Различия

Здесь показаны различия между двумя версиями данной страницы.

--- freebsd:cacti [2020/01/06 21:05]
alex
+++ freebsd:cacti [2021/11/13 16:54] (текущий)
alex
@@ Строка 102: / Строка 102: @@
         require a local server.
+У меня MySQL и Cacti находятся на разных серверах. На сервере с MySQL создаю базу данных cacti. Создаю пользователя cacti и разрешаю ему управлять созданной базой данных. Настраиваю удалённый доступ к MySQL.
-  mysqladmin -uroot -p create cacti
-  Enter password:
   mysql -u root -p
   Enter password:
+  SHOW databases;
+  +--------------------+
+  | Database           |
+  +--------------------+
+  | information_schema |
+  | ccnet-db           |
+  | mysql              |
+  | performance_schema |
+  | seafile-db         |
+  | seahub-db          |
+  | sys                |
+  +--------------------+
+rows in set (0.08 sec)
-  > show databases;
+  create database `cacti` character set = 'utf8';
+  SHOW databases;
   +--------------------+
   | Database           |
@@ Строка 115: / Строка 127: @@
   | information_schema |
   | cacti              |
+  | ccnet-db           |
   | mysql              |
   | performance_schema |
+  | seafile-db         |
+  | seahub-db          |
   | sys                |
   +--------------------+
  rows in set (0.00 sec)
-  > CREATE USER 'cacti'@'localhost' IDENTIFIED BY 'rfRn3c_rkjn';
+  CREATE USER 'cacti'@'localhost' IDENTIFIED BY 'rfRn3c_rkjn';
-  > CREATE USER 'cacti'@'10.215.130.21' IDENTIFIED BY 'rfRn3c_rkjn';
+  CREATE USER 'cacti'@'10.215.130.21' IDENTIFIED BY 'rfRn3c_rkjn';
-  > GRANT ALL ON `cacti`.* TO 'cacti'@'10.215.130.21';
+  GRANT ALL ON `cacti`.* TO 'cacti'@'10.215.130.21';
-  > GRANT SELECT ON `mysql`.`time_zone_name` TO 'cacti'@'10.215.130.21';
+  GRANT SELECT ON `mysql`.`time_zone_name` TO 'cacti'@'10.215.130.21';
-  > FLUSH PRIVILEGES;
+  CREATE USER 'root'@'10.215.130.21' IDENTIFIED BY 'Ce,,0nf#';
+  GRANT ALL PRIVILEGES ON *.* TO 'root'@'10.215.130.21';
-  > use mysql
+  FLUSH PRIVILEGES;
-  > SELECT Host,User FROM user;
+  select user,host from mysql.user;
   +---------------+---------------+
-  | Host          | User          |
+  | user          | host          |
   +---------------+---------------+
-  | 10.215.130.21 | cacti         |
+  | cacti         | 10.215.130.21 |
-  | localhost     | cacti         |
+  | root          | 10.215.130.21 |
-  | localhost     | mysql.session |
+  | root          | 10.215.130.22 |
-  | localhost     | mysql.sys     |
+  | seafile       | 10.215.130.22 |
-  | localhost     | root          |
+  | cacti         | localhost     |
+  | mysql.session | localhost     |
+  | mysql.sys     | localhost     |
+  | root          | localhost     |
   +---------------+---------------+
-rows in set (0.00 sec)
-  > quit;
-Добавляю в созданную базу данных таблицы
+На компьютере с cacti в созданную базу данных загружаю таблицы
-  root@jail_2:~ # mysql --database=cacti -h 10.215.130.20 -u cacti -p < /usr/local/share/cacti/cacti.sql
+  mysql --database=cacti -h 10.215.130.20 -u root -p < /usr/local/share/cacti/cacti.sql
+  Enter password:
-  mysql -h 10.215.130.20 -u cacti -prfRn3c_rkjn
+Подключаюсь к MySQL и проверяю создание талиц
-  > use cacti
+  mysql -h 10.215.130.20 -u cacti -p
-  > show tables;
+  use cacti
+  show tables;
   +-------------------------------------+
   | Tables_in_cacti                     |
@@ Строка 260: / Строка 278: @@
   | version                             |
   +-------------------------------------+
-rows in set (0.03 sec)
+rows in set (0.00 sec)
+Из файла ///usr/local/share/cacti/include/config.php.sample// создаю файл конфигурации в котором указываю пользователя и пароль базы данных cacti.
-  root@klotik:/usr/local/etc/mysql# mysql --database=cacti -uroot -p < /usr/local/share/cacti/cacti.sql
+загружаю временные зоны в MySQL
-  Enter password:
+  mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
-  root@klotik:/usr/local/etc/mysql# mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
-  Enter password:
-  Warning: Unable to load '/usr/share/zoneinfo/Factory' as time zone. Skipping it.
-  Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
-В /usr/local/share/cacti/include/config.php добавил строку
+В папке ///var/log/cacti// создаю файл для логов **log**  и задаю права доступа www:www
-date_default_timezone_set( 'Europe/Moscow' );
+  touch /var/log/cacti/log
+Меняю права доступа к папке cacti
