Linux系统运维之Nagios监控详解(原作者赵舜东)
2010-11-11 11:31
701 查看
http://www.unixhot.com/index.php?action-viewnews-itemid-20
补充一下ssl相关资料
1.安装ssl
#wget http://www.openssl.org/source/openssl-1.0.0a.tar.gz
#tar xvzf openssl-1.0.0a.tar.gz
#cd openssl-1.0.0a
#./config shared //用于产生相关.so库文件,nrpe如果用ssl,编译会用到
#make
#make install
2.安装httpd-2.0.50 (以下的方式都是静态绑定ssl)
#tar zxvf httpd-2.0.50.tar.gz
#./configure --prefix=/usr/local/apache2 --enable-so --enable-ssl=static --with-ssl=/usr/local/ssl --enable-mods-shared=all
#make
#make install
ps: 没试过在现有apache里面通过apx增加ssl模块,网上见过隔离出的ssl.conf配置文件,不知道可行否
3.制作证书
可以用来生成ssl所用到的证书。
现在没有这个工具了,只能自己动手生成了,对证书不熟悉的人,有一个工具可以使用:http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz
#cp ssl.ca-0.1.tar.gz /usr/local/apache2/conf
#cd /usr/local/apache2/conf
#tar zxvf ssl.ca-0.1.tar.gz
#cd ssl.ca-0.1
#./new-root-ca.sh (生成根证书)
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...........................++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key: (输入一个密码)
Verifying - Enter pass phrase for ca.key: (再输入一次密码)
......
Self-sign the root CA... (签署根证书)
Enter pass phrase for ca.key: (输入刚刚设置的密码)
........
........ (下面开始签署)
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:GuangDong//随你喜欢
Locality Name (eg, city) [Sitiawan]:GuangZhou//随你喜欢
Organization Name (eg, company) [My Directory Sdn Bhd]:GDLC//随你喜欢
Organizational Unit Name (eg, section) [Certification Services Division]:GDLC//随你喜欢
Common Name (eg, MD Root CA) []:winson CA//随你喜欢
Email Address []:yu.hanhui@gd-linux.org//随你喜欢
这样就生成了ca.key和ca.crt两个文件,下面还要为我们的服务器生成一个证书:
# ./new-server-cert.sh server (这个证书的名字是server)
......
......
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]: GuangDong
Locality Name (eg, city) [Sitiawan]: GuangZhou
Organization Name (eg, company) [My Directory Sdn Bhd]:GDLC
Organizational Unit Name (eg, section) [Secure Web Server]:GDLC
Common Name (eg, www.domain.com) []:localhost
Email Address []:yu.hanhui@gd-linux.org
这样就生成了server.csr和server.key这两个文件。
还需要签署一下才能使用的:
# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key: (输入上面设置的根证书密码)
Check that the request matches the signature
Signature ok
The Subject‘s Distinguished Name is as follows
countryName :PRINTABLE:‘CN‘
stateOrProvinceName :PRINTABLE:‘JiangSu‘
localityName :PRINTABLE:‘NanJing‘
organizationName :PRINTABLE:‘Wiscom System Co.,Ltd‘
organizationalUnitName:PRINTABLE:‘ACSTAR‘
commonName :PRINTABLE:‘acmail.wiscom.com.cn‘
emailAddress :IA5STRING:‘acmail@wiscom.com.cn‘
Certificate is to be certified until Jul 16 12:55:34 2005 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
(如果这里出现错误,最好重新来过,删除ssl.ca-0.1这个目录,从解压缩处重新开始。)
下面要按照ssl.conf里面的设置,将证书放在适当的位置。
# chmod 400 server.key
# cd ..
# mkdir ssl.key
# mv ssl.ca-0.1/server.key ssl.key
# mkdir ssl.crt
# mv ssl.ca-0.1/server.crt ssl.crt
然后就可以启动啦!
# cd /usr/local/apache2
# ./bin/apachectl startssl
对于这个提示:
httpd: Could not determine the server‘s fully qualified domain name, using 127.0.0.1 for ServerName
只需要编辑httpd.conf,找到ServerName xxxx这一行,去掉前面的注释即可。
4.安装gd2,nagios的web接口会用到gd
1. 安装libpng、libxml、jpeg 、freeType、GD
① (Version: libpng 1.2.39) #gd库的png支持
1.1 Wget http://prdownloads.sourceforge.net/libpng/libpng-1.2.39.tar.gz
1.2 tar -jxvf libpng-1.2.39.tar.bz2
1.3 cd libpng-1.2.39
1.4 ./configure --prefix=/usr/
1.5 make && make install
(Version: Zlib 1.2.3)
1.6 wget http://www.imagemagick.org/download/delegates/zlib-1.2.3.tar.gz
1.7 tar -zxvf zlib-1.2.3.tar.gz
1.8 cd zlib-1.2.3
1.9 ./configure --prefix=/usr/local/zlib
1.10 make
1.11 make install
② (Version: libxml 2.7.2 ) #libxml2支持,php依赖需要它
1.1 wget http://m2sc.googlecode.com/files/libxml2-2.7.2.tar.gz
1.2 tar -zxvf libxml2-2.7.2.tar.gz
1.3 cd libxml2-2.7.2
1.4 ./configure --prefix=/usr/
1.5 make && make install
③ (Version: jpegsrc ) #phpmyadmin支持
1.1 wget http://down1.chinaunix.net/distfiles/jpegsrc.v6b.tar.gz
1.2 tar -zxvf jpegsrc.v6b.tar.gz
1.3 cd jpeg-6b
1.4 mkdir -p /usr/local/jpeg
mkdir -p /usr/local/jpeg/bin
mkdir -p /usr/local/jpeg/lib
mkdir -p /usr/local/jpeg/include
mkdir -p /usr/local/jpeg/man
mkdir -p /usr/local/jpeg/man1
mkdir -p /usr/local/jpeg/man/man1
1.5 ./configure --prefix=/usr/local/jpeg/ --enable-shared -enable-static
1.6 make && make install
1.7 cd /usr/lib/
1.8 ln -sf libjpeg.so.62.0.0 libjpeg.so
④ (Version: freetype2.3.8 )
1.1 wgethttp://downloads.sourceforge.net/freetype/freetype-2.3.8.tar.bz2
1.2 tar -jxvf freetype-2.3.8.tar.bz2
1.3 cd freetype-2.3.8
1.4 ./configure --prefix=/usr/local/freetype/
1.5 make
1.6 make install
⑤ (Version: gd 2.0.35 ) #php的gd库支持
1.1 wget http://www.libgd.org/releases/gd-2.0.35.tar.gz
1.2 tar -zxvf gd-2.0.35.tar.gz
1.3 cd gd-2.0.35
1.4 ./configure --prefix=/usr/local/libgd --with-jpeg=/usr/local/jpeg --with-freetype=/usr/local/freetype
1.5 make
1.6 make install
补充一下ssl相关资料
1.安装ssl
#wget http://www.openssl.org/source/openssl-1.0.0a.tar.gz
#tar xvzf openssl-1.0.0a.tar.gz
#cd openssl-1.0.0a
#./config shared //用于产生相关.so库文件,nrpe如果用ssl,编译会用到
#make
#make install
2.安装httpd-2.0.50 (以下的方式都是静态绑定ssl)
#tar zxvf httpd-2.0.50.tar.gz
#./configure --prefix=/usr/local/apache2 --enable-so --enable-ssl=static --with-ssl=/usr/local/ssl --enable-mods-shared=all
#make
#make install
ps: 没试过在现有apache里面通过apx增加ssl模块,网上见过隔离出的ssl.conf配置文件,不知道可行否
3.制作证书
可以用来生成ssl所用到的证书。
现在没有这个工具了,只能自己动手生成了,对证书不熟悉的人,有一个工具可以使用:http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz
#cp ssl.ca-0.1.tar.gz /usr/local/apache2/conf
#cd /usr/local/apache2/conf
#tar zxvf ssl.ca-0.1.tar.gz
#cd ssl.ca-0.1
#./new-root-ca.sh (生成根证书)
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...........................++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key: (输入一个密码)
Verifying - Enter pass phrase for ca.key: (再输入一次密码)
......
Self-sign the root CA... (签署根证书)
Enter pass phrase for ca.key: (输入刚刚设置的密码)
........
........ (下面开始签署)
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:GuangDong//随你喜欢
Locality Name (eg, city) [Sitiawan]:GuangZhou//随你喜欢
Organization Name (eg, company) [My Directory Sdn Bhd]:GDLC//随你喜欢
Organizational Unit Name (eg, section) [Certification Services Division]:GDLC//随你喜欢
Common Name (eg, MD Root CA) []:winson CA//随你喜欢
Email Address []:yu.hanhui@gd-linux.org//随你喜欢
这样就生成了ca.key和ca.crt两个文件,下面还要为我们的服务器生成一个证书:
# ./new-server-cert.sh server (这个证书的名字是server)
......
......
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]: GuangDong
Locality Name (eg, city) [Sitiawan]: GuangZhou
Organization Name (eg, company) [My Directory Sdn Bhd]:GDLC
Organizational Unit Name (eg, section) [Secure Web Server]:GDLC
Common Name (eg, www.domain.com) []:localhost
Email Address []:yu.hanhui@gd-linux.org
这样就生成了server.csr和server.key这两个文件。
还需要签署一下才能使用的:
# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key: (输入上面设置的根证书密码)
Check that the request matches the signature
Signature ok
The Subject‘s Distinguished Name is as follows
countryName :PRINTABLE:‘CN‘
stateOrProvinceName :PRINTABLE:‘JiangSu‘
localityName :PRINTABLE:‘NanJing‘
organizationName :PRINTABLE:‘Wiscom System Co.,Ltd‘
organizationalUnitName:PRINTABLE:‘ACSTAR‘
commonName :PRINTABLE:‘acmail.wiscom.com.cn‘
emailAddress :IA5STRING:‘acmail@wiscom.com.cn‘
Certificate is to be certified until Jul 16 12:55:34 2005 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
(如果这里出现错误,最好重新来过,删除ssl.ca-0.1这个目录,从解压缩处重新开始。)
下面要按照ssl.conf里面的设置,将证书放在适当的位置。
# chmod 400 server.key
# cd ..
# mkdir ssl.key
# mv ssl.ca-0.1/server.key ssl.key
# mkdir ssl.crt
# mv ssl.ca-0.1/server.crt ssl.crt
然后就可以启动啦!
