Zabbix Server Setup on Debian 9.0



  • Prior to doing anytighing if you are basing this on a Debian 9 NetInstall you need to install the following packages as root

    apt install ufw sudo -y
    

    Then setup the user in the sudo group

    sudo adduser username sudo 
    

    Then you can start the install process as below

    1- Install the Zabbix Repository

    wget wget https://repo.zabbix.com/zabbix/4.0/debian/pool/main/z/zabbix-release/zabbix-release_4.0-2+stretch_all.deb
    sudo dpkg -i zabbix-release_4.0-2+stretch_all.deb
    sudo apt update
    

    2- Install Zabbix Server Package

     sudo apt install zabbix-server-mysql zabbix-frontend-php zabbix-agent
    

    3- Secure MariDB & Create your MariaDB Database

    sudo mysql_secure_installation
    
    mysql -uroot -p
    password
    mysql> create database zabbix character set utf8 collate utf8_bin;
    mysql> grant all privileges on zabbix.* to [email protected] identified by 'password';
    mysql> quit
    

    4- Import the Zabbix Server SQL Database to Mysql

     zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p zabbix
    
    

    5- Edit the Zabbix Server Configuration

    sudo nano /etc/zabbix/zabbix_server.conf
    

    Change the DB password
    DBPassword=password

    6- Edit the Zabbix PHP for the frontend

    sudo nano /etc/zabbix/apache.conf
    

    Uncomment the following line and adjust to your time zone

    php_value date.timezone America/New_York

    7- Start the Zabbix Server

    sudo systemctl restart zabbix-server zabbix-agent apache2
    sudo systemctl enable zabbix-server zabbix-agent apache2
    

    8- Edit the Zabbix Apache Configuration to be the root of the Webserver

    sudo nano /etc/apache2/sites-available/000-default.conf
    

    Change the DocumentRoot from /var/www/html
    to
    DocumentRoot /usr/share/zabbix

    9- Edit the Zabbix Apache Alias Configuration

     sudo nano /etc/apache2/conf-available/zabbix.conf
    

    Comment the following line

    #Alias /zabbix /usr/share/zabbix
    

    10- Restart the Apache2 Service

    sudo systemctl restart apache2
    

    11- Go to your web browser and configure Zabbix
    0_1542820456552_464c1de9-6a8e-424f-8c4e-6a7be313c805-image.png

    12- Press next and make sure your prerequisites are me
    0_1542820519202_62fff5ff-379b-47a3-a3f6-69956d6847d6-image.png
    0_1542820524809_4d60afe4-ec00-4a9f-b802-33e2c9da992e-image.png

    13- Press Next and configure your Database Configuration
    0_1542820583170_ae25d54b-1ec6-4563-8e9e-38f9ad94946b-image.png

    14- Press Next and configure the server name and port
    0_1542820617534_72f060f0-2215-4614-8e47-2bbd84a34e42-image.png

    15- You will get a summary of the install and then press next
    0_1542820644728_2e0aadd6-9e8e-4030-ae4a-9747d6105469-image.png

    16- You will then presented that your installation was successful
    0_1542820682268_08fdcdf6-839f-4677-9c9f-5f970f835797-image.png

    17- Press Finish

    18- You will be presented with the Login Screen
    0_1542820749717_4b544537-6754-4323-8070-7cd710e35310-image.png
    The default username and password is Admin and zabbix respectively.

    19- You will now be on the Zabbix Dashboard
    0_1542820833552_51cf7579-df82-4ba1-b2da-5614da7de8df-image.png

    For your firewall rules open port 80,10050, 10051 and I decided on this post to limit it to my own network for SSH. (I only used port 80 because I plan on placing it behind a SSL proxy server)

    sudo ufw allow 80,10050,10051/tcp
    sudo ufw allow from 192.168.x.0/24  to any port 22
    sudo ufw enable
    


  • Nice write up. Do you enable firewall on all your Debian/ubuntu installs?



  • @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    Nice write up. Do you enable firewall on all your Debian/ubuntu installs?

    Yes, only the necessary ports. So I should add that...



  • @dbeato said in Zabbix Server Setup on Debian 9.0:

    @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    Nice write up. Do you enable firewall on all your Debian/ubuntu installs?

    Yes, only the necessary ports. So I should add that...

    Here I come and does the changes now...



  • @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    Nice write up. Do you enable firewall on all your Debian/ubuntu installs?

    Just changed it, let me know if that is better.



  • @dbeato said in Zabbix Server Setup on Debian 9.0:

    @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    Nice write up. Do you enable firewall on all your Debian/ubuntu installs?

    Just changed it, let me know if that is better.

    Looking good so far. On step 7 you are missing the letter a in Zabbix.



  • Ever since I've discovered mysql -e because of @JaredBusch how-to guides, I've been a big fan of using that to create the database and securing the database.

