乐趣区

关于zabbix:zabbix-server

cd /root/download

wget 'https://centos7.iuscommunity.org/ius-release.rpm'

yum install -y ius-release.rpm

yum install -y httpd php56u php56u-cli php56u-mysql php56u-mbstring php56u-mcrypt php56u-xml php56u-xmlrpc php56u-intl php56u-pecl-jsonc php56u-pecl-memcache php56u-pecl-memcached php56u-bcmath php56u-gd php56u-opcache php56u-pecl-redis mod_ssl

sed -i 's/;date.timezone =/date.timezone ="Asia\/Kuala_Lumpur"/g' /etc/php.ini
sed -i 's/short_open_tag = Off/short_open_tag = On/g' /etc/php.ini
sed -i 's/;error_log = syslog/error_log = syslog/g' /etc/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 32M/g' /etc/php.ini
sed -i 's/max_execution_time = 30/max_execution_time = 600/g' /etc/php.ini
sed -i 's/max_input_time = 60/max_input_time = 600/g' /etc/php.ini
sed -i 's/;always_populate_raw_post_data = -1/always_populate_raw_post_data = -1/g' /etc/php.ini

vi /etc/httpd/conf/httpd.conf

ServerRoot "/etc/httpd"
ServerTokens prod
PidFile run/httpd.pid

User apache
Group apache

SetEnv SCR8_ENV production
SetEnv ENVIRONMENT production

Listen 0.0.0.0:80

ServerAdmin support@sky3888.com
ServerName myself.zabbix.com

UseCanonicalName Off
HostnameLookups Off

KeepAlive On
KeepAliveTimeout 60

DirectoryIndex index.php index.html index.html.var

TypesConfig /etc/mime.types
AccessFileName .htaccess
AcceptPathInfo On

<IfModule prefork.c>
StartServers            5
MinSpareServers         5
MaxSpareServers         10
ServerLimit             128
MaxClients              128
MaxRequestsPerChild     128
</IfModule>

LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule systemd_module modules/mod_systemd.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so

#LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule headers_module modules/mod_headers.so

LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
#LoadModule status_module modules/mod_status.so
#LoadModule ssl_module modules/mod_ssl.so
LoadModule env_module modules/mod_env.so
LoadModule php5_module modules/libphp5.so

AddHandler php5-script .php
AddType text/html .php

DocumentRoot /var/www/html

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory /var/www/html>
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<Files ~ ^\.ht>
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

LogLevel warn

<IfModule log_config_module>
    LogFormat "%V \"%{X-Forwarded-For}i\"%h %t \"%r\"%>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\"%>s %b" common
    SetEnvIf User-Agent ".*internal dummy connection.*" dontlog
    CustomLog "|/usr/bin/logger -t apache-access -p local6.notice" combined env=!dontlog
    ErrorLog "|/usr/bin/logger -t apache-error -p local6.err"
</IfModule>

#NameVirtualHost *:80

#
# myself.zabbix.com
#
<VirtualHost *:80>
    ServerAdmin support@sky3888.com
    DocumentRoot /var/www/html/zabbix
    ServerName myself.zabbix.com

    RewriteEngine on
    ErrorLog "|/usr/bin/logger -t apache-error -p local6.err"
    CustomLog "|/usr/bin/logger -t apache-access -p local6.notice" combined env=!dontlog

    <Directory /var/www/html/zabbix/>
        Options FollowSymLinks
        AllowOverride all
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

apachectl configtest

mysql5.7

cd /root/download/
wget https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm
rpm -Uvh mysql80-community-release-el7-1.noarch.rpm
yum repolist all | grep mysql
yum install -y yum-utils
yum-config-manager --disable mysql80-community
yum-config-manager --enable mysql57-community
yum repolist all | grep mysql
yum install -y mysql-community-server

vi /etc/my.cnf

[mysqld]

## General
ignore-db-dir                        = lost+found
datadir                              = /var/lib/mysql
socket                               = /var/lib/mysql/mysql.sock
tmpdir                               = /var/lib/mysqltmp

## Cache
table-definition-cache               = 4096
table-open-cache                     = 4096
#table-open-cache-instances          = 1
#thread-cache-size                   = 16
#query-cache-size                    = 32M
#query-cache-type                    = 1

## Per-thread Buffers
join-buffer-size                    = 512K
read-buffer-size                    = 512K
read-rnd-buffer-size                = 512K
sort-buffer-size                    = 512K

## Temp Tables
max-heap-table-size                 = 64M
tmp-table-size                      = 32M

## Networking
#interactive-timeout                 = 3600
max-connections                      = 400
max-connect-errors                   = 1000000
max-allowed-packet                   = 64M
skip-name-resolve
wait-timeout                         = 600

## MyISAM
key-buffer-size                      = 64M
#myisam-recover                      = FORCE,BACKUP
myisam-sort-buffer-size              = 128M

