How to Install Pandora FMS Monitoring Tool in Ubuntu 20.04
Pandora FMS also know as "Pandora Flexible Monitoring System" is a monitoring tool used for servers, networks, applications, and virtual infrastructure. It is simple, scalable and suitable for complex and larger environments. It uses several protocols including, TCP, UDP, SNMP, HTTP and agents to collect the different metrics. You can monitor the status and performance of web servers, database servers, applications, routers, and other network devices using the Pandora FMS.
In this tutorial, we will show you how to install and configure Pandora FMS on Ubuntu 20.04.
Prerequisites
- A server running Ubuntu 20.04.
- Valid domain name pointed with your server IP.
- A root password is configured the server.
Getting Started
First, it is recommended to update your system packages to the updated version. You can update them with the following command:
apt-get update -y
Once all the packages are updated, install all the dependencies required for Pandora FMS with the following command:
apt-get install snmp snmpd libnet-telnet-perl libgeo-ip-perl libtime-format-perl libxml-simple-perl libxml-twig-perl libdbi-perl libnetaddr-ip-perl libhtml-parser-perl xprobe2 nmap libmail-sendmail-perl traceroute libio-socket-inet6-perl libhtml-tree-perl libsnmp-perl snmp-mibs-downloader libio-socket-multicast-perl libsnmp-perl libjson-perl -y
Install LAMP Server
Next, you will need to install the Apache server, MariaDB, PHP and other required dependencies to your system. You can install all of them using the following command:
apt-get install apache2 mariadb-server php php-common php-gmp php-curl php-mbstring php-xmlrpc php-mysql php-gd php-bcmath php-xml php-cli php-zip php-pear php-zip php-sqlite3 php-snmp php-db graphviz php-curl php-ldap dbconfig-common unzip git -y
After installing all the packages, edit the php.ini file and define the recommended settings:
nano /etc/php/7.4/apache2/php.ini
Change the following lines:
memory_limit = 256M upload_max_filesize = 100M max_execution_time = 360 max_input_vars = 2000 date.timezone = Asia/Kolkata
Once you are finished, you can proceed to the next step.
Configure MariaDB Database
By default, MariaDB root password is not set. So you will need to set it in your system. You can do that by running the following script:
mysql_secure_installation
Answer all the questions as shown below to set the root password:
Enter current password for root (enter for none): OK, successfully used password, moving on... Set root password? [Y/n] Y Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
Next, log into the MariaDB shell with the following command:
mysql -u root -p
Provide your root password when prompt then enable the mysql_native_password plugin with the following command:
MariaDB [(none)]> USE mysql;
MariaDB [(none)]> UPDATE user SET plugin='mysql_native_password' WHERE User='root';
Next, create a database and user for Pandora with the following command:
MariaDB [(none)]> CREATE DATABASE pandora;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON pandora.* to pandora@'localhost' IDENTIFIED BY 'pandora';
Next, flush the privileges and exit from the MariaDB shell with the following command:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;
Next, you will need to edit the /etc/mysql/my.cnf file and define the sql_mode.
nano /etc/mysql/my.cnf
Add the following lines:
[mysqld] sql_mode=NO_ENGINE_SUBSTITUTION
Save and close the file when you are finished then restart the MariaDB service to apply the changes:
systemctl restart mariadb
Download Pandoa FMS
Next, you will need to download the latest version of pandora FMS from the Git repository. You can download it with the following command:
cd /var/www/html/
git clone https://github.com/pandorafms/pandorafms.git
Next, give proper permission and ownership to the downloaded directory:
chown -R www-data:www-data /var/www/html/pandorafms
chown -R www-data:www-data /var/www/html/pandorafms/pandora_console/
chmod -R 775 /var/www/html/pandorafms/pandora_console/
Next, edit the Pandora configuration file:
nano /var/www/html/pandorafms/pandora_console/include/config.inc.php
Uncomment and change the following lines as per your database settings:
// Default values $config["dbname"]="pandora"; $config["dbuser"]="pandora"; $config["dbpass"]="pandora"; $config["dbhost"]="localhost"; // This is used for reporting, please add "/" character at the end // $config["homedir"]="/var/www/pandora_console/"; // $config["homeurl"]="/pandora_console/"; $config["auth"]["scheme"] = "mysql";
Save and close the file when you are finished.
