Installation de Pandora FMS Open sur Rocky Linux

Installation de Pandora FMS Open sur Rocky Linux 8 avec des droits d'utilisateur root et une connexion internet.

Installation en ligne pour EL 9 (Rocky Linux 9, RHEL 9) :

curl -SsL https://raw.githubusercontent.com/pandorafms/pandorafms/develop/extras/deploy-scripts/pandora_deploy_community_el9_gh.sh | bash

Installation en ligne pour EL 8 (Rocky Linux 8, RHEL 8) :

curl -SsL https://raw.githubusercontent.com/pandorafms/pandorafms/develop/extras/deploy-scripts/pandora_deploy_community_el8_gh.sh | bash

Installation en ligne pour EL 7 (CentOS 7, EOL juin 2024) :

curl -SsL https://raw.githubusercontent.com/pandorafms/pandorafms/develop/extras/deploy-scripts/pandora_deploy_community_gh.sh | bash

Référentiels

dnf install -y \
 epel-release \
 tar \
 dnf-utils \
 grep sed curl ping \
 http://rpms.remirepo.net/enterprise/remi-release-8.rpm

dnf module reset php
 
dnf module install -y php:remi-8.0
 
dnf config-manager --set-enabled powertools

Installation de la base de données Percona

dnf install -y https://repo.percona.com/yum/percona-release-latest.noarch.rpm
 
dnf module disable -y mysql
 
rm -rf /etc/my.cnf
 
percona-release setup ps80 -y
 
dnf install -y percona-server-server percona-xtrabackup-80

Installation des dépendances de la console Web

dnf install -y \
    php \
    postfix \
    php-mcrypt \
    php-cli \
    php-gd \
    php-curl \
    php-session \
    php-mysqlnd \
    php-ldap \
    php-zip \
    php-zlib \
    php-fileinfo \
    php-gettext \
    php-snmp \
    php-mbstring \
    php-pecl-zip \
    php-xmlrpc \
    php-fpm \
    libxslt \
    wget \
    php-xml \
    httpd \
    mod_php \
    atk \
    avahi-libs \
    cairo \
    cups-libs \
    fribidi \
    gd \
    gdk-pixbuf2 \
    ghostscript \
    graphite2 \
    graphviz \
    gtk2 \
    harfbuzz \
    hicolor-icon-theme \
    hwdata \
    jasper-libs \
    lcms2 \
    libICE \
    libSM \
    libXaw \
    libXcomposite \
    libXcursor \
    libXdamage \
    libXext \
    libXfixes \
    libXft \
    libXi \
    libXinerama \
    libXmu \
    libXrandr \
    libXrender \
    libXt \
    libXxf86vm \
    libcroco \
    libdrm \
    libfontenc \
    libglvnd \
    libglvnd-egl \
    libglvnd-glx \
    libpciaccess \
    librsvg2 \
    libthai \
    libtool-ltdl \
    libwayland-client \
    libwayland-server \
    libxshmfence \
    mesa-libEGL \
    mesa-libGL \
    mesa-libgbm \
    mesa-libglapi \
    pango \
    pixman \
    xorg-x11-fonts-75dpi \
    xorg-x11-fonts-misc \
    poppler-data \
    php-yaml \
    mod_ssl \
    libzstd \
    openldap-clients \
    https://github.com/pandorafms/pandorafms/releases/download/tools/pandora_gotty-1.1-1.el8.x86_64.rpm \
    chromium

Installation des dépendances du serveur PFMS

dnf install -y \
    perl \
    vim \
    fping \
    perl-IO-Compress \
    nmap \
    sudo \
    perl-Time-HiRes \
    nfdump \
    net-snmp-utils \
    'perl(NetAddr::IP)' \
    'perl(Sys::Syslog)' \
    'perl(DBI)' \
    'perl(XML::Simple)' \
    'perl(IO::Socket::INET6)' \
    'perl(XML::Twig)' \
    expect \
    openssh-clients \
    java \
    bind-utils \
    whois \
    libnsl

Paramètres du système d'exploitation

setenforce 0
sed -i -e "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config
systemctl disable firewalld --now

Création d'une base de données

cat> /etc/my.cnf <<EO_CONFIG_TMP
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EO_CONFIG_TMP

systemctl start mysqld
 
grep "temporary password" /var/log/mysqld.log | rev | cut -d' ' -f1 | rev
mysql -uroot -p"contraseña";
 
SET PASSWORD FOR 'root'@'localhost' = 'Pandor4!';
 
UNINSTALL COMPONENT 'file://component_validate_password';
 
SET PASSWORD FOR 'root'@'localhost' = 'pandora';
 
CREATE DATABASE pandora;
 
CREATE USER 'pandora'@'%' IDENTIFIED BY 'pandora';
 
ALTER USER 'pandora'@'%' IDENTIFIED WITH mysql_native_password BY 'pandora';
GRANT ALL PRIVILEGES ON pandora.* TO 'pandora'@'%';
 
exit

POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")

cat> /etc/my.cnf <<EO_CONFIG_F
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
character-set-server=utf8mb4
skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results
 
max_allowed_packet = 64M
innodb_buffer_pool_size = $POOL_SIZE
innodb_lock_wait_timeout = 90
innodb_file_per_table
innodb_flush_log_at_trx_commit = 0
innodb_flush_method = O_DIRECT
innodb_log_file_size = 64M
innodb_log_buffer_size = 16M
innodb_io_capacity = 300
thread_cache_size = 8
thread_stack    = 256K
max_connections = 100
 
key_buffer_size=4M
read_buffer_size=128K
read_rnd_buffer_size=128K
sort_buffer_size=128K
join_buffer_size=4M
 
skip-log-bin
 
sql_mode=""
 
