ja:documentation:pandorafms:technical_annexes:42_pfms_open_install_ubuntu

Ubuntu への Pandora FMS オープンソース版のインストール

Pandora FMS ドキュメント一覧に戻る

Installation on Ubuntu server 22.04.1 or 22.04.2 with root user rights, systemd enabled and internet connection.

root ユーザ権限、systemd 有効化、インターネット接続を満たした Ubuntu server 22.04.1 または 22.04.2 へのインストール。

Online installation for Ubuntu (22.04 LTS):

Ubuntu (22.04 LTS) へのオンラインインストール: 

curl -SsL https://raw.githubusercontent.com/pandorafms/pandorafms/develop/extras/deploy-scripts/pandora_deploy_community_ubuntu_2204_gh.sh | bash

開始

In a terminal window with user root:

root ユーザのターミナル ウィンドウにて: 

apt install -y gawk sed grep ping
rm -rf /opt/pandora/deploy
mkdir -p /opt/pandora/deploy
cd /opt/pandora/deploy
apt update
apt install -y net-tools vim curl wget \
 software-properties-common apt-transport-https \
 ca-certificates gnupg lsb-release

Apache2 および PHP 8 のインストール

add-apt-repository ppa:ondrej/php
apt update
apt upgrade
apt install -y php8.0-fpm php8.0-common libapache2-mod-fcgid php8.0-cli apache2
a2enmod proxy_fcgi setenvif
systemctl reload apache2
a2enconf php8.0-fpm
systemctl restart php8.0-fpm

Pandora FMS ウェブコンソール依存ファイル

apt install -y \
 ldap-utils postfix \
 wget graphviz \
 xfonts-75dpi xfonts-100dpi \
 xfonts-ayu xfonts-intl-arabic \
 xfonts-intl-asian xfonts-intl-phonetic \
 xfonts-intl-japanese-big xfonts-intl-european \
 xfonts-intl-chinese xfonts-intl-japanese \
 xfonts-intl-chinese-big libzstd1 \
 gir1.2-atk-1.0 libavahi-common-data \
 cairo-perf-utils libfribidi-bin \
 php8.0-mcrypt php8.0-gd \
 php8.0-curl php8.0-mysql \
 php8.0-ldap php8.0-fileinfo \
 php8.0-gettext php8.0-snmp \
 php8.0-mbstring php8.0-zip \
 php8.0-xmlrpc php8.0-xml \
 php8.0-yaml libnet-telnet-perl \
 whois cron

Pandora FMS サーバ依存ファイル

apt install -y \
 perl nmap \
 fping sudo \
 net-tools nfdump \
 expect openssh-client \
 unzip xprobe coreutils \
 libio-compress-perl libmoosex-role-timer-perl \
 libdbd-mysql-perl libcrypt-mysql-perl \
 libhttp-request-ascgi-perl liblwp-useragent-chicaching-perl \
 liblwp-protocol-https-perl snmp \
 libnetaddr-ip-perl libio-socket-ssl-perl \
 libio-socket-socks-perl libio-socket-ip-perl \
 libio-socket-inet6-perl libnet-telnet-perl \
 libjson-perl libencode-perl \
 cron libgeo-ip-perl \
 arping snmp-mibs-downloader \
 snmptrapd  libnsl2 make \
 openjdk-8-jdk
 
mkdir -m 0755 -p /etc/apt/keyrings
 
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
 sudo gpg --yes --dearmor -o /etc/apt/keyrings/docker.gpg
 
echo \
 "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu  $(lsb_release -cs) stable" | \
 sudo tee /etc/apt/sources.list.d/docker.list
 
apt update -y
apt-get install -y \
 docker-ce docker-ce-cli containerd.io \
 docker-buildx-plugin docker-compose-plugin
 
systemctl disable docker --now
systemctl disable docker.socket --now
 
rm -f /usr/sbin/fping
ln -s /usr/bin/fping /usr/sbin/fping

Google Chrome Tool

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
dpkg -i google-chrome-stable_current_amd64.deb
ln -s /usr/bin/google-chrome /usr/bin/chromium-browser

IPAM ユーティリティ

apt install -y \
 libnetaddr-ip-perl \
 coreutils libdbd-mysql-perl \
 libxml-simple-perl libgeo-ip-perl \
 libio-socket-inet6-perl libxml-twig-perl \
 libnetaddr-ip-perl

AppArmor および UFW 設定

systemctl stop ufw.service
systemctl disable ufw
systemctl stop apparmor
systemctl disable apparmor

MySQL のインストール

curl -O https://repo.percona.com/apt/percona-release_latest.generic_all.deb
apt install -y gnupg2 lsb-release ./percona-release_latest.generic_all.deb
percona-release setup ps80
apt install -y percona-server-server percona-xtrabackup-80
systemctl start mysql
 
mysql -uroot -p
 
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'pandora';
 
create database pandora;
 
CREATE USER  pandora IDENTIFIED BY 'pandora';
 
ALTER USER 'pandora' IDENTIFIED WITH mysql_native_password BY 'pandora';
 
