Packetwatch.net
Home Contact Research Papers Guides Pen-Testing Resources Site Map

Cacti in Red Hat Enterprise Linux



Last modified: Sept. 3, 2011

Contents
1 - Summary
2 - Dependencies
3 - Cacti installation
4 - Service configuration
5 - View status on website
6 - Service check


1 - Summary

This guide will show you how to install cacti in Red Hat Enterprise Linux.
Cacti is used to store information used to create graphs to display network
information. This has been tested in Red Hat Enterprise Linux x86_64.


2 - Dependencies

Add the EPEL repository. This repository contains extra packages from Red Hat.
# wget http://download.fedora.redhat.com/pub/epel/$rel/$arch/epel-release-$ver.noarch.rpm
# sudo rpm -ivh epel-release-$ver.noarch.rpm
[sudo] password for user:
# rm -f epel-release-$ver.noarch.rpm

Install the apache package. Apache is a web server that will host the web pages
that display the network information.
# sudo yum install httpd.x86_64
[sudo] password for user:

Find where the apache daemon was installed to.
# rpm -ql httpd-* | grep sbin
/usr/sbin/apachectl
/usr/sbin/htcacheclean
/usr/sbin/httpd
/usr/sbin/httpd.event
/usr/sbin/httpd.worker
/usr/sbin/httxt2dbm
/usr/sbin/rotatelogs
/usr/sbin/suexec

Enable the apache service so that it will start when the system starts up.
# sudo /sbin/chkconfig httpd on
[sudo] password for user:
# sudo /sbin/chkconfig --list httpd
[sudo] password for user:
httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off

Find where the configuration file should be put.
# rpm -ql httpd-* | grep init.d
/etc/rc.d/init.d/httpd
# grep httpd.conf /etc/rc.d/init.d/httpd
# config: /etc/httpd/conf/httpd.conf
        CONFFILE=/etc/httpd/conf/httpd.conf
# strings /usr/sbin/httpd | grep httpd.conf
-D SERVER_CONFIG_FILE="conf/httpd.conf"
conf/httpd.conf
        directive in your httpd.conf file to list a non-root

You will need to modify the original configuration file. Add the following. In
this example, I set the websites to be stored in an alernate directory. By the
way, there is already a group named it which includes an account for the web
developers.
  ServerName server.test.com
  DocumentRoot "/data/websites/test/server"
  ErrorLog syslog
  LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" commonvhost
  CustomLog "|/usr/bin/logger" commonvhost
  #Alias /icons/ "/var/www/icons/"
  #<Directory "/var/www/icons">
  #    Options Indexes MultiViews
  #    AllowOverride None
  #    Order allow,deny
  #    Allow from all
  #</Directory>
  #ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
  #<Directory "/var/www/cgi-bin">
  #    AllowOverride None
  #    Options None
  #    Order allow,deny
  #    Allow from all
  #</Directory>
  #Alias /error/ "/var/www/error/"
  ErrorDocument 404 /index.html
  NameVirtualHost *:80
  NameVirtualHost *:443
  <VirtualHost *:80>
          ServerName server.test.com
          Redirect / https://server.test.com/
  </VirtualHost>
  <VirtualHost *:443>
          ServerName server.test.com
          ServerAdmin root@localhost
          DocumentRoot /data/websites/test/server
  </VirtualHost>
# rpm -ql httpd-* | grep "httpd\.conf"
/etc/httpd/conf/httpd.conf
# sudo cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.example
[sudo] password for user:
# sudo vi /etc/httpd/conf/httpd.conf
[sudo] password for user:
# sudo mkdir -p /data/websites/test/server
[sudo] password for user:
# sudo mkdir -p /data/logs/httpd
[sudo] password for user:
# sudo chown -R root:it /data/logs/httpd/
[sudo] password for user:

Install the mod_ssl package for SSL certificate support. Copy in the SSL
certificate files to /etc/httpd/ssl/.
# sudo yum install mod_ssl.x86_64
[sudo] password for user:
# sudo mkdir /etc/httpd/ssl/
[sudo] password for user:
You will need to modify the original configuration file. Add the following.
  #SSLPassPhraseDialog  builtin
  ErrorLog syslog
  SSLCertificateFile /etc/httpd/ssl/test.cer
  SSLCertificateKeyFile /etc/httpd/ssl/test.key.alt
  SSLCertificateChainFile /etc/httpd/ssl/test.crt
# rpm -ql mod_ssl-* | grep conf.d
/etc/httpd/conf.d/ssl.conf
# sudo cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.example
[sudo] password for user:
# sudo vi /etc/httpd/conf.d/ssl.conf
[sudo] password for user:
Create an index file.
  <html>
  <head>
  <title>Test: Network monitoring</title>
  </head>
  <body>
  <a href="https://server.test.com/cacti/">Bandwidth information - Cacti</a><br>
  </body>
  </html>
# sudo vi /data/websites/test/server/index.html
[sudo] password for user:

Configure syslog appropriately.

Install the php package.
# sudo yum install php.x86_64
[sudo] password for user:
# sudo rpm -ql php-common-* | grep php.ini
/etc/php.ini
# sudo cp /etc/php.ini /etc/php.ini.example
[sudo] password for user:
You will need to modify the original configuration file. Have the following. By
the way, there is already a group named it which includes an account for the web
developers.
  error_reporting  =  E_ALL & ~E_NOTICE
  log_errors_max_len = 0
  error_log = /data/logs/php/errors.log
# sudo vi /etc/php.ini
[sudo] password for user:
# sudo mkdir /data/logs/php
[sudo] password for user:
# sudo touch /data/logs/php/errors.log
[sudo] password for user:
# sudo chown -R root:it /data/logs/php/
[sudo] password for user:
# sudo chmod -R 777 /data/logs/php/
[sudo] password for user:

Install the mysql-server package. MySQL is a database server that will store
the information retreived from the network devices.
# sudo yum install mysql-server.x86_64
[sudo] password for user:

Find where the mysql daemon was installed to.
# rpm -ql mysql-server-* | grep mysqld
/etc/rc.d/init.d/mysqld
/usr/bin/mysqld_multi
/usr/bin/mysqld_safe
/usr/bin/mysqldumpslow
/usr/libexec/mysqld
/usr/share/man/man1/mysqld_multi.1.gz
/usr/share/man/man1/mysqld_safe.1.gz
/usr/share/man/man1/mysqldumpslow.1.gz
/usr/share/man/man1/safe_mysqld.1.gz
/usr/share/man/man8/mysqld.8.gz
/var/log/mysqld.log
/var/run/mysqld

Enable the mysql service so that it will start when the system starts up.
# sudo /sbin/chkconfig mysqld on
[sudo] password for user:
# sudo /sbin/chkconfig --list mysqld
[sudo] password for user:
mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off

Find where the configuration file should be put.
# rpm -ql mysql-server-* | grep init.d
/etc/rc.d/init.d/mysqld
# grep my.cnf /etc/rc.d/init.d/mysqld
# config: /etc/my.cnf
# strings /usr/libexec/mysqld | grep my.cnf
Port number to use for connection or 0 for default to, in order of preference, 
my.cnf, $MYSQL_TCP_PORT, /etc/services, built-in default (3306).
InnoDB: in my.cnf, but AWE can only be used in Windows 2000 and later.
InnoDB: you should now edit innodb_data_file_path in my.cnf back
InnoDB: missing. Have you edited innodb_data_file_path in my.cnf in an
InnoDB: You can set innodb_force_recovery=1 in my.cnf to force
InnoDB: my.cnf and restart the database.
InnoDB: mysqld and edit my.cnf so that newraw is replaced
InnoDB: You can try to recover the database with the my.cnf
InnoDB: AWE: Error: you must specify in my.cnf .._awe_mem_mb larger
InnoDB: To get mysqld to start up, set innodb_thread_concurrency in my.cnf
InnoDB: your my.cnf matches the ibdata files that you have in the
InnoDB: my.cnf! Remember that InnoDB keeps all log files and all system
InnoDB: my.cnf.
InnoDB: the .ibd file, you can set innodb_force_recovery > 0 in my.cnf
InnoDB: the .ibd file, you can set innodb_force_recovery > 0 in my.cnf

