Cisco | Cisco 2960 Switch Configuration (PID: WS-C2960-24TC-L)

Cisco 2960 Switch Configuration (PID: WS-C2960-24TC-L):

Changing Switch Hostname:

Switch(config)#hostname DST-SW

Configuring Passwords:

DST-SW(config)#enable secret sysadmin

DST-SW(config)#enable secret sysadmin

Securing Console Port:

DST-SW(config)#line con 0 

DST-SW(config-line)#password sysadmin

DST-SW(config-line)#login 

Securing Terminal Lines:

DST-SW(config)#line vty 0 4 

DST-SW(config-line)#password sysadmin

DST-SW(config-line)#login

Encrypting Passwords:

DST-SW(config)#service password-encryption

Configuring Banners:

DST-SW(config)#banner motd 

$ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- UNAUTHORIZED ACCESS IS PROHIBITED -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $

Giving the Switch an IP Address:

DST-SW(config)#interface vlan 1 

DST-SW(config-if)#ip address 192.168.101.2 255.255.255.0 

DST-SW(config-if)#shutdown 

Setting the Default Gateway:

DST-SW(config)#ip default-gateway 192.168.101.1

Saving Configuration:

DST-SW#copy running-config startup-config

Destination filename [startup-config]? 

Building configuration… [OK]

Or

DST-SW#wr 

Building configuration… [OK] 

Working Environment (name lookup, history, exec-timeout and logging behavior):

DST-SW(config)#no ip domain-lookup 

DST-SW(config)#line vty 0 4 

DST-SW(config-line)#history size 15 

DST-SW(config-line)# exec-timeout 10 30 

DST-SW(config-line)#logging synchronous

 

Configuring Switch to use SSH:

• Configure DNS domain name: 

DST-SW(config)#ip domain-name example.com 

• Configure a username and password: 

DST-SW(config)#username admin secrat cisco 

• Generate encryption keys: 

DST-SW(config)#crypto key generate rsa How many bits in the modulus [512]: 1024 

• Define SSH version to use: 

DST-SW(config)#ip ssh version 2 

• Enable vty lines to use SSH: 

DST-SW(config)#line vty 0 4 

DST-SW(config-line)#login local 

DST-SW(config-line)#transport input telnet ssh 

Description, Speed, and Duplex:

DST-SW(config)#interface fastEthernet 0/1 

DST-SW(config-if)#description ***To-Core RTR***

DST-SW(config-if)#speed 100 (options: 10, 100, auto) 

DST-SW(config)#interface range fastEthernet 0/5 – 10 

DST-SW(config-if-range)#duplex full (options: half, full, auto)

Verify Basic Configuration:

• Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc.

DST-SW#show version 

• Shows the current configuration file stored in DRAM. 

DST-SW#show running-config 

• Shows the configuration file stored in NVRAM which is used at first boot process. 

DST-SW#show startup-config 

• Lists the commands currently held in the history buffer. 

DST-SW#show history 

• Shows an overview of all interfaces, their physical status, protocol status and ip address if assigned. 

DST-SW#show ip interface brief 

• Shows detailed information about the specified interface, its status, protocol, duplex, speed, encapsulation, last 5 min traffic. 

DST-SW#show interface vlan 1 

• Shows the description of all interfaces 

DST-SW#show interfaces description 

• Shows the status of all interfaces like connected or not, speed, duplex, trunk or access vlan. 

DST-SW#show interfaces status 

• Shows the public encryption key used for SSH. 

DST-SW#show crypto key mypubkey rsa 

• Shows information about the leased IP address (when an interface is configured to get IP address via a dhcp server)

DST-SW#show dhcp lease 

 

Configuring Port Security:

• Make the switch interface an access port

DST-SW(config-if)#switchport mode access 

• Enable port security on the interface: 

DST-SW(config-if)#switchport port-security 

• Specify the maximum number of allowed MAC addresses: 

DST-SW(config-if)#switchport port-security maximum 1 

• Define the action to take when violation occurs: 

DST-SW(config-if)#switchport port-security violation shutdown (options: shutdown, protect, restrict) 

• Specify the allowed MAC addresses: 

DST-SW(config-if)#switchport port-security mac-address 68b5.9965.1195 (options: H.H.H, sticky)

Verify and Troubleshoot Port Security: 

• Shows the entries of the mac address table 

DST-SW#show mac-address-table 

• An overview of port security of all interfaces 

DST-SW#show port-security 

• Shows detailed information about port security on the specified interface 

DST-SW#show port-security interface fa0/5 

Configuring VLANs: 

• Create a new VLAN and give it a name: 

DST-SW(config)#vlan 10 

DST-SW(config-vlan)#name ***To-IT-Users***

 • Assign an access interface to access a specific VLAN: 

DST-SW(config)#interface fastEthernet 0/5 

DST-SW(config-if)#switchport mode access 

DST-SW(config-if)#switchport access vlan 10 

Configuring an auxiliary VLAN for cisco IP phones: 