GRANT ALL PRIVILEGES ON pandora.* TO 'pandora';
 
exit;
cat > /etc/mysql/my.cnf << EOF_DB
[mysqld]
datadir=/var/lib/mysql
user=mysql
character-set-server=utf8mb4
skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results
max_allowed_packet = 64M
innodb_buffer_pool_size = grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g"
innodb_lock_wait_timeout = 90
innodb_file_per_table
innodb_flush_log_at_trx_commit = 0
innodb_flush_method = O_DIRECT
innodb_log_file_size = 64M
innodb_log_buffer_size = 16M
innodb_io_capacity = 300
thread_cache_size = 8
thread_stack    = 256K
max_connections = 100
key_buffer_size=4M
read_buffer_size=128K
read_rnd_buffer_size=128K
sort_buffer_size=128K
join_buffer_size=4M
skip-log-bin
sql_mode=""
log-error=/var/log/mysql/error.log
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EOF_DB
systemctl restart mysql

Pandora FMS オープンソース版のインストール

curl -LSs --output \
 pandorafms_console-7.0NG.tar.gz \
 "https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafms_console-7.0NG.772.tar.gz"
 
curl -LSs --output \
 pandorafms_server-7.0NG.tar.gz \
 "https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafms_server-7.0NG.772_x86_64.tar.gz"
 
curl -LSs --output \
 pandorafms_agent_linux-7.0NG.tar.gz \
 "https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafms_agent_linux-7.0NG.772.tar.gz"

Consola web PFMS

Pandora FMS ウェブコンソール 

tar xvzf pandorafms_console-7.0NG.tar.gz
 
cp -Ra pandora_console /var/www/html/
 
rm -f /var/www/html/pandora_console/*.spec

PFMS Server

Pandora FMS サーバ 

useradd pandora
 
mv pandorafms_server-7.0NG.tar.gz /opt/pandora/deploy/
 
cd /opt/pandora/deploy
 
tar xvfz pandorafms_server-7.0NG.tar.gz
 
cd pandora_server
 
./pandora_server_installer --install

PFMS Agent

Pandora FMS エージェント 

apt install -y libyaml-tiny-perl perl coreutils wget curl unzip procps python3 python3-pip
 
mv pandorafms_agent_linux-7.0NG.tar.gz /opt/pandora/deploy/
 
cd /opt/pandora/deploy
 
tar xvzf pandorafms_agent_linux-7.0NG.tar.gz
 
cd unix
 
./pandora_agent_installer --install
 
cp -a tentacle_client /usr/local/bin/

GoTTY のインストール

curl --output pandora_gotty.deb https://github.com/pandorafms/pandorafms/releases/download/tools/pandora_gotty_1.1.0.deb
apt install -y ./pandora_gotty.deb

SSL 設定

cat > /etc/apache2/conf-available/ssl-params.conf << EOF_PARAM
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
 
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 
    SSLHonorCipherOrder On
 
 
    Header always set X-Frame-Options DENY
 
    Header always set X-Content-Type-Options nosniff
 
    # Requires Apache >= 2.4
 
    SSLCompression off
 
    SSLUseStapling on
 
    SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
 
 
    # Requires Apache >= 2.4.11
 
    SSLSessionTickets Off
EOF_PARAM
a2enmod ssl
a2enmod headers 
a2enmod rewrite
a2enconf ssl-params 
a2ensite default-ssl 
a2enconf ssl-params 
apache2ctl configtest 
 
systemctl restart apache2
systemctl enable mysql --now
systemctl enable apache2 --now
systemctl enable php8.0-fpm --now

MySQL のテーブルとデータ

mysql -uroot -ppandora
 
use pandora;
 
source /var/www/html/pandora_console/pandoradb.sql
 
source /var/www/html/pandora_console/pandoradb_data.sql
 
exit;

PHP および Apache2 の設定

cat > /var/www/html/pandora_console/include/config.php << EO_CONFIG_F
<?php
\$config["dbtype"] = "mysql";
\$config["dbname"]="pandora";
\$config["dbuser"]="pandora";
\$config["dbpass"]="pandora";
\$config["dbhost"]="127.0.0.1";
\$config["homedir"]="/var/www/html/pandora_console";
\$config["homeurl"]="/pandora_console";
error_reporting(0);
\$ownDir = dirname(__FILE__) . '/';
include (\$ownDir . "config_process.php");
EO_CONFIG_F
cat > /etc/apache2/conf-enabled/pandora_security.conf << EO_CONFIG_F
ServerTokens Prod
<Directory "/var/www/html">
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
EO_CONFIG_F
chmod 600 /var/www/html/pandora_console/include/config.php  
 
chown -R www-data:www-data /var/www/html/pandora_console  
 
mv /var/www/html/pandora_console/install.php /var/www/html/pandora_console/install.done
ln -s /etc/php/8.0/fpm/php.ini /etc/
 
sed --follow-symlinks -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini
 
sed --follow-symlinks -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini
 
sed --follow-symlinks -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini
 
sed --follow-symlinks -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini
 
sed --follow-symlinks -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini
 
sed --follow-symlinks -i -e "s/^disable_functions/;disable_functions/" /etc/php.ini
 
