Installation de Pandora FMS Open sur Rocky Linux
Installation de Pandora FMS Open sur Rocky Linux 8 avec des droits d'utilisateur root et une connexion internet.
Installation en ligne pour EL 9 (Rocky Linux 9, RHEL 9) :
curl -SsL https://raw.githubusercontent.com/pandorafms/pandorafms/develop/extras/deploy-scripts/pandora_deploy_community_el9_gh.sh | bash
Installation en ligne pour EL 8 (Rocky Linux 8, RHEL 8) :
curl -SsL https://raw.githubusercontent.com/pandorafms/pandorafms/develop/extras/deploy-scripts/pandora_deploy_community_el8_gh.sh | bash
Installation en ligne pour EL 7 (CentOS 7, EOL juin 2024) :
curl -SsL https://raw.githubusercontent.com/pandorafms/pandorafms/develop/extras/deploy-scripts/pandora_deploy_community_gh.sh | bash
Référentiels
dnf install -y \ epel-release \ tar \ dnf-utils \ grep sed curl ping \ http://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf module reset php dnf module install -y php:remi-8.0 dnf config-manager --set-enabled powertools
Installation de la base de données Percona
dnf install -y https://repo.percona.com/yum/percona-release-latest.noarch.rpm dnf module disable -y mysql rm -rf /etc/my.cnf percona-release setup ps80 -y dnf install -y percona-server-server percona-xtrabackup-80
Installation des dépendances de la console Web
dnf install -y \ php \ postfix \ php-mcrypt \ php-cli \ php-gd \ php-curl \ php-session \ php-mysqlnd \ php-ldap \ php-zip \ php-zlib \ php-fileinfo \ php-gettext \ php-snmp \ php-mbstring \ php-pecl-zip \ php-xmlrpc \ php-fpm \ libxslt \ wget \ php-xml \ httpd \ mod_php \ atk \ avahi-libs \ cairo \ cups-libs \ fribidi \ gd \ gdk-pixbuf2 \ ghostscript \ graphite2 \ graphviz \ gtk2 \ harfbuzz \ hicolor-icon-theme \ hwdata \ jasper-libs \ lcms2 \ libICE \ libSM \ libXaw \ libXcomposite \ libXcursor \ libXdamage \ libXext \ libXfixes \ libXft \ libXi \ libXinerama \ libXmu \ libXrandr \ libXrender \ libXt \ libXxf86vm \ libcroco \ libdrm \ libfontenc \ libglvnd \ libglvnd-egl \ libglvnd-glx \ libpciaccess \ librsvg2 \ libthai \ libtool-ltdl \ libwayland-client \ libwayland-server \ libxshmfence \ mesa-libEGL \ mesa-libGL \ mesa-libgbm \ mesa-libglapi \ pango \ pixman \ xorg-x11-fonts-75dpi \ xorg-x11-fonts-misc \ poppler-data \ php-yaml \ mod_ssl \ libzstd \ openldap-clients \ https://github.com/pandorafms/pandorafms/releases/download/tools/pandora_gotty-1.1-1.el8.x86_64.rpm \ chromium
Installation des dépendances du serveur PFMS
dnf install -y \ perl \ vim \ fping \ perl-IO-Compress \ nmap \ sudo \ perl-Time-HiRes \ nfdump \ net-snmp-utils \ 'perl(NetAddr::IP)' \ 'perl(Sys::Syslog)' \ 'perl(DBI)' \ 'perl(XML::Simple)' \ 'perl(IO::Socket::INET6)' \ 'perl(XML::Twig)' \ expect \ openssh-clients \ java \ bind-utils \ whois \ libnsl
Paramètres du système d'exploitation
setenforce 0 sed -i -e "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config systemctl disable firewalld --now
Création d'une base de données
cat> /etc/my.cnf <<EO_CONFIG_TMP [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid EO_CONFIG_TMP
systemctl start mysqld grep "temporary password" /var/log/mysqld.log | rev | cut -d' ' -f1 | rev mysql -uroot -p"contraseña"; SET PASSWORD FOR 'root'@'localhost' = 'Pandor4!'; UNINSTALL COMPONENT 'file://component_validate_password'; SET PASSWORD FOR 'root'@'localhost' = 'pandora'; CREATE DATABASE pandora; CREATE USER 'pandora'@'%' IDENTIFIED BY 'pandora'; ALTER USER 'pandora'@'%' IDENTIFIED WITH mysql_native_password BY 'pandora'; GRANT ALL PRIVILEGES ON pandora.* TO 'pandora'@'%'; exit
POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")
cat> /etc/my.cnf <<EO_CONFIG_F [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql character-set-server=utf8mb4 skip-character-set-client-handshake # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Mysql optimizations for Pandora FMS # Please check the documentation in http://pandorafms.com for better results max_allowed_packet = 64M innodb_buffer_pool_size = $POOL_SIZE innodb_lock_wait_timeout = 90 innodb_file_per_table innodb_flush_log_at_trx_commit = 0 innodb_flush_method = O_DIRECT innodb_log_file_size = 64M innodb_log_buffer_size = 16M innodb_io_capacity = 300 thread_cache_size = 8 thread_stack = 256K max_connections = 100 key_buffer_size=4M read_buffer_size=128K read_rnd_buffer_size=128K sort_buffer_size=128K join_buffer_size=4M skip-log-bin sql_mode="" [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid EO_CONFIG_F
systemctl restart mysqld systemctl enable mysqld --now
Installation de la console et du serveur Pandora FMS
wget https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafms_server-7.0NG.772.x86_64.rpm wget https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafms_console-7.0NG.772.noarch.rpm wget https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafms_agent_linux-7.0NG.772.noarch.rpm