    #
    mysql -e "CREATE DATABASE zabbix_db;"
    mysql -e "CREATE USER 'zabbix_user'@'localhost' IDENTIFIED BY 'password';"
    mysql -e "GRANT ALL ON zabbix_db.* TO 'zabbix_user'@'localhost';"
    mysql -e "FLUSH PRIVILEGES;"
    
    #
    mysql -e "UPDATE mysql.user SET Password=PASSWORD('password') WHERE User='root';"
    mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
    mysql -e "DELETE FROM mysql.user WHERE User='';"
    mysql -e "DROP DATABASE test;"
    mysql -e "FLUSH PRIVILEGES;"
    


  • @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    @dbeato said in Zabbix Server Setup on Debian 9.0:

    @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    Nice write up. Do you enable firewall on all your Debian/ubuntu installs?

    Just changed it, let me know if that is better.

    Looking good so far. On step 7 you are missing the letter a in Zabbix.

    Fixed it now.



  • @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    Ever since I've discovered mysql -e because of @JaredBusch how-to guides, I've been a big fan of using that to create the database and securing the database.

    #
    mysql -e "CREATE DATABASE zabbix_db;"
    mysql -e "CREATE USER 'zabbix_user'@'localhost' IDENTIFIED BY 'password';"
    mysql -e "GRANT ALL ON zabbix_db.* TO 'zabbix_user'@'localhost';"
    mysql -e "FLUSH PRIVILEGES;"
    
    #
    mysql -e "UPDATE mysql.user SET Password=PASSWORD('password') WHERE User='root';"
    mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
    mysql -e "DELETE FROM mysql.user WHERE User='';"
    mysql -e "DROP DATABASE test;"
    mysql -e "FLUSH PRIVILEGES;"
    

    So the sudo mysql_secure_installation doesn't do that?



  • @dbeato said in Zabbix Server Setup on Debian 9.0:

    @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    Ever since I've discovered mysql -e because of @JaredBusch how-to guides, I've been a big fan of using that to create the database and securing the database.

    #
    mysql -e "CREATE DATABASE zabbix_db;"
    mysql -e "CREATE USER 'zabbix_user'@'localhost' IDENTIFIED BY 'password';"
    mysql -e "GRANT ALL ON zabbix_db.* TO 'zabbix_user'@'localhost';"
    mysql -e "FLUSH PRIVILEGES;"
    
    #
    mysql -e "UPDATE mysql.user SET Password=PASSWORD('password') WHERE User='root';"
    mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
    mysql -e "DELETE FROM mysql.user WHERE User='';"
    mysql -e "DROP DATABASE test;"
    mysql -e "FLUSH PRIVILEGES;"
    

    So the sudo mysql_secure_installation doesn't do that?

    It does, but using mysql -e can help with automating the installation.



  • @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    does, but using mysql -e can help with automating the installation.

    I see the point.



  • @dbeato said in Zabbix Server Setup on Debian 9.0:

    @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    does, but using mysql -e can help with automating the installation.

    I see the point.

    And you can probably skip the setup wizard just by adding all those information directly to the zabbix conf file.



  • @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    @dbeato said in Zabbix Server Setup on Debian 9.0:

    @black3dynamite said in Zabbix Server Setup on Debian 9.0:

    does, but using mysql -e can help with automating the installation.

    I see the point.

    And you can probably skip the setup wizard just by adding all those information directly to the zabbix conf file.

    I added it prior to the zabbix configuration although it chose to go through the setup.



  • @dbeato said in Zabbix Server Setup on Debian 9.0:

    Prior to doing anytighing if you are basing this on a Debian 9 NetInstall you need to install the following packages as root

    apt install ufw sudo -y
    

    Then setup the user in the sudo group

    sudo adduser username sudo 
    

    Technically, you do this if you don't select certain packages during the installation. It has nothing to do with it being a NetInstall ISO or not.

    Technically, these packages are selected by default. I believe both sudo and ufw are part of standard system utilities.
    https://i.imgur.com/8CO2bH3.png

    Additionally ufw is not the firewall. That is iptables, but ufw is the simple way to activate and use iptables.



  • @JaredBusch said in Zabbix Server Setup on Debian 9.0:

    @dbeato said in Zabbix Server Setup on Debian 9.0:

    Prior to doing anytighing if you are basing this on a Debian 9 NetInstall you need to install the following packages as root

    apt install ufw sudo -y
    

    Then setup the user in the sudo group

    sudo adduser username sudo 
    

    Technically, you do this if you don't select certain packages during the installation. It has nothing to do with it being a NetInstall ISO or not.

    Technically, these packages are selected by default. I believe both sudo and ufw are part of standard system utilities.
    https://i.imgur.com/8CO2bH3.png

    Additionally ufw is not the firewall. That is iptables, but ufw is the simple way to activate and use iptables.

    Yes, netinstall has that option as below Figure 1 while though it does not install ufw and sudo on those standard utilities Figure 2 & 3 with the fresh install Figure 4

    Figure 1
    0_1543334144965_e22c5437-43f1-474c-968f-599d675bb766-image.png
    Figure 2
    0_1543337768264_aa49f222-93d1-437a-89a6-3dbfc558f1df-image.png
    Figure 3
    0_1543337818820_cb5a9e3c-8a1b-4022-a373-9f1f41bcba52-image.png
    Figure 4
    0_1543338000904_b04d0f07-af0f-4ada-9958-8b3dfdd3027d-image.png