Monday, March 23, 2026

Linux | Install and Configure Nagios Core on RHEL 10 / Rocky Linux 10

 Install and Configure Nagios Core on RHEL 10 / Rocky Linux 10

Nagios Core is a "battle-tested," open-source monitoring engine designed for high-reliability infrastructure tracking. This guide covers the source-installation of Version 4.5.11 (the latest stable release as of early 2026) on modern RHEL-based systems.

Key Highlights:

Functionality: Monitors hosts (servers, switches) and services (HTTP, SSH, SNMP) with a robust alerting system for failures and recoveries.

Architecture: Uses a lightweight, C-based core with a plugin-based model, making it highly extensible for custom monitoring needs.

Modern OS Support: Specifically tailored for RHEL 10, Rocky Linux 10, and AlmaLinux 10, addressing the latest security and compiler requirements.

Core Components: Includes the Apache-based web interface, essential Nagios Plugins, and email notification integration via SMTP.

Prerequisites

Before starting, make sure you have the following in place:
- A server running RHEL 10, Rocky Linux 10, or AlmaLinux 10 with at least 2 GB RAM
- Root or sudo access
- A working DNS name or static IP for the Nagios server
- Internet access to download source packages
- Ports 80 (HTTP) and 443 (HTTPS) open in the firewall
- An SMTP-capable mail setup for alert notifications (Postfix or external relay)

Switch to the root user for the rest of this guide:

sudo -i

Step 1. Install Nagios Core Dependencies

Nagios Core is compiled from source, so we need development tools plus libraries for the web interface and plugins. Install all required packages in one command:

dnf install -y gcc glibc glibc-common make gettext automake autoconf wget \
  openssl-devel net-snmp net-snmp-utils epel-release \
  perl-Net-SNMP postfix unzip httpd php php-fpm gd gd-devel \
  perl perl-devel

Enable and start Apache and PHP-FPM so the web interface is ready once Nagios is installed:

systemctl enable --now httpd php-fpm

Step 2. Create Nagios User and Group
Nagios runs under its own dedicated user. The nagcmd group allows the web interface to issue external commands (acknowledge alerts, schedule downtime, etc.):
useradd nagios
groupadd nagcmd
usermod -aG nagcmd nagios
usermod -aG nagcmd apache

Step 3. Download and Compile Nagios Core

Download the latest Nagios Core 4.5.11 source tarball and extract it:

cd /tmp
wget https://github.com/NagiosEnterprises/nagioscore/releases/download/nagios-4.5.11/nagios-4.5.11.tar.gz
tar xzf nagios-4.5.11.tar.gz
cd nagios-4.5.11

Run the configure script, specifying the command group we created earlier:

./configure --with-command-group=nagcmd

The configuration summary should show all checks passed. Now compile and install Nagios along with its init scripts, command mode, and sample configuration:

make all
make install
make install-init
make install-commandmode
make install-config

Install the Apache configuration file for the Nagios web interface:

make install-webconf

Step 4. Set Up the Nagios Web Interface Password

Create the nagiosadmin user for web interface authentication. Replace the password when prompted:

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

You will be prompted to enter and confirm a password. This is the login you use to access the Nagios dashboard.

Restart Apache to pick up the new Nagios configuration:

systemctl restart httpd

Step 5. Install Nagios Plugins

Nagios Core by itself has no monitoring capability – it relies on Nagios Plugins to perform the actual checks. Download and compile the latest plugins release (2.4.12):

cd /tmp
wget https://github.com/nagios-plugins/nagios-plugins/releases/download/release-2.4.12/nagios-plugins-2.4.12.tar.gz
tar xzf nagios-plugins-2.4.12.tar.gz
cd nagios-plugins-2.4.12

Configure and compile the plugins:

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install
After installation, the plugins are placed in /usr/local/nagios/libexec/. Verify they exist:

ls /usr/local/nagios/libexec/ | head -20

You should see a list of check plugins like check_pingcheck_httpcheck_disk, and many more.