-Выполняю инструкцию
+  chown -R www:www /usr/local/share/cacti/
-# mysqladmin -uroot -p create cacti
+Создаю папку и меняю права доступа
-Enter password:
+  mkdir -p /usr/local/share/cacti/log/
+  chown -R www:www /usr/local/share/cacti/log/
-root@localhost [(none)]> CREATE USER 'cacti'@'localhost' IDENTIFIED BY 'rfRnec_rkjn';
+В браузере набираю cacti.klotik.ru. На приглашение логина и пароля набираю **admin/admin**. Cacti предложит сменить пароль.
-Query OK, 0 rows affected (0.41 sec)
-root@localhost [(none)]> FLUSH PRIVILEGES;
+  Input Validation Whitelist Protection
-Query OK, 0 rows affected (0.20 sec)
+  Cacti Data Input methods that call a script can be exploited in ways that a non-administrator can perform damage
+  to either files owned by the poller account, and in cases where someone runs the Cacti poller as root, can
+  compromise the operating system allowing attackers to exploit your infrastructure.
+  Therefore, several versions ago, Cacti was enhanced to provide Whitelist capabilities on the these types of Data
+  Input Methods. Though this does secure Cacti more thouroughly, it does increase the amount of work required by
+  the Cacti administrator to import and manage Templates and Packages.
+  The way that the Whitelisting works is that when you first import a Data Input Method, or you re-import a Data
+  Input Method, and the script and or aguments change in any way, the Data Input Method, and all the corresponding
+  Data Sources will be immediatly disabled until the administrator validates that the Data Input Method is valid.
+  To make identifying Data Input Methods in this state, we have provided a validation script in Cacti's CLI
+  directory that can be run with the following options:
+  php -q input_whitelist.php --audit - This script option will search for any Data Input Methods that are currently
+  banned and provide details as to why.
+  php -q input_whitelist.php --update - This script option un-ban the Data Input Methods that are currently banned.
+  php -q input_whitelist.php --push - This script option will re-enable any disabled Data Sources.
+  It is strongly suggested that you update your config.php to enable this feature by uncommenting the
+  $input_whitelist variable and then running the three CLI script options above after the web based install has completed.
+  Check the Checkbox below to acknowledge that you have read and understand this security concern
-root@localhost [(none)]> GRANT ALL ON `cacti`.* TO 'cacti'@'localhost';
-Query OK, 0 rows affected (0.05 sec)
-root@localhost [(none)]> GRANT ALL ON `cacti`.* TO 'cacti'@'localhost';
-Query OK, 0 rows affected (0.04 sec)
-root@localhost [(none)]> GRANT SELECT ON `mysql`.`time_zone_name` TO 'cacti'@'localhost';
-Query OK, 0 rows affected (0.04 sec)
-root@localhost [(none)]> FLUSH PRIVILEGES;
-Query OK, 0 rows affected (0.02 sec)
-root@localhost [(none)]> exit
-Bye
-root@klotik:~ # mysql --database=cacti -ucacti -p < /usr/local/share/cacti/cacti.sql
-Enter password:
-ERROR 1045 (28000): Access denied for user 'cacti'@'localhost' (using password: YES)
-root@klotik:~ # mysql --database=cacti -ucacti -p < /usr/local/share/cacti/cacti.sql
-Enter password:
-root@klotik:~ # mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
-Enter password:
-Warning: Unable to load '/usr/share/zoneinfo/Factory' as time zone. Skipping it.
-Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
-Из файла
-/usr/local/share/cacti/include/config.php.sample создаю файл конфигурации в котором указываю пользователя и пароль базы данных cacti.
@@ Строка 324: / Строка 340: @@
+=== Обновление старого cacti ===
-Installing cacti-0.8.8h...
-===> Creating groups.
-Using existing group 'cacti'.
-===> Creating users
-Using existing user 'cacti'.
-=======================================================================
-Cacti is now installed. If you intall it for the first time,
-you may have to follow this steps to make it work correctly:
-. Create the MySQL database, a cacti user, and initialize:
-   a) CREATE DATABASE cacti;
-   b) Create a mysql user/password for cacti:
-      CREATE USER 'cacti'@'localhost' IDENTIFIED BY 'password';
-      FLUSH PRIVILEGES;
-   c) Add GRANTS:
-      GRANT ALL ON cacti.* TO 'cacti'@'localhost';
-      FLUSH PRIVILEGES;
-   d) Import the default cacti database:
-      mysql --database=cacti -ucacti -p < /usr/local/share/cacti/cacti.sql
- NOTE:
-   * Cacti does not LOCK TABLES.
-. Edit /usr/local/share/cacti/include/config.php from the template
-   config.php.orig.
-   PHP requires the time zone to be explicitly set rather that rely on
-   the system time zone, otherwise poller complains. I added the
-   following line to my config.php:
-   date_default_timezone_set('America/Los_Angeles');
-. Add the following line to cron for cacti:
-*/5 * * * * /usr/local/bin/php /usr/local/share/cacti/poller.php > /dev/null 2>&1
-. Example Apache 2.4 configuration:
-   LoadModule php5_module  libexec/apache22/libphp5.so
-   <FilesMatch "\.php$">
-       SetHandler application/x-httpd-php
-   </FilesMatch>
-   <FilesMatch "\.phps$">
-       SetHandler application/x-httpd-php-source
-   </FilesMatch>
-   DirectoryIndex index.php
-   DocumentRoot "/usr/local/share/cacti"
-   Alias /cacti "/usr/local/share/cacti/"
-   Alias /Cacti "/usr/local/share/cacti/"
-   <Directory "/usr/local/share/cacti">
-      Require all granted
-      AllowOverride None
-      Order Allow,deny
-      Allow from all
-   </Directory>
-. Open a Cacti login page in your web browser and login with
-   admin/admin.
-If you update cacti, open a login page and an updating process will
-start automatically.
-NOTEs as of 10Aug2014:
-) Cacti now better supports hier(7)
-   a) Cacti log files are now found under /var/log/cacti where you can
-      manage them using newsyslog.
-   b) Cacti RRD files are now found under /var/db/cacti/rra.
-   If you have an existing Cacti installation these paths are also
-   found in Cacti's SQL database and MUST be updated. These two SQL
-   commands should do the trick:
-   UPDATE settings SET value='/var/log/cacti/log' \
-     WHERE name='path_cactilog';
-   UPDATE poller_item SET rrd_path=\
-     REPLACE(rrd_path,'/usr/local/share/cacti/rra','/var/db/cacti/rra') \
-     WHERE rrd_path REGEXP '^/usr/local/share/cacti/rra';
-) The PERL paths in the Cacti PERL scripts have been updated to
-   /usr/local/bin.
-Other Erratas:
-Mount linprocfs in /compat/linux/proc will alow most scripts to work.
-=======================================================================
-===>  Cleaning for php55-mysqli-5.5.38_1
-===>  Cleaning for php55-sockets-5.5.38_1
-===>  Cleaning for cacti-0.8.8h
 После обновления cacti внёс изменения в базу данных MySQL
@@ Строка 481: / Строка 393: @@
   # ln -s /usr/local/lib/libpng16.so.16.23.0 /usr/local/lib/libpng15.so.15
+Ссылки:\\
-root@localhost [(none)]> CREATE USER 'cacti'@'localhost' IDENTIFIED BY 'rfRnec_rkjn';
-ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
-root@localhost [(none)]> CREATE USER 'cacti'@'localhost' IDENTIFIED BY 'rfRn3c_rkjn';
-Query OK, 0 rows affected (0.05 sec)
-root@localhost [(none)]> use mysql
-Database changed
-root@localhost [mysql]> SELECT Host,User FROM user;
-+-----------+---------------+
-| Host      | User          |
-+-----------+---------------+
-| localhost | cacti         |
-| localhost | mysql.session |
-| localhost | mysql.sys     |
-| localhost | root          |
-+-----------+---------------+
-rows in set (0.00 sec)
-root@localhost [mysql]> quit
-Bye
-root@jail_1:/usr/local/etc/mysql# mysql -u root -p
-Enter password:
-Welcome to the MySQL monitor.  Commands end with ; or \g.
-Your MySQL connection id is 6
-Server version: 5.7.25-log Source distribution
-Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
-Oracle is a registered trademark of Oracle Corporation and/or its
-affiliates. Other names may be trademarks of their respective
-owners.
-Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
-root@localhost [(none)]> CREATE USER 'cacti'@'10.215.130.21' IDENTIFIED BY 'rfRn3c_rkjn';
-Query OK, 0 rows affected (0.01 sec)
-root@localhost [(none)]> use mysql
-Database changed
-root@localhost [mysql]> SELECT Host,User FROM user;
-+---------------+---------------+
-| Host          | User          |
-+---------------+---------------+
-| 10.215.130.21 | cacti         |
-| localhost     | cacti         |
-| localhost     | mysql.session |
-| localhost     | mysql.sys     |
-| localhost     | root          |
-+---------------+---------------+
-rows in set (0.00 sec)
 http://dnaeon.github.io/cacti-freebsd/\\
 https://ctopmbi4.wordpress.com/2014/08/29/%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2%D0%BA%D0%B0-cacti-%D0%BD%D0%B0-freebsd/\\

klotik.ru

Инструменты пользователя

Инструменты сайта

Различия

Инструменты страницы