echo 'TimeOut 900' > /etc/apache2/conf-enabled/timeout.conf
echo 'ProxyTimeout 300' >> /etc/apache2/conf-enabled/timeout.conf
cat > /var/www/html/index.html << EOF_INDEX
<meta HTTP-EQUIV="REFRESH" content="0; url=/pandora_console/">
EOF_INDEX
 
systemctl restart apache2
 
systemctl restart php8.0-fpm

Pandora FMS サーバおよびエージェントの設定

cat> /etc/snmp/snmptrapd.conf <<EOF
authCommunity log public
disableAuthorization yes
EOF
sed -i -e "s/^dbhost.*/dbhost 127.0.0.1/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^dbname.*/dbname pandora/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^dbuser.*/dbuser pandora/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s|^dbpass.*|dbpass pandora|g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^dbport.*/dbport 3306/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^#.mssql_driver.*/mssql_driver 17/g" /etc/pandora/pandora_server.conf
grep -q "group www-data" /etc/pandora/pandora_server.conf || \
cat>> /etc/pandora/pandora_server.conf<<EOF_G
#Adding group www-data to assing remote-config permission correctly for ubuntu 22.04
group www-data
EOF_G
sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_agent.conf
cat>> /etc/sysctl.conf <<EO_KO
# Pandora FMS Optimization
# default=5
net.ipv4.tcp_syn_retries = 3
# default=5
net.ipv4.tcp_synack_retries = 3
# default=1024
net.ipv4.tcp_max_syn_backlog = 65536
# default=124928
net.core.wmem_max = 8388608
# default=131071
net.core.rmem_max = 8388608
# default = 128
net.core.somaxconn = 1024
 
# default = 20480
net.core.optmem_max = 81920
 
EO_KO
 
sysctl --system
chown pandora:www-data /var/log/pandora
 
chmod g+s /var/log/pandora
 
cat> /etc/logrotate.d/pandora_server <<EO_LR
/var/log/pandora/pandora_server.log
/var/log/pandora/web_socket.log
/var/log/pandora/pandora_server.error {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
        create 660 pandora apache
}
 
/var/log/pandora/pandora_snmptrap.log {
        su root apache
        weekly
        missingok
        size 500000
        rotate 1
        maxage 30
        notifempty
        copytruncate
        create 660 pandora apache
}
 
EO_LR
cat> /etc/logrotate.d/pandora_agent <<EO_LRA
/var/log/pandora/pandora_agent.log {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
}
 
EO_LRA
 
chmod 0644 /etc/logrotate.d/pandora_server
 
chmod 0644 /etc/logrotate.d/pandora_agent

Tentacle および cron

/etc/init.d/pandora_server start
 
systemctl enable pandora_server 
 
service tentacle_serverd start
 
systemctl enable tentacle_serverd
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
 
echo "@hourly         root    bash -c /etc/cron.hourly/pandora_db" >> /etc/crontab

Remote agent configuration: 

sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_agent.conf
 
/etc/init.d/pandora_agent_daemon start
 
systemctl enable pandora_agent_daemon

PhantomJS 

sed --follow-symlinks -i -e "s/^openssl_conf = openssl_init/#openssl_conf = openssl_init/g" /etc/ssl/openssl.cnf

Postfix 

systemctl enable postfix --now

OpenSSL 

sed -i '/default = default_sect/a legacy = legacy_sect' /etc/ssl/openssl.cnf
sed -i 's/# activate = 1/activate = 1/' /etc/ssl/openssl.cnf
sed -i '/activate = 1/a [legacy_sect]\nactivate = 1' /etc/ssl/openssl.cnf

SSH banner 

[ "$(curl -s ifconfig.me)" ] && ipplublic=$(curl -s ifconfig.me)
 
cat > /etc/issue.net << EOF_banner
 
Welcome to Pandora FMS appliance on Ubuntu
------------------------------------------
Go to Public http://$ipplublic/pandora_console to login web console
$(ip addr | grep -w "inet" | grep -v "127.0.0.1" | grep -v "172.17.0.1" | awk '{print $2}' | awk -F '/' '{print "Go to Local http://"$1"/pandora_console to login web console"}')
 
You can find more information at http://pandorafms.com
 
EOF_banner
 
rm -f /etc/issue
ln -s /etc/issue.net /etc/issue
 
echo 'Banner /etc/issue.net' >> /etc/ssh/sshd_config

Pandora FMS ログイン

To access the Web Console, type the IP address (or URL) of the device followed by /pandora_console/.

ウェブコンソールにアクセスするには、デバイスの IP アドレス (または URL) に続けて /pandora_console/ を入力します。

The default login credentials are:

デフォルトのログイン認証情報は次の通りです。

  • user: admin
  • password: pandora
  • ユーザ: admin
  • パスワード: pandora

Pandora FMS ドキュメント一覧に戻る

  • ja/documentation/pandorafms/technical_annexes/42_pfms_open_install_ubuntu.txt
  • 最終更新: 2024/06/25 07:27
  • by junichi