Step 6. Configure Apache Web Interface for Nagios

The default configuration maps /nagios to the Nagios web directory and requires authentication. The key directives are:
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" 
<Directory "/usr/local/nagios/sbin">
   Options ExecCGI
   AllowOverride None
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user 
</Directory>
Alias /nagios "/usr/local/nagios/share" 
<Directory "/usr/local/nagios/share">
   Options None
   AllowOverride None
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

 If you need to change the web path or add SSL, edit this file. For now, the defaults work for initial setup. If SELinux is in enforcing mode, allow Apache to connect to the Nagios CGI scripts:

setsebool -P httpd_can_network_connect 1

Step 7. Configure Nagios Core (nagios.cfg)

The main Nagios configuration file is /usr/local/nagios/etc/nagios.cfg. The sample config installed earlier works out of the box, but there are a few settings worth reviewing. Open the file:

vi /usr/local/nagios/etc/nagios.cfg

Key settings to verify or adjust:

# Where object config files are loaded from
cfg_dir=/usr/local/nagios/etc/servers

# Log file location
log_file=/usr/local/nagios/var/nagios.log

# External commands (needed for web UI actions like ack/downtime)
check_external_commands=1

# How often Nagios checks for external commands (seconds)
command_check_interval=-1

# Admin email and pager for notifications
admin_email=admin@example.com
admin_pager=admin-pager@example.com
The cfg_dir line tells Nagios to load all .cfg files from the /usr/local/nagios/etc/servers/ directory. Create this directory now – we will add host definitions there:

mkdir -p /usr/local/nagios/etc/servers

Verify the configuration is valid before starting Nagios:

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

The output should end with “Things look okay” and zero errors. If you see warnings or errors, fix the referenced config files before proceeding.

Step 8. Add Hosts and Services to Monitor

Nagios monitors targets through host and service object definitions. Each remote host gets its own config file in /usr/local/nagios/etc/servers/. Here is an example for a web server at 10.0.1.50. Create the file:

vi /usr/local/nagios/etc/servers/webserver01.cfg

Add the following host and service definitions:

define host {
    use                     linux-server
    host_name               webserver01
    alias                   Web Server 01
    address                 10.0.1.50
    max_check_attempts      5
    check_period            24x7
    notification_interval   30
    notification_period     24x7
}

define service {
    use                     generic-service
    host_name               webserver01
    service_description     PING
    check_command           check_ping!100.0,20%!500.0,60%
}

define service {
    use                     generic-service
    host_name               webserver01
    service_description     HTTP
    check_command           check_http
}
define service {
    use                     generic-service
    host_name               webserver01
    service_description     SSH
    check_command           check_ssh
}

define service {
    use                     generic-service
    host_name               webserver01
    service_description     Disk Usage
    check_command           check_local_disk!20%!10%!/
}
This defines the host and four services: ping connectivity, HTTP response, SSH availability, and local disk usage. The check_ping thresholds mean warning at 100ms/20% loss and critical at 500ms/60% loss.
For monitoring remote Linux hosts with detailed checks (CPU, memory, disk), install NRPE on the target server. See our guide on adding remote hosts to Nagios for monitoring for the full NRPE setup.
After adding host files, validate the configuration again:

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Step 9. Configure Email Notifications

Nagios sends alert emails through the local mail system. Make sure Postfix is installed and running:

systemctl enable --now postfix

Nagios notification commands are defined in /usr/local/nagios/etc/objects/commands.cfg. The default commands use /usr/bin/mail to send host and service alerts. Open the contacts configuration:

vi /usr/local/nagios/etc/objects/contacts.cfg

Update the nagiosadmin contact with your real email address:
define contact {
    contact_name            nagiosadmin
    use                     generic-contact
    alias                   Nagios Admin
    email                   your-email@example.com
}

define contactgroup {
    contactgroup_name       admins
    alias                   Nagios Administrators
    members                 nagiosadmin
}
Replace your-email@example.com with the address where you want to receive alerts. You can add multiple contacts by creating additional define contact blocks and adding them to the admins group.
Test email delivery from the command line to confirm Postfix is working:

echo "Nagios test email" | mail -s "Nagios Alert Test" your-email@example.com

If you are using an external SMTP relay (Gmail, Amazon SES, etc.), configure Postfix as a relay host in /etc/postfix/main.cf instead of sending directly.