DST-SW(config)#interface fastEthernet 0/5 

DST-SW(config-if)#switchport access vlan 10 

DST-SW(config-if)#switchport voice vlan 12 

Configuring Trunks:

DST-SW(config)#interface fastEthernet 0/1 

DST-SW(config-if)#switchport mode trunk (options: access, trunk, dynamic auto, dynamic desirable) DST-SW(config-if)#switchport trunk allowed

Securing VLANS and Trunking:

• Administratively disable unused interfaces: 

DST-SW(config-if)#shutdown 

• Prevent trunking by disabling auto negotiation on the interface: 

DST-SW(config-if)#nonegotiate (or hardcode the port as an access port) 

DST-SW(config-if)#switchport mode access 

• Assign the port to an unused VLAN: 

DST-SW(config-if)#switchport access vlan 222 

STP optimization:

• Hard coding the root bridge (changing bridge priority): 

DST-SW(config)#spanning-tree vlan 1 root primary 

DST-SW(config)#spanning-tree vlan 1 root secondary 

DST-SW(config)#spanning-tree [vlan 1] priority 8192 

• Changing the STP mode: 

DST-SW(config)#spanning-tree mode rapid-pvst (options: mst, pvst, rapid-pvst) 

• Enabling portfast and BPDU guard on an interface: 

DST-SW(config-if)#spanning-tree portfast 

DST-SW(config-if)#spanning-tree bpduguard enable 

• Changing port cost: 

DST-SW(config-if)#spanning-tree [vlan 1] cost 25 

• Bundling interfaces into an etherchannel: 

DST-SW(config-if)#channel-group 1 mode on (options: auto, desirable, on)

STP Verification and Troubleshooting:

• Shows detailed info about STP state 

DST-SW#show spanning-tree 

• Shows STP info only on a specific port 

DST-SW#show spanning-tree interface fa0/2 

• Shows STP info only for a specific VLAN 

DST-SW#show spanning-tree vlan 1 

• Shows info about the root switch 

DST-SW#show spanning-tree [vlan1] root 

• Shows info about the local switch 

DST-SW#show spanning-tree [vlan1] bridge 

• Show the state of the etherchannels 

DST-SW#show etherchannel 1 

• Provides informational messages about the changes in the STP topology 

DST-SW#debug spanning-tree events 

Enabling or disabling CDP: 

• Enabling CDP globally on a switch: 

DST-SW(config)#cdp run 

• Disabling CDP on a given interface: 

DST-SW(config-if)#no cdp enable  

Using CDP for Network Verification and Troubleshooting:

• Shows global information about CDP itself 

DST-SWSW1#show cdp 

• Shows information about CDP on a specific interface 

DST-SW#show cdp interface fa0/2 

• Shows information about the directly connected cisco devices including interfaces names capabilities 

DST-SW#show cdp neighbors 

• Shows detailed information about the neighboring cisco devices including device address and version of IOS they run 

DST-SW#show cdp neighbors detail 

• Same as show cdp neighbor detail 

DST-SW#show cdp entry * 

• Shows detailed information about the specified entry only 

DST-SW#show cdp entry DST-SW2 

Linux | Install and Configure FreeRADIUS and daloRADIUS on Debian 13/Debian 12

Install and Configure FreeRADIUS and daloRADIUS on Debian 13/Debian 12

Managing network authentication becomes unscalable when using static configuration files for multiple users and NAS devices. This guide provides a modern solution by combining FreeRADIUS with the daloRADIUS web interface.

Key Technical Highlights:

• Centralized AAA: Provides a robust framework for Authentication, Authorization, and Accounting (AAA), moving beyond limited local config files.
• Database Backend: Uses MariaDB for structured data storage, ensuring scalability and easy auditing for compliance.
• Streamlined Management: daloRADIUS offers a powerful GUI to manage users, NAS clients, and accounting data, eliminating the need for direct SQL manipulation.
• Optimized for Debian: Specifically designed for Debian 13 and 12, focusing on a clean SQL integration rather than patching default configurations that are prone to breaking.
• Dependency Clarity: Explicitly covers the often-undocumented PHP and PEAR dependencies required to get the daloRADIUS stack fully operational.

Prerequisites:

• OS: Debian 13 (Trixie) or Debian 12 (Bookworm) with a minimal installation.
• Hardware: Minimalist-friendly; runs on 1 CPU and 1 GB RAM for small-to-medium deployments.
• Software Stack: * FreeRADIUS: v3.2.7 (Debian 13) or v3.2.1 (Debian 12).
• Database: MariaDB v11.8.6 or v10.11.6.
• PHP: v8.4 (Debian 13) or v8.2 (Debian 12).

