemctl start nginx

systemctl enable nginx

systemctl stop firewalld

systemctl disable firewalld

firewall-cmd --zone public --add-service http

firewall-cmd --permanent --zone public --add-service http

firewall-cmd --zone public --add-service https

firewall-cmd --permanent --zone public --add-service https

M. Salmon v1.1 2020-03 Page 9 of 34