LibreNMS

LibreNMS is an open source, powerful and feature-rich auto-discovering PHP based network monitoring system which uses the SNMP protocol. It supports a broad range of operating systems including Linux, FreeBSD, as well as network devices including Cisco, Juniper, Brocade, Foundry, HP and many more.


LibreNMS Features:

It auto-discovers a whole network using these protocols: CDP, FDP, LLDP, OSPF, BGP, SNMP and ARP;

It has a mobile friendly Web UI, with customizable dashboards;

Supports a Unix agent;

Supports horizontal scaling to expand with your network;

Supports a highly flexible and customizable alerting system; sends notifications through email, irc, slack and more;

Supports an API for managing, graphing and retrieving data from your system;

Offers a traffic billing system;

Also supports an Android and iOS apps which offer core functionalities;

Supports integration with NfSen, collectd, SmokePing, RANCID and Oxidized;

Supports multiple authentication methods such as MySQL, HTTP, LDAP, Radius and Active Directory;

Allows for auto updating and many other features.


An online demo is available for you to try before installing LibreNMS on Linux systems:

URL: https://demo.librenms.org/
Username: demo
Password: demo

Install Required Packages - Ubuntu 20.04:


NGINX:


apt install software-properties-common
add-apt-repository universe
apt update

apt install acl curl composer fping git graphviz imagemagick mariadb-client mariadb-server mtr-tiny nginx-full nmap php7.4-cli php7.4-curl php7.4-fpm php7.4-gd php7.4-gmp php7.4-json php7.4-mbstring php7.4-mysql php7.4-snmp php7.4-xml php7.4-zip rrdtool snmp snmpd whois unzip python3-pymysql python3-dotenv python3-redis python3-setuptools python3-systemd


Add librenms user:

useradd librenms -d /opt/librenms -M -r -s "$(which bash)"

Download LibreNMS:

cd /opt git clone https://github.com/librenms/librenms.git

Set permissions:

chown -R librenms:librenms /opt/librenms 
chmod 771 /opt/librenms 

setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ 

setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

Install PHP dependencies:

su - librenms 
./scripts/composer_wrapper.php install --no-dev 
exit

Set timezone:

vi /etc/php/7.4/fpm/php.ini
vi /etc/php/7.4/cli/php.ini

Remember to set the system timezone as well:

timedatectl set-timezone Etc/UTC

Configure MariaDB:

vi /etc/mysql/mariadb.conf.d/50-server.cnf

Within the [mysqld] section add:

innodb_file_per_table=1
lower_case_table_names=0

Enable/Restart MariaDB:

systemctl enable mariadb
systemctl restart mariadb

Go to MySQL as root and set:

mysql -u root

CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER'librenms'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON librenms.*TO'librenms'@'localhost';
FLUSH PRIVILEGES;

Configure PHP-FPM:

cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/librenms.conf vi /etc/php/7.4/fpm/pool.d/librenms.conf

Change [www] to [librenms]


Change user and group to "librenms"


Change listen to a unique name:

listen = /run/php-fpm-librenms.sock

Configure Web Server:

vi /etc/nginx/conf.d/librenms.conf

Add the following config, edit server_name as required:

server {
listen 80;
server_name librenms.example.com;
root /opt/librenms/html;
index index.php;

charsetutf-8;
gzip on;
gzip_typestext/cssapplication/javascripttext/javascriptapplication/x-javascriptimage/svg+xmltext/plaintext/xsdtext/xsltext/xmlimage/x-icon;

location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ [^/]\.php(/|$) {
fastcgi_passunix:/run/php-fpm-librenms.sock;
fastcgi_split_path_info^(.+\.php)(/.+)$;
includefastcgi.conf;
}
location ~ /\.(?!well-known).* {
deny all;
}
}

rm /etc/nginx/sites-enabled/default 
systemctl restart nginx 
systemctl restart php7.4-fpm

Enable lnms command completion:

ln -s /opt/librenms/lnms /usr/bin/lnms 
cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/

Configure SNMPd:

cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

vi /etc/snmp/snmpd.conf

Edit the text which says RANDOMSTRINGGOESHERE and set your own community string.

curl -o usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro 

chmod +x /usr/bin/distro 
systemctl enable snmpd 
systemctl restart snmpd

Copy logrotate config:


LibreNMS keeps logs in /opt/librenms/logs. Over time these can become large and be rotated out. To rotate out the old logs you can use the provided logrotate config file:

cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

Web Installer:


Now head to the web installer and follow the on-screen instructions.

http://librenms.example.com/install

The web installer might prompt you to create a config.php file in your librenms install location manually, copying the content displayed on-screen to the file. If you have to do this, please remember to set the permissions on config.php after you copied the on-screen contents to the file. Run:

chown librenms:librenms /opt/librenms/config.php

Final Steps:

You now should be able to log. Please note that we have not covered HTTPS setup in this example, so your LibreNMS install is not secure by default. Please do not expose it to the public Internet unless you have configured HTTPS and taken appropriate web server hardening steps.



gif

35 views0 comments

Recent Posts

See All

Vulmap – Web Vulnerability

Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions.

Vigenere Cipher

Vigenere Cipher is a method of encrypting alphabetic text. It uses a simple form of polyalphabetic substitution. A polyalphabetic cipher is any cipher based on substitution, using multiple substitutio

Steganography and audio converter

DeepSound is a steganography tool and audio converter that hides secret data into audio files. The application also enables you to extract secret files directly from audio files or audio CD tracks, su