Update your package index before starting:

sudo apt update && sudo apt upgrade -y

Step 1: Install MariaDB and Create the Database

FreeRADIUS stores user credentials, accounting records, and NAS client definitions in MariaDB. Install the server and client packages:

sudo apt install -y mariadb-server mariadb-client

Start and enable MariaDB so it survives reboots:

sudo systemctl enable --now mariadb

Verify the service is active:

sudo systemctl status mariadb --no-pager

Secure the installation by setting a root password and removing test databases:

sudo mariadb-secure-installation

Accept the defaults: set a root password, remove anonymous users, disallow remote root login, remove the test database, and reload privileges.

Now create the radius database and a dedicated user. Log into MariaDB:

sudo mariadb -u root -p

Run these SQL statements to create the database and grant privileges:

CREATE DATABASE radius;
GRANT ALL ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'YourStr0ngP@ss!';
FLUSH PRIVILEGES;
EXIT;

Replace YourStr0ngP@ss! with a strong password of your own. Keep it handy because you will need it for both the FreeRADIUS and daloRADIUS configuration files.

Step 2. Install FreeRADIUS with MySQL Module

Debian ships FreeRADIUS in the default repositories. Install the server along with the MySQL/MariaDB module:

sudo apt install -y freeradius freeradius-mysql freeradius-utils

This pulls in FreeRADIUS 3.2.7 on Debian 13 (3.2.1 on Debian 12). The freeradius-mysql package provides the rlm_sql_mysql driver, and freeradius-utils includes radtest for authentication testing.

Confirm the installed version:

freeradius -v | head -2

Now import the FreeRADIUS schema into MariaDB. This creates the core tables (radcheck, radreply, radacct, nas, and others):

sudo mariadb -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

The schema file path is the same on both Debian 13 and Debian 12.

Step 3. Configure FreeRADIUS SQL Backend

The default SQL module config ships with comments and placeholders that cause problems when you try to patch them with sed. A cleaner approach: write the config from scratch with only what you need.

Back up the original, then create the new config:

sudo cp /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-available/sql.bak

Open the SQL module configuration file:

sudo vi /etc/freeradius/3.0/mods-available/sql

Replace the entire contents with the following tested configuration:

sql {
    driver = "rlm_sql_mysql"
    dialect = "mysql"
    server = "localhost"
    port = 3306
    login = "radius"
    password = "YourStr0ngP@ss!"
    radius_db = "radius"
    acct_table1 = "radacct"
    acct_table2 = "radacct"
    postauth_table = "radpostauth"
    authcheck_table = "radcheck"
    groupcheck_table = "radgroupcheck"
    authreply_table = "radreply"
    groupreply_table = "radgroupreply"
    usergroup_table = "radusergroup"
    read_clients = yes
    client_table = "nas"
    group_attribute = "SQL-Group"
    $INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
    pool {
        start = 5
        min = 4
        max = 10
        spare = 3
        uses = 0
        lifetime = 0
        idle_timeout = 60
    }
}

Set the password field to match the MariaDB password you created earlier.

Enable the SQL module by creating a symlink in mods-enabled:

sudo ln -sf /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/sql

The symlink and the SQL config file must be owned by the freerad user, otherwise FreeRADIUS refuses to load the module:

sudo chown -h freerad:freerad /etc/freeradius/3.0/mods-enabled/sql
sudo chown freerad:freerad /etc/freeradius/3.0/mods-available/sql

Restart FreeRADIUS and check for errors:

sudo systemctl restart freeradius
sudo systemctl status freeradius --no-pager

The service should show active (running). If it fails, run sudo freeradius -X in debug mode to see the exact error.

Step 4. Test FreeRADIUS Authentication

Before adding the web interface, confirm that FreeRADIUS can authenticate users from the database. Insert a test user into the radcheck table:

sudo mariadb -u root -p -e "INSERT INTO radcheck (username, attribute, op, value) VALUES ('testuser', 'Cleartext-Password', ':=', 'testing123');" radius

Now test with radtest. The shared secret for localhost is testing123 by default (defined in /etc/freeradius/3.0/clients.conf):

radtest testuser testing123 127.0.0.1 0 testing123

You should see Access-Accept in the response, confirming the SQL backend is working:

Sent Access-Request Id 146 from 0.0.0.0:41999 to 127.0.0.1:1812 length 78
User-Name = "testuser"
User-Password = "testing123"
Received Access-Accept Id 146 from 127.0.0.1:1812 to 127.0.0.1:41999 length 38

If you get Access-Reject instead, check the SQL module configuration and verify the database credentials are correct. Running sudo freeradius -X in a second terminal, while sending the test request shows exactly where the failure occurs.

Step5. Install Apache, PHP, and daloRADIUS

daloRADIUS is a PHP application that needs Apache, several PHP extensions, and one PEAR package that Debian does not install by default.

