Observium is a Free Network Observation and Monitoring System (NOMS) which collects data from devices using SNMP and presents it via a (super-shiny) web interface. It can also be described as a big shitpile of php scripts full of vulnerabilities that you should never expose on the internet. By the way, if you know who I shall contact to drop my vulns, please email me.
Anyway, the recommended distribution to run this is Debian/Ubuntu/RHEL/CentOS,
and I'm using Alpine Linux as hosts in my
hypervisor, because it doesn't have systemd is simple, lightweight, secure,
and a breeze to maintain.
There is not much things that differ from a Debian installation, just enough to be annoying:
- alpine uses mariadb instead of mysql (likely because Oracle has spend the last 10 years buying and killing open-source projects) ;
- no fancy prompt à la Debian when you install your DBMS, you have to
initialize it with a command:
/usr/bin/mysql_install_db --user=mysql. ${APACHE_LOG_DIR}must be replaced with/var/log/apache2/in apache2's configuration file ;- there is no
site-enablefolder in/etc/apache2/, you have to put the VirtualHost file in/etc/apache2/conf.dfolder instead ; - you have to enable the
mod_rewritemodule from apache2 in/etc/apache2/httpd.conf; - Packages have different names, and some of their paths must be changed in your
config.phpfile, like changing/usr/bin/fping{,6}to/usr/sbin/fping{,6}and/usr/bin/mtrto/use/sbin/mtr.
Here is an excerpt of my .ash_history from my installation process:
apk -U upgrade apk add subversion rddtool mtr imagemagick graphviz fping python nmap apk add apache2 mysql mysql-client php-mysqli php-json php-pear php-mcrypt php-ctype apk add net-snmp mkdir -p /opt/observium && cd /opt svn co http://svn.observium.org/svn/observium/trunk observium cp config.php.default config.php vim config.php # don't forget to change the paths of the aforementioned tools /usr/bin/mysql_install_db --user=mysql rc-service mariadb start rc-update add mariadb default /usr/bin/mysqladmin -u root password <mysql root password> mysql -u root -p mysql> CREATE DATABASE observium DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; mysql> GRANT ALL PRIVILEGES ON observium.* TO 'observium'@'localhost' -> IDENTIFIED BY '<observium db password>'; ^d ./discovery.php -u cat<<EOF>/etc/apache2/conf.d/observium.conf <VirtualHost *:80> DocumentRoot /opt/observium/html <FilesMatch \.php$> SetHandler application/x-httpd-php </FilesMatch> <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /opt/observium/html/> DirectoryIndex index.php Options Indexes FollowSymLinks MultiViews AllowOverride All Require all granted </Directory> ErrorLog /var/log/apache2/error.log LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On </VirtualHost> EOF vim /etc/apache2/httpd.conf # enable mod_rewrite rc-update add apache2 rc-service apache2 restart
Also, since Alpine doesn't package python-mysqldb, you'll have to change
the /opt/observium/poller-wrapper.py 2 command in your crontab to
/opt/observium/poller.php -h all. You'll lose threading for the poller,
but since I don't have many machines, I don't care.
That's it, you can now open your web browser to start using your Observium instance.