Listen on Privileged Ports with Nagios Log Servers - How to set it up








Are you trying to set up listen on privileged Ports with Nagios Log Server? 

This guide will help you.


On transport protocols such as TCP, UDP, and SCTP, ports 1-1023 are by default privileged ports. To bind to a privileged port, a process must be running with root permissions. 

Ports that are greater than 1023 are by default non-privileged.

Configuring the Nagios log server to listen to these ports will be useful if we have legacy devices that can only send on specific ports.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to configure their Nagios log server to listen to privileged ports.


How to Listen on Privileged Ports with Nagios ?

Ports below 1024 are privileged on Linux and only the root user can listen on them.

Following are the two ways in which we can configure this :

1. Run Logstash as root

2. Use setcap


1. Run Logstash as root

This method configures logstash to run as the root user.

We can edit the logstash config file by executing the following command:


RHEL|CentOS|Oracle Linux

# vi /etc/sysconfig/logstash

Debian|Ubuntu

# vi /etc/default/logstash

or

$ sudo vi /etc/default/logstash

After that, find the following line:

LS_USER=nagios

And change it  to:

LS_USER=root


After that, save and close the file.

Finally, we can restart Logstash Service.


2. Use setcap

This option will preserve logstash running as the nagios user. However, this method will be less secure in some environments as it will allow any Java process to listen on privileged ports.

We have to add the following three lines at the bottom of  logstash init configuration file.

First, we have to open the file with the following command:


RHEL|CentOS|Oracle Linux

# vi /etc/sysconfig/logstash

Debian|Ubuntu

# vi /etc/default/logstash

OR

$ sudo /etc/default/logstash

After opening, we have to add the following three lines to the end of the file:

# echo $(dirname $(find /usr/lib -name libjli.so)) | awk ‘{print $1}’> /etc/ld.so.conf.d/java.conf
# eval “$(which ldconfig)”
# setcap ‘cap_net_bind_service=+ep’ $(readlink -f $(which java))

Then save and close the file.

Finally, restart Logstash service with the following commands:


RHEL 7+|CentOS 7+|CentOS Stream|Oracle Linux 7+|Debian|Ubuntu 16/18/20

# systemctl restart logstash.service

or

$ sudo systemctl restart lagstash.service


How to Add Inputs for the Ports Configuration on Nagios?

After implementing the chosen method, we can add inputs to the configuration for ports below 1024.

We can use the following steps to add

1. First, click the Add Input drop-down list and select Custom.

2. And type a unique name for the input.

3. After that, in the text field, we will need to define the input configuration in the following way:

file {
type => “testing”
path => “/tmp/test.log”
}

4. Once we have finished, click the Save button.

5. Then click the Apply button followed by ‘Yes’ in the dialogue box.


Any ports lower than 1024 will not be listed in the "Logstash is currently collecting" banner on the Admin Overview page because the process listing the ports is not privileged and thus can not see any ports lower than 1024.


[Need urgent Assistance in fixing missing Packages on Ubuntu Server? We are happy to help you! ]



Conclusion

This article covers how to configure Nagios Log Servers to listen on privileged ports. Now Nagios Log Server Administrators who would like configure Nagios Log Server to listen on ports below 1024 which are privileged in Linux. This can be useful if you have legacy devices that can only send on specific ports (e.g. syslog on port 514).

Ports below 1024 are privileged on Linux and only allow the root user to listen on them. 

This can be implemented via two solutions:

1. Run Logstash as root

2. Use setcap


To use Use setcap for Listening On Privileged Ports:

Here, you can use the logstash running as the nagios user but this method may be less secure in some environments as it will allow any Java process to listen on privileged ports.

i. The logstash init configuration file requires three lines to be added to the end of it, open the file with the following command:

On Debian | Ubuntu:

$ vi /etc/default/logstash

or

$ sudo /etc/default/logstash

2. Then, Add the following three lines to the end of the file:

echo $(dirname $(find /usr/lib -name libjli.so)) | awk '{print $1}'> /etc/ld.so.conf.d/java.conf

eval "$(which ldconfig)"

setcap 'cap_net_bind_service=+ep' $(readlink -f $(which java))

3. Save the file and close vi.

4. Restart Logstash Service

The logstash service needs to be restarted for these changes to apply:

$ sudo systemctl restart lagstash.service


For Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on LinuxAPT.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com