Install Apache and the required PHP modules:

sudo apt install -y apache2 libapache2-mod-php php php-mysql php-gd php-curl php-mail php-mail-mime php-xml php-mbstring php-pear

The php-db PEAR package provides the DB.php abstraction class that daloRADIUS relies on. Without it, you get a fatal error on every page load. Install it via PEAR:

sudo pear install DB

Clone the daloRADIUS repository from GitHub into the web root:

sudo apt install -y git
sudo git clone https://github.com/lirantal/daloradius.git /var/www/daloradius

This pulls daloRADIUS 2.2 beta from the master branch.

daloRADIUS requires its own database tables (operators, config, billing, and others) on top of the standard FreeRADIUS schema. Two separate imports are needed. First, the FreeRADIUS tables (if you haven’t imported them already during the FreeRADIUS setup, do it now):

sudo mariadb -u root -p radius < /var/www/daloradius/contrib/db/fr3-mariadb-freeradius.sql

Then import the daloRADIUS-specific tables:

sudo mariadb -u root -p radius < /var/www/daloradius/contrib/db/mariadb-daloradius.sql

Both imports are mandatory. Skipping the second one causes “table not found” errors when daloRADIUS tries to load its operator settings or billing configuration.

Set the correct ownership so Apache can read the files:

sudo chown -R www-data:www-data /var/www/daloradius

Step 6. Configure daloRADIUS

daloRADIUS ships a sample configuration file that you copy and edit with your database credentials.

Create the configuration file from the sample:

sudo cp /var/www/daloradius/app/common/includes/daloradius.conf.php.sample /var/www/daloradius/app/common/includes/daloradius.conf.php

Open it for editing:

sudo vi /var/www/daloradius/app/common/includes/daloradius.conf.php

Find and set these three values to match your MariaDB radius database credentials:

$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'YourStr0ngP@ss!';
$configValues['CONFIG_DB_NAME'] = 'radius';

The database host (CONFIG_DB_HOST) defaults to localhost, which is correct for this setup. Save and close the file.

Step 7. Configure Apache Virtual Host

daloRADIUS has two portals: operators (admin) and users. The operators portal is the primary interface for managing RADIUS. Point Apache’s DocumentRoot at it.

Create a new virtual host configuration:

sudo vi /etc/apache2/sites-available/daloradius.conf

Add the following configuration:

<VirtualHost *:80>
    ServerAdmin admin@example.com
    ServerName your-server-ip
    DocumentRoot /var/www/daloradius/app/operators
    <Directory /var/www/daloradius/app/operators>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/daloradius-error.log
    CustomLog ${APACHE_LOG_DIR}/daloradius-access.log combined
</VirtualHost>

Replace your-server-ip with your server’s actual IP address or domain name.

Disable the default site and enable the daloRADIUS virtual host:

sudo a2dissite 000-default.conf
sudo a2ensite daloradius.conf
sudo a2enmod rewrite

Test the Apache configuration for syntax errors, then restart:

sudo apachectl configtest
sudo systemctl restart apache2

Apache should report Syntax OK. If you have a firewall running, open port 80:

sudo ufw allow 80/tcp

Step 8. Access the daloRADIUS Web UI

Open a browser and navigate to http://your-server-ip/. The daloRADIUS login page should appear.

The default credentials are:

• Username: administrator
• Password: radius

Change the default password immediately after your first login.

After logging in, the dashboard shows a summary of online users, RADIUS server status, and quick links to common tasks. The navigation menu on the left gives you access to user management, NAS configuration, accounting reports, and server settings.

The user management section lists all RADIUS users stored in the database. From here you can add new users, edit authentication attributes, assign groups, and view accounting data per user.

Step 9. Debian 13 vs Debian 12 Differences

While the configuration logic and file paths remain identical between the two releases, the primary difference lies in the software versions provided by the official repositories as of March 2026:

Component	Debian 13 (Trixie)	Debian 12 (Bookworm)
FreeRADIUS	3.2.7 (Includes latest security patches)	3.2.1
MariaDB	11.8.6 (Modern performance optimizations)	10.11.6
PHP	8.4 (Fully compatible with daloRADIUS 2.2)	8.2
Apache	2.4.66	2.4.62
daloRADIUS	2.2 beta (Latest GitHub clone)	2.2 beta

Key Takeaways:

• Compatibility: Despite the major version jumps in MariaDB (10.11 to 11.8) and PHP (8.2 to 8.4), the RADIUS SQL schema and daloRADIUS codebase are fully compatible with both.
• Security: Debian 13 (Trixie), having been released as the new "Stable" in August 2025, offers a more modern security posture and longer support lifecycle for new production deployments.
• Stability: The configuration format is unchanged, meaning scripts and documentation for Debian 12 will work perfectly on Debian 13.