Configure Apache for Pandora FMS
Next, you will need to create a new Apache virtual host configuration file to serve Pandora FMS. You can create it with the following command:
nano /etc/apache2/sites-available/pandora.conf
Add the following lines:
<VirtualHost *:80> ServerAdmin [email protected] ServerName pandora.linuxbuz.com DocumentRoot /var/www/html/pandorafms/pandora_console <Directory /var/www/html/pandorafms/pandora_console> AllowOverride All </Directory> ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined </VirtualHost>
Save and close the file then enable the Pandora virtual host with the following command:
a2ensite pandora
Next, reload the Apache service to apply the configuration changes:
systemctl restart apache2
Access Pandora FMS
Now, open your web browser and type the URL http://pandora.linuxbuz.com/install.php to access the Pandora FMS. You should see the Pandora FMS web installation wizard as shown below:
Click on the Next button. You should see the following page:
Click on the "Yes, I accept the Licence Terms". You should see the following page:
Make sure all the PHP extensions are installed then click on the Next button. You should see the following page:
Provide your root username, MariaDB root password, Database name, Path of the Pandora and click on the Next button. You should see the following page:
This will change the password for Pandora database user. So you will need to define your origional Pandora database password in config.php file.
Open your terminal and edit the config.php file:
nano /var/www/html/pandorafms/pandora_console/include/config.php
Change the "$config["dbpass"]" field with your origional password:
// Begin of automatic config file $config["dbtype"] = "mysql"; //DB type (mysql, postgresql...in future others) $config["mysqli"] = true; $config["dbname"]="pandora"; $config["dbuser"]="pandora"; $config["dbpass"]="pandora"; $config["dbhost"]="localhost";
Save and close the file. Then, go back to the Pandora installation wizard and click on the Next button. You should see the following page:
Next, open your terminal again and remove the install.php file:
rm -rf /var/www/html/pandorafms/pandora_console/install.php
Next, go back to the Pandora FMS installation wizard and click on the "Click here to access to your Pandora FMS console". You should see the Pandora FMS login screen:
Provide default admin username as admin and password as pandora then click on the Login button. You should see the Pandora dashboard in the following screen:
Secure Pandora FMS with Let's Encrypt
Next, it is recommended to secure your website with Let's Encrypt SSL. First, install the Certbot client using the following command:
apt-get install python3-certbot-apache -y
Once installed, run the following command to secure your website with Let's Encrypt SSL:
certbot --apache -d pandora.linuxbuz.com
You will be asked to provide your email and accept the term of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Plugins selected: Authenticator apache, Installer apache Obtaining a new certificate Performing the following challenges: http-01 challenge for pandora.linuxbuz.com Enabled Apache rewrite module Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/pandora-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/pandora-le-ssl.conf Enabling available site: /etc/apache2/sites-available/pandora-le-ssl.conf
Next, select whether or not to redirect HTTP traffic to HTTPS as shown below:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to install the Let's Encrypt SSL for your website:
Enabled Apache rewrite module Redirecting vhost in /etc/apache2/sites-enabled/pandora.conf to ssl vhost in /etc/apache2/sites-available/pandora-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://pandora.linuxbuz.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=pandora.linuxbuz.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/pandora.linuxbuz.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/pandora.linuxbuz.com/privkey.pem Your cert will expire on 2020-10-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Now, you can access the Pandora FMS securely using the URL https://pandora.linuxbuz.com.
Conclusion
Congratulations! you have successfully installed Pandora FMS monitoring tool with Apache and Let's Encrypt SSL on Ubuntu 20.04 server. You can now add client systems and start monitoring from the Pandora FMS.