You will need to modify the original configuration file. Have the following. In
this example, I set the databases to be stored in an alternate directory using
MyISAM. By the way, there is already a group named it which includes an account
for the web developers.
  [client]
  socket = /data/databases/mysql/mysql.sock

  [mysqld]
  datadir = /data/databases/mysql
  log-bin = /data/databases/log_mysql/binlog
  log-error = /data/logs/mysqld/errors.log
  log-slow-queries = /data/logs/mysqld/slow-query.log
  skip-innodb
  socket = /data/databases/mysql/mysql.sock
  user = mysql
# ls -l /etc/my.cnf
/etc/my.cnf
# sudo cp /etc/my.cnf /etc/my.cnf.example
[sudo] password for user:
# sudo vi /etc/my.cnf
[sudo] password for user:
# sudo mkdir /data/databases
[sudo] password for user:
# sudo mkdir /data/logs/mysqld
[sudo] password for user:
# sudo touch /data/logs/mysqld/errors.log
[sudo] password for user:
# sudo touch /data/logs/mysqld/slow-query.log
[sudo] password for user:
# sudo chown -R root:it /data/logs/
[sudo] password for user:
# sudo chmod -R 777 /data/logs/mysqld/
[sudo] password for user:
# sudo /usr/sbin/usermod -d /data/databases/mysql mysql
[sudo] password for user:
# cd /var/lib/
# sudo rm -fr mysql/
[sudo] password for user:
# sudo ln -s /data/databases/mysql mysql
[sudo] password for user:
# cd ~
Modify the following in the mysqld startup script.
  get_mysql_option mysqld datadir "/data/databases/mysql"
  get_mysql_option mysqld_safe log-error "/data/logs/mysqld/errors.log"
# sudo cp /etc/rc.d/init.d/mysqld /etc/rc.d/init.d/mysqld.original
[sudo] password for user:
# sudo vi /etc/rc.d/init.d/mysqld
[sudo] password for user:

Start the mysql service.
# sudo /sbin/service mysqld start
[sudo] password for user:
Initializing MySQL database:  Installing MySQL system tables...
OK
Filling help tables...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h server.test.com password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
[  OK  ]
Starting MySQL:  [  OK  ]
# sudo /usr/bin/mysqladmin -u root password 'password'
[sudo] password for user:
# sudo /usr/bin/mysqladmin -u root -h server.test.com password 'password'
[sudo] password for user:
# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 21707
Server version: *-log Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database cacti;
Query OK, 1 row affected (0.00 sec)

mysql> create user 'cacti'@'localhost' identified by 'cacti';
Query OK, 0 rows affected (0.01 sec)

mysql> grant all on cacti.* to cacti;
Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.06 sec)

mysql> quit
Bye

Install the net-snmp package. SNMP is a network protocol that is used to
monitor network devices. Net-SNMP will gather information from network devices.
# sudo yum install net-snmp.x86_64
[sudo] password for user:

Find where the net-snmp daemon was installed to.
# rpm -ql net-snmp-* | grep sbin
/usr/sbin/snmpd
/usr/sbin/snmptrapd

Enable the net-snmp service so that it will start when the system starts up.
# sudo /sbin/chkconfig snmpd on
[sudo] password for user:
# sudo /sbin/chkconfig --list snmpd
[sudo] password for user:
snmpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off

Find where the configuration file should be put.
# rpm -ql net-snmp-* | grep init.d
/etc/rc.d/init.d/snmpd
/etc/rc.d/init.d/snmptrapd


# grep -E "(snmpd.conf|snmpd.options)" /etc/rc.d/init.d/snmpd
# config: /etc/snmp/snmpd.conf
# config: /usr/share/snmp/snmpd.conf
if [ -e /etc/sysconfig/snmpd.options ]; then
  . /etc/sysconfig/snmpd.options
# strings /usr/sbin/snmpd | grep snmpd.conf