Troubleshooting

Fatal error: Class ‘DB’ not found in daloRADIUS

This means the php-db PEAR package is missing. daloRADIUS uses the PEAR DB abstraction layer, which is not installed by default on Debian 13 even when you install php-pear. Fix it with:

sudo pear install DB

Restart Apache after installing:

sudo systemctl restart apache2

Table ‘radius.operators’ doesn’t exist

This happens when you only import the FreeRADIUS schema but skip the daloRADIUS schema. Two separate SQL files must be imported. The daloRADIUS tables (operators, billing, config) live in a different file:

sudo mariadb -u root -p radius < /var/www/daloradius/contrib/db/mariadb-daloradius.sql

FreeRADIUS fails to start with “rlm_sql_mysql: Cannot load library”

The freeradius-mysql package is not installed. This package provides the rlm_sql_mysql.so shared library. Install it and restart:

sudo apt install -y freeradius-mysql
sudo systemctl restart freeradius

Also check file ownership. The SQL module config and symlink must be owned by freerad:freerad, not root. FreeRADIUS drops privileges to the freerad user on startup and cannot read files owned by root:

sudo chown -h freerad:freerad /etc/freeradius/3.0/mods-enabled/sql
sudo chown freerad:freerad /etc/freeradius/3.0/mods-available/sql

Run FreeRADIUS in debug mode to see exactly where the failure occurs:

sudo freeradius -X

Debug mode prints every module load, config parse, and SQL connection attempt. The error message will point to the specific problem.

Linux | Install cPanel/WHM on Rocky Linux 10

 Linux | Install cPanel/WHM on Rocky Linux 10

Following the end of CentOS 8 on December 31, 2021, the hosting industry needed a stable replacement for cPanel deployments. Key points include:

• Rocky Linux Emergence: Created as a 1:1 binary-compatible RHEL derivative, it fills the void left by CentOS 8 as a stable, free, and community-driven OS.
• The Problem with CentOS Stream: cPanel officially declined support for CentOS Stream, forcing administrators to find a more predictable "Fixed Release" OS.
• The Modern Choice: Rocky Linux has become a premier choice for cPanel installations due to its reliability, strong financial backing, and seamless compatibility with RHEL-based software.

Prerequisites:

• Linux VPS with Rocky Linux operating system
• 1 GB of RAM
• 20 GB of storage space
• Static IPv4
• 1 core CPU 1.1 GHz
• Connecting to Linux VPS through SSH (You can connect to Linux VPS using the Putty program)
• Having a user account with Root/Sudo privileges

Installing cPanel on Rocky Linux has simple steps, by following the steps that we will teach later, you can manage your web server and hosting services efficiently with cPanel facilities.

Step 1. Updating Rocky Linux server repository packages

Before installing any program, we recommend updating the Rocky Linux server resources and repositories by running the following command:

yum update -y

If you are asked to confirm the update process, type Y and press Enter.

Step 2. Installing Perl

cPanel is written based on the Perl programming language, so installing Perl on a Rocky Linux server is a prerequisite for installing cPanel on Rocky Linux. To install Perl on Rocky Linux, run the following command:

yum install perl

Step 3. Installing Curl

If Curl is not installed, the required cPanel installer script will not be installed, so install Curl using the following command:

yum install curl

Step 4. Adding hostnames

To use cPanel, you must enter the hostname in Fully Qualified Domain Name (FQDN) format. So enter the following command:

hostnamectl set-hostname myserver.mydomain.com

Note: In the Mydomain and Myserver fields, replace the hostname and domain you want.

Step 5. Disabling Network Manager Service

Cpanel is incompatible with Network Manager Service, which is implemented to manage the connection of computers, so to install cPanel, you need to ensure that Network Manager Service is disabled:

service NetworkManager stop

chkconfig NetworkManager off

Step 6. disabling SELinux and firewall Temporarily

SELinux is a Linux kernel security module that supports access control security policies through a mechanism. Therefore, to avoid problems and incompatibility, it is recommended to temporarily disable SELinux before installing cPanel:

cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

The second way to disable SELinux is to edit the SELinux configuration file using any text editor (preferably VI). To do this, change the content of the SELinux configuration file by running the following command and using a text editor:

vi /etc/selinux/config

Then by pressing the I and C buttons, add the desired codes in the content of the SELinux configuration file and change the SELINUX parameter from Enforcing to disabled:

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing – SELinux security policy is enforced.

# permissive – SELinux prints warnings instead of enforcing.

# disabled – No SELinux policy is loaded.

SELINUX=disabled

# SELINUXTYPE= can take one of these three values:

# targeted – Targeted processes are protected,

# minimum – Modification of targeted policy. Only selected processes are protected.

# mls – Multi Level Security protection.

SELINUXTYPE=targeted

Then save the SELinux configuration file by pressing the Esc button and typing wq to apply the changes.

In addition to disabling SELinux, to avoid problems when installing cPanel, it is better to temporarily disable the firewall and use a third-party firewall. To temporarily disable the firewall in Rocky Linux, run the following command:

iptables-save > ~/firewall.rules
systemctl stop firewalld.service
systemctl disable firewalld.service

Step 7. Installing cPanel with a 15-day trial license

By using the command that we will provide below, you can use the features of cPanel with a trial license and do not need to buy a license.

cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

You may have to wait for approximately 1 hour to complete the installation process of WHM /cPane with a trial license. Of course, the waiting time depends on the speed of your network.

