Observium is a Free Network Observation and Monitoring System (NOMS) which collects data from devices using SNMP and presents it via a (super-shiny) web interface. It can also be described as a big shitpile of php scripts full of vulnerabilities that you should never expose on the internet. By the way, if you know who I shall contact to drop my vulns, please email me.
Anyway, the recommended distribution to run this is Debian/Ubuntu/RHEL/CentOS,
and I'm using Alpine Linux as hosts in my
hypervisor, because it doesn't have systemd is simple, lightweight, secure,
and a breeze to maintain.
There is not much things that differ from a Debian installation, just enough to be annoying:
- alpine uses mariadb instead of mysql (likely because Oracle has spend the last 10 years buying and killing open-source projects) ;
- no fancy prompt à la Debian when you install your DBMS, you have to
initialize it with a command:
/usr/bin/mysql_install_db --user=mysql
. ${APACHE_LOG_DIR}
must be replaced with/var/log/apache2/
in apache2's configuration file ;- there is no
site-enable
folder in/etc/apache2/
, you have to put the VirtualHost file in/etc/apache2/conf.d
folder instead ; - you have to enable the
mod_rewrite
module from apache2 in/etc/apache2/httpd.conf
; - Packages have different names, and some of their paths must be changed in your
config.php
file, like changing/usr/bin/fping{,6}
to/usr/sbin/fping{,6}
and/usr/bin/mtr
to/use/sbin/mtr
.
Here is an excerpt of my .ash_history
from my installation process:
apk -U upgrade
apk add subversion rddtool mtr imagemagick graphviz fping python nmap
apk add apache2 mysql mysql-client php-mysqli php-json php-pear php-mcrypt php-ctype
apk add net-snmp
mkdir -p /opt/observium && cd /opt
svn co http://svn.observium.org/svn/observium/trunk observium
cp config.php.default config.php
vim config.php # don't forget to change the paths of the aforementioned tools
/usr/bin/mysql_install_db --user=mysql
rc-service mariadb start
rc-update add mariadb default
/usr/bin/mysqladmin -u root password <mysql root password>
mysql -u root -p
mysql> CREATE DATABASE observium DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
mysql> GRANT ALL PRIVILEGES ON observium.* TO 'observium'@'localhost'
-> IDENTIFIED BY '<observium db password>';
^d
./discovery.php -u
cat<<EOF>/etc/apache2/conf.d/observium.conf
<VirtualHost *:80>
DocumentRoot /opt/observium/html
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /opt/observium/html/>
DirectoryIndex index.php
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
EOF
vim /etc/apache2/httpd.conf # enable mod_rewrite
rc-update add apache2
rc-service apache2 restart
Also, since Alpine doesn't package python-mysqldb
, you'll have to change
the /opt/observium/poller-wrapper.py 2
command in your crontab to
/opt/observium/poller.php -h all
. You'll lose threading for the poller,
but since I don't have many machines, I don't care.
That's it, you can now open your web browser to start using your Observium instance.