LEDE first run configuration guide

LEDE, formerly OpenWRT, is a free open source Linux based operating system aimed at networking hardware.
Every time the system is upgraded to a newer version using the so called “Sysupgrade BIN” image every package the user manually installed gets lost; this makes the upgrade process very tedious especially if one does not properly write down all the customization he has made.
I don’t use many custom packages but QoS, USB support and vnstat are a must have.

.:. QoS
Install “qos-script” and “luci-app-qos”

.:. USB support
Install “kmod-usb-storage”, “usbutils”, “block-mount”.
Mountpoints can be specified from Luci’s menu “System” -> “Mount Points”.

.:. vnStat
Install “luci-app-vnstat”.
vnStat temp files target path can be configured by editing the following file:

DatabaseDir "/mnt/usb/vnstat"

Zabbix and XMPP alerts

Zabbix should theoretically be able out of the box to send alerts via XMPP.
For some reason this functionality does not work as intended, luckily it is possible to specify a custom script to send alerts; combining the aforementioned script with the Perl library sendxmpp is the easiest solution to solve the issue.

$ yum install sendxmpp
echo “$3” | /usr/bin/sendxmpp -u <sender_user> -j <sender_domain> -p <sender_user_password> -s “$2” -i "$1" -t

Change file ownership and permissions accordingly

$ chown zabbix:zabbix /usr/lib/zabbix/alertscripts/sendxmpp.sh
$ chmod 755 /usr/lib/zabbix/alertscripts/sendxmpp.sh

Three more steps are needed, those can be performed directly inside Zabbix’s web GUI:
1. navigate “Adminstration” -> “Media Types”, create a new one with “Type” set to “script”, “Script” set to “sendxmpp.sh” and three parameters: {ALERT.SENDTO}, {ALERT.SUBJECT}, {ALERT.MESSAGE};

https://uwot.eu/blog/wp-content/uploads/2017/10/media_type.png

2. navigate “Configuration” -> “Actions”, click on “Report problems to Zabbix administrators” and add a “New condition” like for example: “Trigger severity”, “>=”, “Information”;

https://uwot.eu/blog/wp-content/uploads/2017/10/action.png

3. navigate “Configuration” -> “Users”, click on a username, navigate to the “Media” tab, add a new one and specify the receiver XMPP address.

https://uwot.eu/blog/wp-content/uploads/2017/10/user.png

You should now receive XMPP notifications.

Zabbix server on CentOS 7 and SELinux

Zabbix is an open source resource and network monitoring system, more info: zabbix.com.
The official wiki is missing some important bits regarding the installation of the tool on CentOS 7 systems.
First of all, let’s add Zabbix repository and then proceed to with the installation of Zabbix and some required dependecies:

$ rpm -ivh http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-1.el7.centos.noarch.rpm
$ yum install mariadb mariadb-server httpd zabbix-server-mysql zabbix-web-mysql setroubleshoot

.:. Configure MariaDB
Login to MariaDB shell, change root’s password, create a new database for Zabbix and add a new user:

$ systemctl start mariadb
$ mysql -u root -p

mariadb> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('password');
mariadb> create database zabbix character set utf8 collate utf8_bin;
mariadb> grant all privileges on zabbix.* to zabbix@localhost identified by '<password>';
mariadb> SET PASSWORD FOR 'zabbix'@'localhost' = PASSWORD('password');
mariadb> quit;

Import database schema and default data:

$ zcat /usr/share/doc/zabbix-server-mysql-3.4.3/create.sql.gz | mysql -uzabbix -p zabbix

.:. Configure Zabbix
Edit Zabbix’s configuration file:

DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=<password>

At least on CentOS release version 7.4.1708 the standard SELinux policies for Zabbix prevent zabbix-server from working properly.
The command “sealert -a /var/log/audit/audit.log” can be used to identify the issue and it also propose a method on how to solve it; in my case it was:

$ setsebool -P httpd_can_connect_zabbix on
$ ausearch -c 'zabbix_server' --raw | audit2allow -M my-zabbixserver
$ semodule -i my-zabbixserver.pp

Edit Apache’s configuration and set the correct timezone:/

php_value date.timezone Europe/Riga

Enable and start all the required services:

$ systemctl enable mariadb httpd zabbix-server
$ systemctl start httpd zabbix-server

In order to install the front end of Zabbix navigate to the URL “http://server_ip_or_name/zabbix” and follow the wizard.
.:. Sources
1. Server installation with MariaDB
2. Installing the frontend