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
 
EO_CONFIG_F

systemctl restart mysqld
 
systemctl enable mysqld --now

Installation de la console et du serveur Pandora FMS

wget https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafms_server-7.0NG.772.x86_64.rpm
 
wget https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafms_console-7.0NG.772.noarch.rpm
 
wget https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafms_agent_linux-7.0NG.772.noarch.rpm

dnf install -y ./pandorafms*.rpm

systemctl enable mysqld --now
 
systemctl enable httpd --now
 
systemctl enable php-fpm --now

mysql -upandora -ppandora
use pandora;
 
source /var/www/html/pandora_console/pandoradb.sql;
 
source /var/www/html/pandora_console/pandoradb_data.sql;
 
exit;

cat> /var/www/html/pandora_console/include/config.php <<EO_CONFIG_F
<?php
\$config["dbtype"] = "mysql";
\$config["dbname"]="pandora";
\$config["dbuser"]="pandora";
\$config["dbpass"]="pandora";
\$config["dbhost"]="127.0.0.1";
\$config["homedir"]="/var/www/html/pandora_console";
\$config["homeurl"]="/pandora_console";
error_reporting(0);
\$ownDir = dirname(__FILE__) . '/';
include (\$ownDir . "config_process.php");
EO_CONFIG_F

cat> /etc/httpd/conf.d/pandora.conf <<EO_CONFIG_F
ServerTokens Prod
<Directory "/var/www/html">
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
EO_CONFIG_F

sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/images/.htaccess
 
sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/attachment/.htaccess

chmod 600 /var/www/html/pandora_console/include/config.php
 
chown apache. /var/www/html/pandora_console/include/config.php
 
mv /var/www/html/pandora_console/install.php /var/www/html/pandora_console/install.done

sed -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini
 
sed -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini
 
sed -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini
 
sed -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini
 
sed -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini

echo 'TimeOut 900'> /etc/httpd/conf.d/timeout.conf
 
cat> /var/www/html/index.html <<EOF_INDEX
<meta HTTP-EQUIV="REFRESH" content="0; url=/pandora_console/">
EOF_INDEX

systemctl restart httpd
 
systemctl restart php-fpm

cat> /etc/snmp/snmptrapd.conf <<EOF
authCommunity log public
disableAuthorization yes
EOF

sed -i -e "s/^dbhost.*/dbhost 127.0.0.1/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^dbname.*/dbname pandora/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^dbuser.*/dbuser pandora/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s|^dbpass.*|dbpass pandora|g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^dbport.*/dbport 3306/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^#.mssql_driver.*/mssql_driver ODBC Driver 17 for SQL Server/g" /etc/pandora/pandora_server.conf

sed -i -e "s|^fping.*|fping /usr/sbin/fping|g" /etc/pandora/pandora_server.conf

sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_server.conf

cat>> /etc/sysctl.conf <<EO_KO
# Pandora FMS Optimization
 
# default=5
net.ipv4.tcp_syn_retries = 3
 
# default=5
net.ipv4.tcp_synack_retries = 3
 
# default=1024
net.ipv4.tcp_max_syn_backlog = 65536
 
# default=124928
net.core.wmem_max = 8388608
 
# default=131071
net.core.rmem_max = 8388608
 
# default = 128
net.core.somaxconn = 1024
 
# default = 20480
net.core.optmem_max = 81920
 
EO_KO

sysctl --system
 
chown pandora:apache /var/log/pandora
 
chmod g+s /var/log/pandora

cat> /etc/logrotate.d/pandora_server <<EO_LR
/var/log/pandora/pandora_server.log
/var/log/pandora/web_socket.log
/var/log/pandora/pandora_server.error {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
        create 660 pandora apache
}
 
/var/log/pandora/pandora_snmptrap.log {
        su root apache
        weekly
        missingok
        size 500000
        rotate 1
        maxage 30
        notifempty
        copytruncate
        create 660 pandora apache
}
 
EO_LR
 
cat> /etc/logrotate.d/pandora_agent <<EO_LRA
/var/log/pandora/pandora_agent.log {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
}
 
EO_LRA

chmod 0644 /etc/logrotate.d/pandora_server
 
chmod 0644 /etc/logrotate.d/pandora_agent

systemctl enable pandora_server --now
 
/etc/init.d/pandora_server start
 
systemctl enable tentacle_serverd
 
service tentacle_serverd start

echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php>> /var/www/html/pandora_console/log/cron.log\">> /etc/crontab

systemctl enable pandora_agent_daemon
 
systemctl start pandora_agent_daemon
 
systemctl enable postfix --now

SSH banner

[ "$(curl -s ifconfig.me)" ] && ipplublic=$(curl -s ifconfig.me)
 
cat > /etc/issue.net << EOF_banner
 
Welcome to Pandora FMS appliance on RHEL/Rocky Linux 8
------------------------------------------
Go to Public http://$ipplublic/pandora_console to login web console
$(ip addr | grep -w "inet" | grep -v "127.0.0.1" | grep -v "172.17.0.1" | awk '{print $2}' | awk -F '/' '{print "Go to Local http://"$1"/pandora_console to login web console"}')
 
You can find more information at http://pandorafms.com
 
EOF_banner
 
rm -f /etc/issue
ln -s /etc/issue.net /etc/issue
 
echo 'Banner /etc/issue.net' >> /etc/ssh/sshd_config

Connexion au PFMS

Pour accéder à la console Web, tapez l'adresse IP (ou URL) de l'appareil suivie de /pandora_console/ .

Les identifiants de connexion par défaut sont :

  • utilisateur : admin
  • mot de passe : pandora

Retour à l'index de la documentation du Pandora FMS