You will need to modify the original configuration file. Have only the
following.
  rocommunity public server.test.com
  syslocation "Location"
  syscontact "John Doe"
# rpm -ql net-snmp-* | grep snmpd.conf
/etc/snmp/snmpd.conf
/usr/share/man/man5/snmpd.conf.5.gz
# sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.example
[sudo] password for user:
# sudo vi /etc/snmp/snmpd.conf
[sudo] password for user:

You will need to modify the original snmpd options configuration file. Have the
following.
  OPTIONS="-Lf /dev/null -p /var/run/snmpd.pid"
# sudo cp /etc/sysconfig/snmpd.options /etc/sysconfig/snmpd.options.example
[sudo] password for user:
# sudo vi /etc/sysconfig/snmpd.options
[sudo] password for user:

Install the following php packages.
# sudo yum install php-mysql.x86_64
[sudo] password for user:
# sudo yum install php-snmp.x86_64
[sudo] password for user:

Install the rrdtool package.
# sudo yum install libdbi.x86_64
[sudo] password for user: 
# sudo yum install lua.x86_64
[sudo] password for user: 
# sudo yum install net-snmp-utils.x86_64
[sudo] password for user: 
# mkdir cacti
# cd cacti/
# wget http://apt.sw.be/redhat/$rel/$lang/$arch/dag/RPMS/perl-rrdtool-$ver.$rel.rf.$arch.rpm
# sudo rpm -ivh --nodeps perl-rrdtool-$ver.$rel.rf.$arch.rpm 
[sudo] password for user: 
# sudo yum install ruby.x86_64
[sudo] password for user: 
# wget http://apt.sw.be/redhat/$rel/$lang/$arch/dag/RPMS/rrdtool-$ver.$rel.rf.$arch.rpm
# sudo rpm -ivh rrdtool-$ver.$rel.rf.$arch.rpm 
[sudo] password for user: 
# cd ..
# rm -fr cacti/


3 - Cacti installation

Install the cacti package.
# sudo yum install cacti
[sudo] password for user:


4 - Service configuration

Run the following commands to configure some things for cacti.
# sudo mkdir /data/logs/cacti
[sudo] password for user:
# sudo touch /data/logs/cacti/cacti.log
[sudo] password for user:
# sudo chown -R root:it /data/logs/cacti/
[sudo] password for user:
# sudo chmod -R 777 /data/logs/cacti/
[sudo] password for user:
# sudo /usr/sbin/usermod -c 'Cacti' -d / cacti
[sudo] password for user:
# sudo rm -fr /var/log/cacti/
[sudo] password for user:
# sudo rm -f /usr/share/cacti/log
[sudo] password for user:
# sudo cp -Rp /var/lib/cacti/ /data/monitoring/cacti/
[sudo] password for user:
# sudo rm -fr /var/lib/cacti/
[sudo] password for user:
# cd /data/monitoring/cacti/
# sudo rm -f include
[sudo] password for user:
# sudo ln -s /data/websites/test/server/cacti/include include
[sudo] password for user:
# sudo rm -f lib
[sudo] password for user:
# sudo ln -s /data/websites/test/server/cacti/lib lib
[sudo] password for user:
# cd ~

You will need to modify the original configuration file for cacti used by
apache. Have only the following.
  Alias /cacti/ "/data/websites/test/server/cacti/"
  <Directory "/data/websites/test/server/cacti">
      Order allow,deny
      Allow from all
  </Directory>
# rpm -ql cacti-* | grep conf.d
/etc/httpd/conf.d/cacti.conf
# sudo cp /etc/httpd/conf.d/cacti.conf /etc/httpd/conf.d/cacti.conf.example
[sudo] password for user:
# sudo vi /etc/httpd/conf.d/cacti.conf
[sudo] password for user:

Copy the cacti web directory and set ownership and permissions. By the way,
there is already a group named it which includes an account for the web
developers.
# grep "\<Directory " /etc/httpd/conf.d/cacti.conf.example
<Directory /usr/share/cacti/>
# sudo cp -Rp /usr/share/cacti/ /data/websites/test/server/cacti/
[sudo] password for user:
# sudo chown -R apache:it /data/websites/test/server/cacti/
[sudo] password for user:
# sudo chmod -R 774 /data/websites/test/server/cacti/
[sudo] password for user:
# cd /data/monitoring/cacti/
# sudo rm -f include
[sudo] password for user:
# sudo ln -s /data/websites/test/server/cacti/include include
[sudo] password for user:
# sudo rm -f lib
[sudo] password for user:
# sudo ln -s /data/websites/test/server/cacti/lib lib
[sudo] password for user:
# cd ~