dnf install -y ./pandorafms*.rpm
systemctl enable mysqld --now systemctl enable httpd --now systemctl enable php-fpm --now
mysql -upandora -ppandora
use pandora; source /var/www/html/pandora_console/pandoradb.sql; source /var/www/html/pandora_console/pandoradb_data.sql; exit;
cat> /var/www/html/pandora_console/include/config.php <<EO_CONFIG_F <?php \$config["dbtype"] = "mysql"; \$config["dbname"]="pandora"; \$config["dbuser"]="pandora"; \$config["dbpass"]="pandora"; \$config["dbhost"]="127.0.0.1"; \$config["homedir"]="/var/www/html/pandora_console"; \$config["homeurl"]="/pandora_console"; error_reporting(0); \$ownDir = dirname(__FILE__) . '/'; include (\$ownDir . "config_process.php"); EO_CONFIG_F
cat> /etc/httpd/conf.d/pandora.conf <<EO_CONFIG_F ServerTokens Prod <Directory "/var/www/html"> Options FollowSymLinks AllowOverride All Require all granted </Directory> EO_CONFIG_F
sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/images/.htaccess sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/attachment/.htaccess
chmod 600 /var/www/html/pandora_console/include/config.php chown apache. /var/www/html/pandora_console/include/config.php mv /var/www/html/pandora_console/install.php /var/www/html/pandora_console/install.done
sed -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini sed -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini sed -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini sed -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini sed -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini
echo 'TimeOut 900'> /etc/httpd/conf.d/timeout.conf cat> /var/www/html/index.html <<EOF_INDEX <meta HTTP-EQUIV="REFRESH" content="0; url=/pandora_console/"> EOF_INDEX
systemctl restart httpd systemctl restart php-fpm
cat> /etc/snmp/snmptrapd.conf <<EOF authCommunity log public disableAuthorization yes EOF
sed -i -e "s/^dbhost.*/dbhost 127.0.0.1/g" /etc/pandora/pandora_server.conf sed -i -e "s/^dbname.*/dbname pandora/g" /etc/pandora/pandora_server.conf sed -i -e "s/^dbuser.*/dbuser pandora/g" /etc/pandora/pandora_server.conf sed -i -e "s|^dbpass.*|dbpass pandora|g" /etc/pandora/pandora_server.conf sed -i -e "s/^dbport.*/dbport 3306/g" /etc/pandora/pandora_server.conf sed -i -e "s/^#.mssql_driver.*/mssql_driver ODBC Driver 17 for SQL Server/g" /etc/pandora/pandora_server.conf
sed -i -e "s|^fping.*|fping /usr/sbin/fping|g" /etc/pandora/pandora_server.conf
sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_server.conf
cat>> /etc/sysctl.conf <<EO_KO # Pandora FMS Optimization # default=5 net.ipv4.tcp_syn_retries = 3 # default=5 net.ipv4.tcp_synack_retries = 3 # default=1024 net.ipv4.tcp_max_syn_backlog = 65536 # default=124928 net.core.wmem_max = 8388608 # default=131071 net.core.rmem_max = 8388608 # default = 128 net.core.somaxconn = 1024 # default = 20480 net.core.optmem_max = 81920 EO_KO
sysctl --system chown pandora:apache /var/log/pandora chmod g+s /var/log/pandora
cat> /etc/logrotate.d/pandora_server <<EO_LR /var/log/pandora/pandora_server.log /var/log/pandora/web_socket.log /var/log/pandora/pandora_server.error { su root apache weekly missingok size 300000 rotate 3 maxage 90 compress notifempty copytruncate create 660 pandora apache } /var/log/pandora/pandora_snmptrap.log { su root apache weekly missingok size 500000 rotate 1 maxage 30 notifempty copytruncate create 660 pandora apache } EO_LR cat> /etc/logrotate.d/pandora_agent <<EO_LRA /var/log/pandora/pandora_agent.log { su root apache weekly missingok size 300000 rotate 3 maxage 90 compress notifempty copytruncate } EO_LRA
chmod 0644 /etc/logrotate.d/pandora_server chmod 0644 /etc/logrotate.d/pandora_agent
systemctl enable pandora_server --now /etc/init.d/pandora_server start systemctl enable tentacle_serverd service tentacle_serverd start
echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php>> /var/www/html/pandora_console/log/cron.log\">> /etc/crontab
systemctl enable pandora_agent_daemon systemctl start pandora_agent_daemon systemctl enable postfix --now
SSH banner
[ "$(curl -s ifconfig.me)" ] && ipplublic=$(curl -s ifconfig.me) cat > /etc/issue.net << EOF_banner Welcome to Pandora FMS appliance on RHEL/Rocky Linux 8 ------------------------------------------ Go to Public http://$ipplublic/pandora_console to login web console $(ip addr | grep -w "inet" | grep -v "127.0.0.1" | grep -v "172.17.0.1" | awk '{print $2}' | awk -F '/' '{print "Go to Local http://"$1"/pandora_console to login web console"}') You can find more information at http://pandorafms.com EOF_banner rm -f /etc/issue ln -s /etc/issue.net /etc/issue echo 'Banner /etc/issue.net' >> /etc/ssh/sshd_config
Connexion au PFMS
Pour accéder à la console Web, tapez l'adresse IP (ou URL) de l'appareil suivie de /pandora_console/
.
Les identifiants de connexion par défaut sont :
- utilisateur :
admin
- mot de passe :
pandora