Step 8. Enabling Network Manager Service

After installing cPanel, re-enable Network Manager Service because computer connections require Network Manager Service. For this purpose, run the following command:

service NetworkManager start
chkconfig NetworkManager on

To apply your changes, reboot the Rocky Linux server using the following command:

reboot

After restarting the Rocky Linux server, enter the cPanel management panel by using a browser and typing the address https://serverIP:xxxx.

It should be noted that you must replace your IP address in the login address of the cPanel management panel.

Then type your server password for the cPanel login password and Root username for the cPanel login username.

Step 9. License activation for Cpanel/WHM

You have two ways to enable the license for cPanel: 1. Using a free trial license 2. Buying a paid license.

Free trial license activation for Cpanel/WHM

cPanel 15-day free license activation requires configuration, so log into your cPanel Store account.

Note: If you do not have a cPanel Store account, you must register.

- Log in to the cPanel management panel.
- Log in to your account.
- Type your server username and password to enter the WHM panel.
- After reading the conditions, accept them.

- You will be faced with a cPanel Store account login page. If you already have an account, you can log in by entering your username and password. Otherwise, this is where you can create a cPanel Store account. Assuming you do not have an account, continue the steps to create an account and select the log in option.

- In the window that opens, select the Create Account option to create a cPanel Store user account.

- Enter your email address, after agreeing to the terms of use of cPanel, select the Create Account option.

- To specify the password for the cPanel account, you will receive an email in the email inbox you set for WHM.

- Select the ALLOW ACCESS option to link your server’s IP address to the email address you have specified.

If you create a user account in the browser you configured WHM and enter your email account, the previous step is applicable, but if you do not use the same browser to enter the email, you can specify a password by clicking on the link you received.

• Enter the code that was sent to your email.

• Displaying the following page and the phrase 15-day free Trial License Activated informs about the activation of the cPanel trial license. Then go to the settings section.

• To be notified of possible WHM errors, enter an email address.
• To connect your domain or subdomains to the WHM server, type the name servers.

• Enter these as child name servers in your domain control panel.

Finally, you have successfully activated your free trial license for cPanel.

After installing WHM and the necessary configurations, reboot the server to apply your settings.

Activation and purchase of a paid license

To order a cPanel license, visit the Opera VPS licenses page.

Then confirm the activation of the license, from the cPanel License Verification site.

Update the desired license by running the following command on the Rocky Linux server:

Closure:

The combination of cPanel/WHM and Rocky Linux provides a high-performance, enterprise-grade environment for managing hosting services. By following this guide, users gain a stable platform to handle websites, emails, and databases with ease.

Key Takeaways:

• Stability: Rocky Linux serves as a robust, RHEL-compatible foundation, ensuring long-term reliability for hosting.
• Efficiency: cPanel’s automated tools simplify complex server management tasks, making them accessible even to beginners.
• Security: The setup allows for granular control over security settings and unauthorized access prevention.

Linux | Install and Configure Nagios Core on RHEL 10/Rocky Linux 10

 Install and Configure Nagios Core on RHEL 10/Rocky Linux 10

Nagios Core is a "battle-tested," open-source monitoring engine designed for high-reliability infrastructure tracking. This guide covers the source-installation of Version 4.5.11 (the latest stable release as of early 2026) on modern RHEL-based systems.

Key Highlights:

• Functionality: Monitors hosts (servers, switches) and services (HTTP, SSH, SNMP) with a robust alerting system for failures and recoveries.
• Architecture: Uses a lightweight, C-based core with a plugin-based model, making it highly extensible for custom monitoring needs.
• Modern OS Support: Specifically tailored for RHEL 10, Rocky Linux 10, and AlmaLinux 10, addressing the latest security and compiler requirements.
• Core Components: Includes the Apache-based web interface, essential Nagios Plugins, and email notification integration via SMTP.

Prerequisites

Before starting, make sure you have the following in place:

• A server running RHEL 10, Rocky Linux 10, or AlmaLinux 10 with at least 2 GB RAM
• Root or sudo access
• A working DNS name or static IP for the Nagios server
• Internet access to download source packages
• Ports 80 (HTTP) and 443 (HTTPS) open in the firewall
• An SMTP-capable mail setup for alert notifications (Postfix or external relay)

Switch to the root user for the rest of this guide:

sudo -i

Step 1. Install Nagios Core Dependencies

Nagios Core is compiled from source, so we need development tools plus libraries for the web interface and plugins. Install all required packages in one command:

dnf install -y gcc glibc glibc-common make gettext automake autoconf wget \
  openssl-devel net-snmp net-snmp-utils epel-release \
  perl-Net-SNMP postfix unzip httpd php php-fpm gd gd-devel \
  perl perl-devel

