How to install munin to monitor server ( CPU, MYSQL, memory and others ) Centos 7?

munin_cast

Monitor server with Munin:

Munin is a system, network, and infrastructure monitoring tool, which records different server component activites in given interaval and prodive nice looking graph.

Munin has two component, one is called munin and second one is called munin-node. munin-node aggregate data from each node its installed pass to munin which is used to monitor data. So to install in multiple node we can just install munin-node and use one server with munin to monitor multiple nodes.

Step 1:

To install munin make sure you have apache installed in your server. munin needs apache to display graph frontend.

Install munin and munin-node

yum install -y munin munin-node

Step 2:

Make sure munin-node starts on ever server boot up so adding it to system demon.

systemctl enable munin-node

Example: Setup local and remote servers

Munin allows to monitor server where it is installed and also, we can add remote servers to it. This will provide us to monitor mulitple servers in one interface.

Step 1: Monitor local server:
We can create groups in munin master by different servers. So lets create group for server where it is installed. Lets call it master for easy naming conventions.

vi /etc/munin.conf

look for line

[localhost.localdomain]
    address 127.0.0.1
    use_node_name yes

Change it to following

[Master]
    address 127.0.0.1
    use_node_name yes

Its not require that you need to change above line but it will have to distingust between different munin node we are monitoring.

Step 2:

Configure apache to allow munin to be accessible from browsers. By default munin comes with apache config file and its has setting for htaccess password protections. We can disable this by commenting line but its good to protect munin web access by password. So lets create htaccess password just for munin with username admin and password ‘muninpassword’

htpassd /etc/munin/munin-htpasswd admin

this will prompt for password so we will comply by putting password as ‘muninpassword’

Step 3:

vi /etc/httpd/conf.d/munin.conf

Alias /munin /var/www/html/munin
<directory /var/www/html/munin>
Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
########################################
# comment line below if we dont want to use authentication
########################################3
AuthUserFile /etc/munin/munin-htpasswd #
AuthName "admin" # username we just created
AuthType Basic
require valid-user
##########################################3
#Auth code ends here
######################################3

ExpiresActive On
ExpiresDefault M310

</directory>
ScriptAlias /munin-cgi/munin-cgi-graph /var/www/cgi-bin/munin-cgi-graph
<Location /munin-cgi/munin-cgi-graph>
  AuthUserFile /etc/munin/munin-htpasswd
  AuthName "admin"
  AuthType Basic
  require valid-user
</Location>

Make sure we have “admin” as username in AuthName section. If we dont need password protection then we can comment these Whole auth section. Above config file came as default with munin installation. We can change it as per our requirement.
We have setup /munin as aias in above example, that mean we can access munin by http://<website>/munin

Step 4: Restart munin-node and apache

service munin-node restart
service httpd restart

 

Step 5: access remote server:

http://<your server ip or host name>/munin

it will prompt for username and password.
and we will see graph and our master group.

Munin Master Master

Add remote server to munin Master:

Step 1: Install munin-node in remote server

yum install munin-node

Step 2:  point to munin master

vi /etc/munin/munin-node.conf

Look for line which looks like

allow ^127\.0\.0\.1$

replace with your munin master ip. ( If your master ip is 210.210.210.210 then change line like:

allow ^210\.210\.210\.210$

save and restart munin node

service munin-node restart

 

Step 3: Add your remote munin-node in your master. You can add this just below your Master node config line.

vi /etc/munin/munin.conf

 

[RemoteServer]
 address 210.210.210.209
 use_node_name yes

restart apache and munin-node

Adding more plugins like

MySql :

Munin comes with set of plugins those are active, which are located in /etc/munin/plugins. There are many plugins which comes with munin like MySql which are not active by default.

We can add plugins to munin by installing new plugins or copying plugins from /usr/share/munin/plugins/ to /etc/munin/plugins. Best way to add will be by symbolic link.

For example to add mysql to munin we can do following. Make sure mysql plugin exists in /usr/share/munin/plugins/ and then we create symbolic link for it .

ls -s /usr/share/munin/plugins/mysql_threads /etc/munin/plugins/mysql_threads

Munin Backup Backup

 

Make sure master can do telnet on remote on port 4949.

It will take some time for munin for changes to take effect.

 

Advertisements

Install virtualmin / webmin on centos – complete server setup.

Install Virtualmin:

Virtualmin is free control panel for server. It helps to manage multiple host / websites by managing Apache, Nginx, PHP, DNS, MYSql, FTP, SSH and many more. It is recommended to install virtualmin in fresh server rather ran existing server to prevent conflicts.

This tutorial will help you to setup complete virtualmin server with everything you need to run websites on your VPS or dedicated servers.

Step 1:
Update Yum and install perl and wget which is required for virtualmin.

$ yum update
$ yum install wget
$ yum install perl

Step 2:
Setup Hostname for server:

More details on hostname can be read here.
Let setup hostname as server.mydomain.com ( this is just a example you can setup any hostname you like but make sure you have that domain name with you. )

$ hostname server.mydomain.com

Step 3:
Set timezone:

Please refer to this article for timezone setup (click here)

Step 4:
Add more swap memory:

Please refer to this article for swap memory (click here)

Step 5:
Temp folder management.

we need to delete tmp folder time to time otherwise it will run out of space. To do that lets intsall tmpwatch and set the corn job to run it daily to auto clean up.

$ yum install tmpwatch -y

#update corntab and add following line
0 4 * * * /usr/sbin/tmpwatch -am 12 /tmp

Step 6:
Install virtualmin:

$ wget http://software.virtualmin.com/gpl/scripts/install.sh
$ chmod +x install.sh
$ ./install.sh

Once virtualmin installed, you can login to virtualmin admin by ip address
https:<your server ip>:10000

Step 7:
Security

a) Change port number for virtualmin.

Login to your server https:<your server ip>:10000 with root and system password .

go to webmin > webmin configuration > port and addresss  and change default port 10000 to any port you like .

B) Fix DNS  open resolver attack :

Open DNS will allow anyone to use your dns server and send attack to other servers. So to prevent this we need to allow only our ip ( IP of server). Please refer to this article to fix this problem. ( click here)
Before we work on virtualmin, lets install additional modules for the server.

C) INSTALL FIREWALL:

We can install any open source firewall but my personal choice is CSF firewall. Setup is very simple.  Please read http://download.configserver.com/csf/install.txt document to install it and also option to add interface to webmin.

Installation is quite straightforward:

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

To install or upgrade the csf webmin module:

Install csf as above
Install the csf webmin module in:
  Webmin > Webmin Configuration > Webmin Modules >
  From local file > /usr/local/csf/csfwebmin.tgz > Install Module

Note:
CSF Firewall comes will lots of options. But to start with , make sure your newly added port for virtualmin / webmin is listed in port list.

a) go to Webmin > System > ConfigServer Security & Firewall > Firewall Configuration 
make sure your port ( for webmin ) is there in  TCP_IN, TCP_OUT. If not please add it. 

b) You can also click on check server security to check if there are any loop holes. 
c) Once you happy you can change it from testing mode to live. 

d) SSH only login

Its better to have SSH only login to prevent brute force attacks. Please refer to this article for setup instruction. ( click here)

 

Aditional Setups:

So far you are now ready to host domains / website in your site but you may also consider to install following for more security.

a) Php_suhosin
Php Suhosin will prevent any illegal activity in php code to execute.

b) mod Security:
Its a proxy to prevent cross browsers attacks, injection attacks, brute force e.t.c

c) Nginx

light weight server for web application. ( click here for how to )