Tag Archives: to

How To Install Zabbix 6.0 On Ubuntu Server 20.04

Posted on by
9

Can definitely be a tricky process, especially if Zabbix is new to you. What can I say about Zabbix? Well, a fantastic free monitoring software. Monitor all sorts of parameters on your servers, firewalls (works great with pfsense, hehe), etc and receive email alerts automatically if a problem is detected. Love pulling and tracking data on your system(s) performance? Zabbix will spit out all kinds of graphs and data at you and provide a birds eye view of monitoring system parameters (i.e cpu usage, ram utilization, etc) over time, which can be essential in troubleshooting. I am actually quite new to Zabbix myself and besides the tricky somewhat complex initial setup, loving it so far. We’ll today, I’m here to help you sort through any challenges getting Zabbix 6.0 going on Ubuntu Server 20.04. In fact, I am going to cover how to install both.

First we need to install Ubuntu Server 20.04 LTS

Download the iso from here -> https://ubuntu.com/download/server

In my case, I will be installing this on a VM using Hyper V.

  • configure your virtual machine software to boot from the iso you just downloaded
  • proceed with installing Ubuntu  Server 20.04 LTS. Yes this is a headless (no gui) install in my example which is fine because if the server is literally just running Zabbix, no real need for a GUI

(reference the beginning of video for more details on installing Ubuntu Server)

Installing Zabbix

Now that we have our nifty fresh and clean Ubuntu Server all installed and up and running, it’s time to install Zabbix.

1 ssh to your new Ubuntu Server and prepare to run linux commands the rest of the way to install Zabbix

2 Install Zabbix repositories

sudo wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-1+ubuntu20.04_all.deb
sudo dpkg -i zabbix-release_6.0-1+ubuntu20.04_all.deb
sudo apt update

NOTE –  as in my case, this may not install correctly for you. This was due to a certificate error. You will need to comment out: mozilla/DST_Root_CA_X3.crt

located in /etc/ca-certifiates.conf. Skip to 9:10 in the video for details.

3 Install Zabbix server, frontend, agent

 sudo apt-get install zabbix-server-mysql zabbix-frontend-php zabbix-apache-conf zabbix-sql-scripts zabbix-agent

4 install sql server

sudo apt-get install mysql-server
sudo systemctl start mysql-server

5 Create database for Zabbix

sudo mysql
create database zabbix character set utf8mb4 collate utf8mb4_bin;
create user zabbix@localhost identified by 'password';

Note – put your own password in between those quotes

grant all privileges on zabbix.* to zabbix@localhost;
quit;

6 import initial schema and data
You will be prompted to enter your newly created password.

zcat /usr/share/doc/zabbix-sql-scripts/mysql/server.sql.gz | mysql -uzabbix -p zabbix

When running the above zcat command, you will be asked for the db password you created in step 5

NOTE – importing the schema data make take some time to complete and can be confusing as to if it’s actually working or hung. In one case i’ve even seen this take hours, but I just let it run and went to bed. Got up in the morning and it was successful. Not sure what the unique problem was there in that case but I digress. Usually it shouldn’t take more then 5 min max though.There is no confirmation that it completes but be patient and what you want to look for is for the system to return you to the command prompt. That is a sign it completed successfully. Skip to 12:55 in the video for details on this.

7 Configure the database for Zabbix server

(you need to specify the DB password in zabbix_server.conf file)

Edit file located here: /etc/zabbix/zabbix_server.conf
I use VIM to edit files = # sudo vim /etc/zabbix/zabbix_server.conf

Find and uncomment/edit the following line

DBPassword=password <---change to your db password you set in step 5
8 Start Zabbix server and agent processes

Start Zabbix server and agent processes and make it start at system boot.

systemctl restart zabbix-server zabbix-agent apache2
systemctl enable zabbix-server zabbix-agent apache2
9 Configure Zabbix frontend

Connect to your newly installed Zabbix frontend: http://server_ip_or_name/zabbix
Straight forward here but skip to 15:50 in the video for details

If you need help or have any questions at all, feel free to contact me. Hey that’s what I’m here for. I do this!

 

How To Terminate Remote User VPN Connections From A pfSense Firewall

Posted on by
Reply

*Update* The ‘halt’ functionality is now enabled by default in the latest releases of pfsense (v22.01 and greater). No more need to apply a patch manually.

If however you are stuck on older versions of pfsense and you wish to fully terminate a remote access vpn user connection and or you’re simply seeking a ‘how to’ terminate remote user connections, please read on ->

Often times, a network admin may want to disconnect remote access VPN users from a pfSense firewall for various reasons. Maybe users have stale connections and they simply forgot to log off and they’re sucking up resources/bandwidth unnecessarily. Maybe the person got fired but is still connected to the VPN from somewhere that may be difficult to find such as in a shared ‘field laptops’ environment. Whatever the case, pfSense disappointingly does not natively offer the option to fully terminate connections. If you’re thinking you can get away with it by using the kill command (blue x) ->

Well, you can forget about that because it only temporarily kills the connection on the server side. The client side VPN will then auto-reconnect itself shortly after putting you back to square one. The ‘kill’ command is pretty much useless in other words. What you need is the ‘Halt’ command. This will actually terminate the connection on the client side and force the user to manually sign back in if they want to reconnect. Essentially this is the real solution to punting remote access VPN users OFF your firewall!

But how do I enable the ‘halt’ command in pfSense? We’ll, I’m glad you asked. This is accomplished by installing the ‘Sytstem_Patches’ package from the package manager. ‘System_Patches’ then allows for patches to be applied to your firewall. Then, yep you guessed it, we will apply a patch to the firewall which enables the ‘halt’ command functionality. See the video below for a demonstration.

Once patched successfully, the ‘halt’ command function will become available here, indicated by a new red X (or white x in  a red circle, whatever) ->

*Patch contents + url/commit ID can be downloaded here.

Also recommend updating to pfSense software version 21.05.0 and above (otherwise patch may not apply successfully).