You will need to modify the original php configuration file. Have the
following.
  <?php
  $database_type = "mysql";
  $database_default = "cacti";
  $database_hostname = "localhost";
  $database_username = "cacti";
  $database_password = "password";
  $database_port = "3306";
  ?>
# rpm -ql cacti-* | grep "db\.php"
/etc/cacti/db.php
/var/lib/cacti/cli/convert_innodb.php
# sudo cp /etc/cacti/db.php /etc/cacti/db.php.example
[sudo] password for user:
# sudo vi /etc/cacti/db.php
[sudo] password for user:

Find the SQL statement files and insert them.
# rpm -ql cacti-* | grep "\.sql"
/usr/share/doc/cacti-*/cacti.sql
# cat /usr/share/doc/cacti-*/cacti.sql | mysql -u cacti -p cacti
Enter password: 

Setup a cronjob for the cacti poller.
# rpm -ql cacti-* | grep cron
/etc/cron.d/cacti
# cat /etc/cron.d/cacti
#*/5 * * * *    cacti    /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1
Create a file with the following.
  * * * * * /usr/bin/crontab /data/cron/system 2>&1
  */5 * * * * /usr/bin/php /data/websites/test/server/cacti/poller.php > /dev/null 2>&1
# sudo mkdir /data/cron
[sudo] password for user:
# sudo vi /data/cron/system
[sudo] password for user:
# sudo crontab /data/cron/system
[sudo] password for user:

You will need to configure SELinux appropriately. SELinux status can be
found by running sestatus.
# sudo /usr/sbin/sestatus | grep status:
[sudo] password for user:
SELinux status:                 enabled

Before starting the services, make sure that tcp ports 80 and 443 are open in
case you are running firewall software. Here are some sample rules.
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# sudo /sbin/service iptables stop
[sudo] password for user:
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
# sudo cp /etc/sysconfig/iptables /etc/sysconfig/iptables.previous
[sudo] password for user:
# sudo vi /etc/sysconfig/iptables
[sudo] password for user:
# sudo /sbin/service iptables start
[sudo] password for user:
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]

Start the apache service.
# sudo /sbin/service httpd start
[sudo] password for user:
Starting httpd: [  OK  ]

Start the net-snmp service.
# sudo /sbin/service snmpd start
[sudo] password for user:
Starting snmpd: [  OK  ]

Navigate your web browser to https://server.test.com/cacti/. You will see the
following screen. This is a wizard that installs the web frontend. Click on
Next.


Introduction


The next screen asks for the type of installation. Select New Install from the
dropdown box and click on Next.


Type of installation


The next screen shows the values for the different variables. Change the value
for the Cacti Log File Path to be /data/logs/cacti/cacti.log. Click on Finish.


Variables


Navigate your web browser to https://server.test.com/. Click on the link for
Bandwidth information - Cacti and you will get to a login screen. The default
User Name is admin and the default Password is admin. After logging in, you
will be forced to change your password. After this you can change your
username.


5 - View status on website

Navigate your web browser to https://server.test.com/. Click on the link for
Bandwidth information - Cacti. After you login, you will see the main screen.


6 - Service check

Reboot your computer. Log in like normal and check to see that the httpd,
mysqld and net-snmp services are running. That's it, now you have cacti running
in Red Hat Enterprise Linux.
# sudo /sbin/shutdown -r now
[sudo] password for user:
# sudo /sbin/service httpd status
[sudo] password for user:
httpd (pid  3409) is running...
# sudo /sbin/service mysqld status
[sudo] password for user:
mysqld (pid 3342) is running...
# sudo /sbin/service snmpd status
[sudo] password for user:
snmpd (pid  3178) is running...

Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2024.