# cd /usr/local/apache2
# ./bin/apachectl startssl
对于这个提示:
httpd: Could not determine the server‘s fully qualified domain name, using 127.0.0.1 for ServerName
只需要编辑httpd.conf,找到ServerName xxxx这一行,去掉前面的注释即可。
4.安装gd2,nagios的web接口会用到gd
1. 安装libpng、libxml、jpeg 、freeType、GD
① (Version: libpng 1.2.39) #gd库的png支持
1.1 Wget http://prdownloads.sourceforge.net/libpng/libpng-1.2.39.tar.gz
1.2 tar -jxvf libpng-1.2.39.tar.bz2
1.3 cd libpng-1.2.39
1.4 ./configure --prefix=/usr/
1.5 make && make install
(Version: Zlib 1.2.3)
1.6 wget http://www.imagemagick.org/download/delegates/zlib-1.2.3.tar.gz
1.7 tar -zxvf zlib-1.2.3.tar.gz
1.8 cd zlib-1.2.3
1.9 ./configure --prefix=/usr/local/zlib
1.10 make
1.11 make install
② (Version: libxml 2.7.2 ) #libxml2支持,php依赖需要它
1.1 wget http://m2sc.googlecode.com/files/libxml2-2.7.2.tar.gz
1.2 tar -zxvf libxml2-2.7.2.tar.gz
1.3 cd libxml2-2.7.2
1.4 ./configure --prefix=/usr/
1.5 make && make install
③ (Version: jpegsrc ) #phpmyadmin支持
1.1 wget http://down1.chinaunix.net/distfiles/jpegsrc.v6b.tar.gz
1.2 tar -zxvf jpegsrc.v6b.tar.gz
1.3 cd jpeg-6b
1.4 mkdir -p /usr/local/jpeg
mkdir -p /usr/local/jpeg/bin
mkdir -p /usr/local/jpeg/lib
mkdir -p /usr/local/jpeg/include
mkdir -p /usr/local/jpeg/man
mkdir -p /usr/local/jpeg/man1
mkdir -p /usr/local/jpeg/man/man1
1.5 ./configure --prefix=/usr/local/jpeg/ --enable-shared -enable-static
1.6 make && make install
1.7 cd /usr/lib/
1.8 ln -sf libjpeg.so.62.0.0 libjpeg.so
④ (Version: freetype2.3.8 )
1.1 wgethttp://downloads.sourceforge.net/freetype/freetype-2.3.8.tar.bz2
1.2 tar -jxvf freetype-2.3.8.tar.bz2
1.3 cd freetype-2.3.8
1.4 ./configure --prefix=/usr/local/freetype/
1.5 make
1.6 make install
⑤ (Version: gd 2.0.35 ) #php的gd库支持
1.1 wget http://www.libgd.org/releases/gd-2.0.35.tar.gz
1.2 tar -zxvf gd-2.0.35.tar.gz
1.3 cd gd-2.0.35
1.4 ./configure --prefix=/usr/local/libgd --with-jpeg=/usr/local/jpeg --with-freetype=/usr/local/freetype
1.5 make
1.6 make install
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 详解运维监控利器Nagios 系列(二)-安装Nagios监控系统
- 详解运维监控利器Nagios 系列(三)-配置Nagios监控系统 (1)
- 详解运维监控利器Nagios 系列(三)-配置Nagios监控系统 (2)
- 详解运维监控利器Nagios 系列(三)-配置Nagios监控系统 (3)
- linux 系统监控、诊断工具之 top 详解
- Linux系统监控工具之top详解
- 运维监控利器Nagios之:nagios配置详解
- shell脚本监控linux系统内存使用情况的方法(不使用nagios监控linux)
- 掌控——构建Linux系统Nagios监控服务器
- Linux系统监控、诊断工具之top命令详解
- 自学Linux运维工具1.1-系统监控工具htop
- 让你的Nagios记录系统监控日志(附vmstat详解
- linux系统监控(五)--- netstat 详解
- Linux 系统性能监控命令详解
- Linux监控系统开发详解(三)--LCD驱动分析
- Linux运维监控软件Zabbix和Nagios的初探
- linux系统监控( 0 )--- free详解
- Linux系统监控工具之iostat详解
- Linux系统监控工具之vmstat详解
- 运维监控系统介绍之Nagios