Enable and start Apache and PHP-FPM so the web interface is ready once Nagios is installed:

systemctl enable --now httpd php-fpm

Step 2. Create Nagios User and Group
Nagios runs under its own dedicated user. The nagcmd group allows the web interface to issue external commands (acknowledge alerts, schedule downtime, etc.):

useradd nagios
groupadd nagcmd
usermod -aG nagcmd nagios
usermod -aG nagcmd apache

Step 3. Download and Compile Nagios Core

Download the latest Nagios Core 4.5.11 source tarball and extract it:

cd /tmp
wget https://github.com/NagiosEnterprises/nagioscore/releases/download/nagios-4.5.11/nagios-4.5.11.tar.gz
tar xzf nagios-4.5.11.tar.gz
cd nagios-4.5.11

Run the configure script, specifying the command group we created earlier:

./configure --with-command-group=nagcmd

The configuration summary should show all checks passed. Now compile and install Nagios along with its init scripts, command mode, and sample configuration:

make all
make install
make install-init
make install-commandmode
make install-config

Install the Apache configuration file for the Nagios web interface:

make install-webconf

Step 4. Set Up the Nagios Web Interface Password

Create the nagiosadmin user for web interface authentication. Replace the password when prompted:

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

You will be prompted to enter and confirm a password. This is the login you use to access the Nagios dashboard.

Restart Apache to pick up the new Nagios configuration:

systemctl restart httpd

Step 5. Install Nagios Plugins

Nagios Core by itself has no monitoring capability – it relies on Nagios Plugins to perform the actual checks. Download and compile the latest plugins release (2.4.12):

cd /tmp
wget https://github.com/nagios-plugins/nagios-plugins/releases/download/release-2.4.12/nagios-plugins-2.4.12.tar.gz
tar xzf nagios-plugins-2.4.12.tar.gz
cd nagios-plugins-2.4.12

Configure and compile the plugins:

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

After installation, the plugins are placed in /usr/local/nagios/libexec/. Verify they exist:

ls /usr/local/nagios/libexec/ | head -20

You should see a list of check plugins like check_ping, check_http, check_disk, and many more.

Step 6. Configure Apache Web Interface for Nagios

The default configuration maps /nagios to the Nagios web directory and requires authentication. The key directives are:

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" 

<Directory "/usr/local/nagios/sbin">
   Options ExecCGI
   AllowOverride None
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user 

</Directory>
Alias /nagios "/usr/local/nagios/share" 

<Directory "/usr/local/nagios/share">
   Options None
   AllowOverride None
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

 If you need to change the web path or add SSL, edit this file. For now, the defaults work for initial setup. If SELinux is in enforcing mode, allow Apache to connect to the Nagios CGI scripts:

setsebool -P httpd_can_network_connect 1

Step 7. Configure Nagios Core (nagios.cfg)

The main Nagios configuration file is /usr/local/nagios/etc/nagios.cfg. The sample config installed earlier works out of the box, but there are a few settings worth reviewing. Open the file:

vi /usr/local/nagios/etc/nagios.cfg

Key settings to verify or adjust:

# Where object config files are loaded from
cfg_dir=/usr/local/nagios/etc/servers

# Log file location
log_file=/usr/local/nagios/var/nagios.log

# External commands (needed for web UI actions like ack/downtime)
check_external_commands=1

# How often Nagios checks for external commands (seconds)
command_check_interval=-1

# Admin email and pager for notifications
admin_email=admin@example.com
admin_pager=admin-pager@example.com

The cfg_dir line tells Nagios to load all .cfg files from the /usr/local/nagios/etc/servers/ directory. Create this directory now – we will add host definitions there:

mkdir -p /usr/local/nagios/etc/servers

Verify the configuration is valid before starting Nagios:

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

The output should end with “Things look okay” and zero errors. If you see warnings or errors, fix the referenced config files before proceeding.

Step 8. Add Hosts and Services to Monitor

Nagios monitors targets through host and service object definitions. Each remote host gets its own config file in /usr/local/nagios/etc/servers/. Here is an example for a web server at 10.0.1.50. Create the file:

vi /usr/local/nagios/etc/servers/webserver01.cfg

Add the following host and service definitions:

define host {
    use                     linux-server
    host_name               webserver01
    alias                   Web Server 01
    address                 10.0.1.50
    max_check_attempts      5
    check_period            24x7
    notification_interval   30
    notification_period     24x7
}

define service {
    use                     generic-service
    host_name               webserver01
    service_description     PING
    check_command           check_ping!100.0,20%!500.0,60%
}

define service {
    use                     generic-service
    host_name               webserver01
    service_description     HTTP
    check_command           check_http
}
define service {
    use                     generic-service
    host_name               webserver01
    service_description     SSH
    check_command           check_ssh
}

define service {
    use                     generic-service
    host_name               webserver01
    service_description     Disk Usage
    check_command           check_local_disk!20%!10%!/
}

This defines the host and four services: ping connectivity, HTTP response, SSH availability, and local disk usage. The check_ping thresholds mean warning at 100ms/20% loss and critical at 500ms/60% loss.

