sudo apt-get install nagios3 nagios-nrpe-plugin

You will be asked to enter a password for the nagiosadmin user. The user’s credentials are stored in /etc/nagios3/htpasswd.users. To change the nagiosadmin password, or add additional users to the Nagios CGI scripts, use the htpasswd that is part of the apache2-utils package.

For example, to change the password for the nagiosadmin user enter: sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin

To add a user:

sudo htpasswd /etc/nagios3/htpasswd.users steve

Next, on server02 install the nagios-nrpe-server package. From a terminal on server02 enter: sudo apt-get install nagios-nrpe-server


Nagios on Centos

Don’t forget to stop httpd on your machine sudo /etc/init.d/apache2 stop.

Connect to the Docker container with datalayer-emulator-start secured centos centos6 and run:

htpasswd /etc/nagios/passwd nagiosadmin
service httpd start
service nagios start

Add services:

mkdir /etc/nagios/servers
vi /etc/nagios/servers/clients.cfg

and add the following:

define service {
        use                             generic-service
        host_name                       client
        service_description             SSH2
        check_command                   check_ssh
        notifications_enabled           0
chown -R root:nagios /etc/nagios/servers

Restart nagios with service nagios restart.



$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none;local5.none;local4.none;local3.none    /var/log/messages


$SystemLogRateLimitBurst        0
$SystemLogRateLimitInterval     0                                                            ;;;;;             @ServerSysIpAddress                                                                     @ServerSysIpAddress

/etc/rsyslog.d/arcsight-20-db.conf                    @ServerDbIpAddress

/etc/rsyslog.d/arcsight-30-ap.conf                    @ServerAppIpAddress

Start rsyslog

/etc/init.d/rsyslog restart



active = yes
direction = out
path = builtin_syslog
type = builtin
format = string


dispatcher = /sbin/audispd


q_depth = 120


-b 15000
-a always, exit -F arch=b64 -S sethostname -S setdomainname -k HOSTNAME_CHANGED
-a always, exit -F arch=b64 -S kill -F a1=9 -k KILL9
# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
# First rule - delete all

# Increase the buffers to survive stress events. 
# Make this bigger for busy systems 
-b 1024 -a always,exit -S adjtimex -S settimeofday -S stime -k time-change
-a always,exit -S clock_settime -k time-change 
-a always,exit -S sethostname -S setdomainname -k system-locale 

Start auditd

/etc/init.d/auditd restart