## InnoDB
default_storage_engine               = innodb
innodb-buffer-pool-size              = 4G
innodb-data-file-path                = ibdata1:64M:autoextend
#innodb-file-format                  = Barracuda
innodb-file-per-table                = 1
innodb-flush-method                  = O_DIRECT
innodb-log-file-size                 = 128M
innodb_max_dirty_pages_pct           = 75
#innodb_doublewrite                  = 0
#innodb_thread_concurrency           = 4
innodb_flush_log_at_trx_commit       = 1
innodb_log_buffer_size               = 32M
innodb_log_file_size                 = 256M
innodb_log_files_in_group            = 3
innodb_lock_wait_timeout             = 120

## Replication and PITR
binlog-format                        = ROW
expire-logs-days                     = 7
log-bin                              = /var/log/mysql/bin-log
#log-slave-updates                   = 1
max-binlog-size                      = 128M
#read-only                           = 1
#relay-log                           = /var/log/mysql/relay-log
#relay-log-space-limit                = 16G
server-id                            = 1

## Logging
#log-output                          = FILE
#log-slow-admin-statements
#log-slow-slave-statements
#log-warnings                        = 0
long-query-time                      = 1
slow-query-log                       = 1
slow-query-log-file                  = /var/log/mysql/slow-log

[mysqld_safe]
log-error                            = /var/log/mysqld.log
#malloc-lib                          = /usr/lib64/libjemalloc.so.1
open-files-limit                     = 65535

[mysql]
no-auto-rehash
socket=/var/lib/mysql/mysql.sock
prompt=\u:[\d]>\_

mkdir /var/lib/mysqltmp
mkdir /var/log/mysql
chown -R mysql.mysql /var/log/mysql
chown -R mysql.mysql /var/lib/mysqltmp

mysqld --defaults-file=/etc/my.cnf --initialize-insecure --user=mysql
yum install -y policycoreutils-python
semanage fcontext --list|grep mysql
semanage fcontext -a -t mysqld_db_t "/var/log/mysql(/.*)?"
restorecon -Rv /var/log/mysql

systemctl start mysqld

mysql_secure_installation
passwd:Zabbixxxx

mysql_config_editor set --login-path=root --host=localhost --user=root --password
mysql --login-path=root
mysql>grant all privileges on zabbix.* to zabbix@'%' identified by 'Zabbixxxx';
mysql>create database zabbix default charset utf8 COLLATE utf8_general_ci;

zabbix-server

cd /root/download/
wget http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-2.el7.noarch.rpm
yum install zabbix-release-3.4-2.el7.noarch.rpm -y

yum install -y zabbix-proxy-mysql zabbix-server-mysql zabbix-web-mysql zabbix-get

zcat  /usr/share/doc/zabbix-server-mysql-3.4.15/create.sql.gz |mysql -uzabbix -p zabbix

vi /etc/zabbix/zabbix_server.conf

LogFile=/var/log/zabbix/zabbix_server.log
LogFileSize=0
PidFile=/var/run/zabbix/zabbix_server.pid
DBHost=xxx
DBName=zabbix
DBUser=zabbix
DBPassword=Zabbixxx
StartPollers=30
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
Timeout=8
AlertScriptsPath=/usr/lib/zabbix/alertscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
LogSlowQueries=3000

setsebool -P httpd_can_network_connect on
setsebool -P mysql_connect_any on
setsebool -P zabbix_can_network on

cd /root/download/

vi zabbix_server_add.te

module zabbix_server_add 1.1;

require {
        type zabbix_var_run_t;
        type tmp_t;
        type zabbix_t;
        class sock_file {create unlink write};
        class unix_stream_socket connectto;
        class process setrlimit;
}

#============= zabbix_t ==============

#!!!! This avc is allowed in the current policy
allow zabbix_t self:process setrlimit;

#!!!! This avc is allowed in the current policy
allow zabbix_t self:unix_stream_socket connectto;

#!!!! This avc is allowed in the current policy
allow zabbix_t tmp_t:sock_file {create unlink write};

#!!!! This avc is allowed in the current policy
allow zabbix_t zabbix_var_run_t:sock_file {create unlink write};

checkmodule -M -m -o zabbix_server_add.mod zabbix_server_add.te
semodule_package  -m zabbix_server_add.mod -o zabbix_server_add.pp
semodule -i zabbix_server_add.pp
ausearch -c 'python' --raw | audit2allow -M my-python
semodule -i my-python.pp  

systemctl start zabbix-server
systemctl start httpd

cp -R /usr/share/zabbix /var/www/html/
http://xxxx

centos7 zabbix-agent

cd /root/download/
wget http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-agent-3.4.14-1.el7.x86_64.rpm
yum install -y zabbix-agent-3.4.14-1.el7.x86_64.rpm
vi /etc/zabbix/zabbix_agentd.conf

PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
LogFileSize=1
DebugLevel=3
Server=xxx
ListenPort=10050
StartAgents=3
AllowRoot=0
User=zabbix
Include=/etc/zabbix/zabbix_agentd.d/*.conf

systemctl enable zabbix-agent
systemctl start zabbix-agent

selinux for zabbix exec python

semanage permissive -a zabbix_agent_t
退出移动版