For monitoring remote Linux hosts with detailed checks (CPU, memory, disk), install NRPE on the target server. See our guide on adding remote hosts to Nagios for monitoring for the full NRPE setup.
After adding host files, validate the configuration again:

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Step 9. Configure Email Notifications

Nagios sends alert emails through the local mail system. Make sure Postfix is installed and running:

systemctl enable --now postfix

Nagios notification commands are defined in /usr/local/nagios/etc/objects/commands.cfg. The default commands use /usr/bin/mail to send host and service alerts. Open the contacts configuration:

vi /usr/local/nagios/etc/objects/contacts.cfg

Update the nagiosadmin contact with your real email address:

define contact {
    contact_name            nagiosadmin
    use                     generic-contact
    alias                   Nagios Admin
    email                   your-email@example.com
}

define contactgroup {
    contactgroup_name       admins
    alias                   Nagios Administrators
    members                 nagiosadmin
}

Replace your-email@example.com with the address where you want to receive alerts. You can add multiple contacts by creating additional define contact blocks and adding them to the admins group.

Test email delivery from the command line to confirm Postfix is working:

echo "Nagios test email" | mail -s "Nagios Alert Test" your-email@example.com

If you are using an external SMTP relay (Gmail, Amazon SES, etc.), configure Postfix as a relay host in /etc/postfix/main.cf instead of sending directly.

Step 10. Configure Firewall for Nagios

Open HTTP and HTTPS ports in firewalld so you can access the Nagios web interface:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Confirm the rules are active:

firewall-cmd --list-services

The output should include http and https in the list of allowed services. If you are running Nagios behind a reverse proxy or on a non-standard port, adjust accordingly.

If you also plan to use NRPE for remote host checks, open TCP port 5666 on the remote hosts (not the Nagios server).

Step 11. Start Nagios and Verify the Monitoring Dashboard

Enable and start the Nagios service:

systemctl enable --now nagios

Check that Nagios is running:

systemctl status nagios

The output should show active (running) with no errors. If the service fails to start, check /usr/local/nagios/var/nagios.log for details.

Open your browser and navigate to:

http://your-server-ip/nagios

Log in with the nagiosadmin credentials you created in Step 4. The dashboard shows the Tactical Overview with host and service status summaries. Click “Hosts” in the left menu to see monitored hosts, and “Services” for individual service checks.

Give Nagios a few minutes to run the initial round of checks. Hosts and services will transition from “PENDING” to their actual status (OK, WARNING, CRITICAL, or UNKNOWN).

Nagios Configuration Files Reference

Nagios has several configuration files spread across its installation directory. This table summarizes the key files you will work with:

File Path
/usr/local/nagios/etc/nagios.cfg

Purpose: Main configuration file – controls global settings, loaded config dirs, logging

/usr/local/nagios/etc/cgi.cfg

Purpose: Web interface CGI settings – controls who can view/modify what in the dashboard

/usr/local/nagios/etc/objects/commands.cfg

Purpose: Check and notification command definitions

/usr/local/nagios/etc/objects/contacts.cfg

Purpose: Contact and contact group definitions for notifications

/usr/local/nagios/etc/objects/timeperiods.cfg

Purpose: Time period definitions (24×7, work hours, etc.)

/usr/local/nagios/etc/objects/templates.cfg

Purpose: Host and service templates (linux-server, generic-service, etc.)

/usr/local/nagios/etc/servers/

Purpose: Directory for your custom host/service definitions

/usr/local/nagios/etc/htpasswd.users

Purpose: Web interface user authentication file

/etc/httpd/conf.d/nagios.conf

Purpose: Apache configuration for the Nagios web UI

/usr/local/nagios/var/nagios.log

Purpose: Main Nagios log file for troubleshooting

Closure:

Nagios Core 4.5.11 Finalization

Status: Nagios Core 4.5.11 is operational, providing a stable engine for monitoring hosts, services, and network devices with integrated email alerting.

Production Hardening:

• Security: Secure the web interface by adding TLS/SSL certificates (via Let's Encrypt) to Apache.
• Deep Monitoring: Deploy NRPE (Nagios Remote Plugin Executor) or NCPA 3.2.3 on remote servers (like your Canada SIP node) to monitor local metrics like disk usage and specific process health.
• Efficiency: Configure Escalation Policies to ensure critical alerts are rerouted to senior admins if not acknowledged within a set timeframe.

Future Expansion:

• Integrate with Prometheus/Grafana if you require modern, high-density performance graphs alongside Nagios's classic alerting.
• Consider Nagios XI 2026R1 if you eventually need web-based configuration wizards and advanced "Smart Dashboards."