Taken from https://www.zabbix.com/download?zabbix=4.0&os_distribution=rhel&os_version=7&db=MySQL
PHP needs to be installed from official centos repo (for centos 7 it is php 5.4).
You need to adjust mysql root and zabbix passwords.
# rpm -i https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm # yum -y install zabbix-server-mysql zabbix-web-mysql zabbix-agent # mysql -uroot -p password mysql> create database zabbix character set utf8 collate utf8_bin; mysql> grant all privileges on zabbix.* to zabbix@localhost identified by 'password'; mysql> quit; # zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p zabbix # vim /etc/zabbix/zabbix_server.conf ... DBPassword=password # vim /etc/httpd/conf.d/zabbix.conf ... php_value date.timezone America/New_York
Go to: IPADDRESS/zabbix
Follow: https://www.zabbix.com/documentation/4.0/manual/installation/install#installing_frontend
Change Admin username to admin and password:
Administration -> Users
Disable Guest user:
Administration -> User Groups -> guests -> Uncheck Enable -> Save
Turning off notification "Lack of free swap space on Zabbix server":
Configuration -> Hosts -> Triggers -> Disable "{Zabbix server:system.swap.size[,pfree].last(0)}<50" trigger
# rpm -ivh https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm # yum -y install zabbix-agent # vim /etc/zabbix/zabbix_agentd.conf ... Server=<ip_address_of zabbix_server> ... ListenIP=<ip_address_(of_vlan)_where_we_listen_for_incoming_connections> ... ServerActive=<ip_address_of zabbix_server> # systemctl start zabbix-agent # systemctl status zabbix-agent # systemctl enable zabbix-agent
Allow in firewall:
# firewall-cmd --zone=internal --list-all # firewall-cmd --zone=internal --add-port=10050/tcp --permanent # firewall-cmd --reload # firewall-cmd --zone=internal --list-all
Follow: https://www.zabbix.com/documentation/4.0/manual/quickstart/login
Download template from: https://share.zabbix.com/cat-app/web-servers/ssl-certificates-check-new
On zabbix server enter external scripts:
# cd /usr/lib/zabbix/externalscripts
# vim ./zext_ssl_expiry.sh
#! /bin/sh
SERVER=$1
TIMEOUT=25
RETVAL=0
SNI=$3
TIMESTAMP=`echo | date`
if [ -z "$2" ]
then
PORT=443;
else
PORT=$2;
fi
EXPIRE_DATE=`echo "Q" | openssl s_client -connect $SERVER:$PORT -servername $SNI 2>/dev/null | openssl x509 -noout -dates 2>/dev/null | grep notAfter | cut -d'=' -f2`
EXPIRE_SECS=`date -d "${EXPIRE_DATE}" +%s`
EXPIRE_TIME=$(( ${EXPIRE_SECS} - `date +%s` ))
if test $EXPIRE_TIME -lt 0
then
RETVAL=0
else
RETVAL=$(( ${EXPIRE_TIME} / 24 / 3600 ))
fi
echo ${RETVAL}
# chmod +x ./zext_ssl_expiry.sh
# vim ./zext_ssl_issuer.sh
#! /bin/sh
SERVER=$1
TIMEOUT=25
#RETVAL=0
#TIMESTAMP=`echo | date`
PORT=$2
SNI=$3
ISSUER=`echo "Q" | openssl s_client -connect ${SERVER}:${PORT} -servername $SNI 2>/dev/null | openssl x509 -noout -issuer 2>/dev/null | grep issuer`
echo ${ISSUER}
# chmod +x ./zext_ssl_issuer.sh
On Zabbix Host add host macro:
{$SNI} => www.example.com
and make sure the host has correct (public) IP address
Disable unneeded SSL expiry levels