LibreNMS

LibreNMS is an open source, powerful and feature-rich auto-discovering PHP based network monitoring system which uses the SNMP protocol. It supports a broad range of operating systems including Linux, FreeBSD, as well as network devices including Cisco, Juniper, Brocade, Foundry, HP and many more.


LibreNMS Features:

It auto-discovers a whole network using these protocols: CDP, FDP, LLDP, OSPF, BGP, SNMP and ARP;

It has a mobile friendly Web UI, with customizable dashboards;

Supports a Unix agent;

Supports horizontal scaling to expand with your network;

Supports a highly flexible and customizable alerting system; sends notifications through email, irc, slack and more;

Supports an API for managing, graphing and retrieving data from your system;

Offers a traffic billing system;

Also supports an Android and iOS apps which offer core functionalities;

Supports integration with NfSen, collectd, SmokePing, RANCID and Oxidized;

Supports multiple authentication methods such as MySQL, HTTP, LDAP, Radius and Active Directory;

Allows for auto updating and many other features.


An online demo is available for you to try before installing LibreNMS on Linux systems:

URL: https://demo.librenms.org/
Username: demo
Password: demo

Install Required Packages - Ubuntu 20.04:


NGINX:


apt install software-properties-common
add-apt-repository universe
apt update

apt install acl curl composer fping git graphviz imagemagick mariadb-client mariadb-server mtr-tiny nginx-full nmap php7.4-cli php7.4-curl php7.4-fpm php7.4-gd php7.4-gmp php7.4-json php7.4-mbstring php7.4-mysql php7.4-snmp php7.4-xml php7.4-zip rrdtool snmp snmpd whois unzip python3-pymysql python3-dotenv python3-redis python3-setuptools python3-systemd


Add librenms user:

useradd librenms -d /opt/librenms -M -r -s "$(which bash)"

Download LibreNMS:

cd /opt git clone https://github.com/librenms/librenms.git

Set permissions:

chown -R librenms:librenms /opt/librenms 
chmod 771 /opt/librenms 

setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ 

setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

Install PHP dependencies:

su - librenms 
./scripts/composer_wrapper.php install --no-dev 
exit

Set timezone:

vi /etc/php/7.4/fpm/php.ini
vi /etc/php/7.4/cli/php.ini

Remember to set the system timezone as well:

timedatectl set-timezone Etc/UTC

Configure MariaDB:

vi /etc/mysql/mariadb.conf.d/50-server.cnf

Within the [mysqld] section add:

innodb_file_per_table=1
lower_case_table_names=0

Enable/Restart MariaDB:

systemctl enable mariadb
systemctl restart mariadb

Go to MySQL as root and set:

mysql -u root

CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER'librenms'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON librenms.*TO'librenms'@'localhost';
FLUSH PRIVILEGES;

Configure PHP-FPM:

cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/librenms.conf vi /etc/php/7.4/fpm/pool.d/librenms.conf

Change [www] to [librenms]


Change user and group to "librenms"


Change listen to a unique name:

listen = /run/php-fpm-librenms.sock

Configure Web Server:

vi /etc/nginx/conf.d/librenms.conf

Add the following config, edit server_name as required:

server {
listen 80;
server_name librenms.example.com;
root /opt/librenms/html;
index index.php;

charsetutf-8;
gzip on;
gzip_typestext/cssapplication/javascripttext/javascriptapplication/x-javascriptimage/svg+xmltext/plaintext/xsdtext/xsltext/xmlimage/x-icon;

location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ [^/]\.php(/|$) {
fastcgi_passunix:/run/php-fpm-librenms.sock;
fastcgi_split_path_info^(.+\.php)(/.+)$;
includefastcgi.conf;
}
location ~ /\.(?!well-known).* {
deny all;
}
}

rm /etc/nginx/sites-enabled/default 
systemctl restart nginx 
systemctl restart php7.4-fpm

Enable lnms command completion:

ln -s /opt/librenms/lnms /usr/bin/lnms 
cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/

Configure SNMPd:

cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

vi /etc/snmp/snmpd.conf

Edit the text which says RANDOMSTRINGGOESHERE and set your own community string.

curl -o usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro 

chmod +x /usr/bin/distro 
systemctl enable snmpd 
systemctl restart snmpd

Copy logrotate config:


LibreNMS keeps logs in /opt/librenms/logs. Over time these can become large and be rotated out. To rotate out the old logs you can use the provided logrotate config file:

cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

Web Installer:


Now head to the web installer and follow the on-screen instructions.

http://librenms.example.com/install

The web installer might prompt you to create a config.php file in your librenms install location manually, copying the content displayed on-screen to the file. If you have to do this, please remember to set the permissions on config.php after you copied the on-screen contents to the file. Run:

chown librenms:librenms /opt/librenms/config.php

Final Steps:

You now should be able to log. Please note that we have not covered HTTPS setup in this example, so your LibreNMS install is not secure by default. Please do not expose it to the public Internet unless you have configured HTTPS and taken appropriate web server hardening steps.



gif

54 views0 comments

Recent Posts

See All

A proof of concept (PoC) was developed for a critical vulnerability in F5's BIG-IP networking software that could expose thousands of users to remote control. The vulnerability, tracked as CVE-2022-13

Windows Subsystem For Linux (WSL) is a tool provided by Microsoft to run Linux natively on Windows. It’s designed to be a seamless experience, essentially providing a full Linux shell that can interac

Steganography is the practice of concealing a file, message, image, or video within another file, message, image or video. This utility can conceal messages in ASCII text by appending whitespace to th