Step 10. Configure Firewall for Nagios

Open HTTP and HTTPS ports in firewalld so you can access the Nagios web interface:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Confirm the rules are active:

firewall-cmd --list-services

The output should include http and https in the list of allowed services. If you are running Nagios behind a reverse proxy or on a non-standard port, adjust accordingly.
If you also plan to use NRPE for remote host checks, open TCP port 5666 on the remote hosts (not the Nagios server).

Step 11. Start Nagios and Verify the Monitoring Dashboard

Enable and start the Nagios service:

systemctl enable --now nagios

Check that Nagios is running:

systemctl status nagios

The output should show active (running) with no errors. If the service fails to start, check /usr/local/nagios/var/nagios.log for details.
Open your browser and navigate to:

http://your-server-ip/nagios

Log in with the nagiosadmin credentials you created in Step 4. The dashboard shows the Tactical Overview with host and service status summaries. Click “Hosts” in the left menu to see monitored hosts, and “Services” for individual service checks.

Give Nagios a few minutes to run the initial round of checks. Hosts and services will transition from “PENDING” to their actual status (OK, WARNING, CRITICAL, or UNKNOWN).

Nagios Configuration Files Reference

Nagios has several configuration files spread across its installation directory. This table summarizes the key files you will work with:

File Path
/usr/local/nagios/etc/nagios.cfg
Purpose: Main configuration file – controls global settings, loaded config dirs, logging

/usr/local/nagios/etc/cgi.cfg
Purpose: Web interface CGI settings – controls who can view/modify what in the dashboard

/usr/local/nagios/etc/objects/commands.cfg
Purpose: Check and notification command definitions

/usr/local/nagios/etc/objects/contacts.cfg
Purpose: Contact and contact group definitions for notifications

/usr/local/nagios/etc/objects/timeperiods.cfg
Purpose: Time period definitions (24×7, work hours, etc.)

/usr/local/nagios/etc/objects/templates.cfg
Purpose: Host and service templates (linux-server, generic-service, etc.)

/usr/local/nagios/etc/servers/
Purpose: Directory for your custom host/service definitions

/usr/local/nagios/etc/htpasswd.users
Purpose: Web interface user authentication file

/etc/httpd/conf.d/nagios.conf
Purpose: Apache configuration for the Nagios web UI

/usr/local/nagios/var/nagios.log
Purpose: Main Nagios log file for troubleshooting

Closure:

Nagios Core 4.5.11 Finalization

Status: Nagios Core 4.5.11 is operational, providing a stable engine for monitoring hosts, services, and network devices with integrated email alerting.

Production Hardening:

- Security: Secure the web interface by adding TLS/SSL certificates (via Let's Encrypt) to Apache.

- Deep Monitoring: Deploy NRPE (Nagios Remote Plugin Executor) or NCPA 3.2.3 on remote servers (like your Canada SIP node) to monitor local metrics like disk usage and specific process health.

- Efficiency: Configure Escalation Policies to ensure critical alerts are rerouted to senior admins if not acknowledged within a set timeframe.

Future Expansion:

- Integrate with Prometheus/Grafana if you require modern, high-density performance graphs alongside Nagios's classic alerting.

- Consider Nagios XI 2026R1 if you eventually need web-based configuration wizards and advanced "Smart Dashboards."

By -
Labels: