How to install SIM (System Integrity Monitor)
Hello,
In this guide, we will go over how to install the System Integrity Monitor (SIM).
First, login to the root shell account of your server. Next, run these commands:
wget http://www.rfxn.com/downloads/sim-current.tar.gz
tar -xzf sim-current.tar.gz; rm -f sim-current.tar.gz
cd sim-*
sh ./install.sh -i
You will see something like this:
SIM 2.5-4
Press return, to view the GPL lisencing for SIM 2.5-4.
Next, press enter to view the GPL License. Press enter to scroll down, and when you
are done looking, press 'Q'.
This will repeat for the README. Press enter to scroll down, and when you are
finished, press 'Q'.
After that, you will see something like this:
SIM 2.5-4 installation completed, related notes:
Executable: /usr/local/sim/sim
Executable symlink: /usr/local/sbin/sim
Config file: /usr/local/sim/conf.sim
Autoconf script: /usr/local/sim/autoconf
Autoconf symlink: /usr/local/sbin/sim-autoconf
Cronjob setup: /usr/local/sim/sim -j
SIM is actually installed at this point, but we still need to configure it. The
install script comes with a nice configuration script too,
so we just have to answer some questions. Press return to start the configure script.
You will see this:
SIM 2.5-4 Auto-Config Script
All questions default to value in brackets if no answer is given. If you
make a typo during the autoconf process, hit CTRL C (^C) to abort and
rerun the autoconf script (/usr/local/sim/autoconf).
The below are general configuration options for SIM:
press return to continue...
Press return when you are ready.
The first question, "Where is SIM installed ?" can be left as default, because that
is where the install script installs SIM.
Just press enter a single time.
The next question asks where you would like the log file to be created. You can
select wherever you wish, but we recommend leaving it
as default, or placing it with the rest of your system logs in a location such as
/var/log/sim.log. It is up to you. Press enter when you
have chosen a location.
Next it asks how large you would like your log file to get before it gets rotated.
The default size is 128kb. It is safe to leave it at whatever
size you would like, but just keep in mind the larger the log is the harder it will
be to find something, but the smaller the log file
the more log files you will have overall. Press enter when you have chosen a log size.
The next step should be automatic unless you have a custom location for your kernel
log. If you see a message like this:
What is the location of your kernel log ?
Found kernel log at /var/log/messages
Then you are fine, it was able to autodetect your kernel log without error. If you
do not see this, then you will have to enter the
location of your kernel log manually, and press enter when complete.
Next is the address email alerts should be sent to. You can enter a local username,
if you would like, or any email address. Press enter
when you have selected your desired address.
Next you will select how many alerts to send before disabling the email alerts to
prevent flooding. We recommend setting this as high
as you feel comfortable with, as missing alerts can be bad.
After that, you will see this:
The below are configuration options for Service modules:
press return to continue...
Press enter when you are ready. We are going to configure what SIM monitors and how.
First, you will select whether or not you want SIM to attempt to auto-restart failed
services. If you choose to disable this, you will need to start
the services manually. Enter true to enable this, or false to disable.
Next, we can select whether or not to use laxed service checking. It is usually a
good idea to leave this at true, otherwise SIM is known to have some false
reports of service failure. Press enter when you have made your choice.
Next, we are selecting how many times the auto-restart will try before it gives up.
Leaving this at a number around 8-10 is what we recommend. This gives
SIM enough changes while preventing it from going off the deep end restarting
services forever. Once you make your choice, press enter.
Next up is choosing what you want to monitor. For each item, you can type true to
enable monitoring, or false to disable it.
First up is the FTP daemon. If you choose to monitor FTP, you will see something
similar to:
Name of the FTP service as appears in 'ps' ?
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
Found service name as proftpd
TCP/IP port that FTP operates on ?
This is normal, but now we have to enter the port that your FTP server runs on. 9
times out of 10 you can leave the FTP port at 21. The only reason this
should change is if you use a custom FTP port. If you do, enter it in. Press enter
when you are ready. Next you have to input the location of the FTP service
init script. If you are using proftpd, pure-ftpd, or other common FTP service daemons, it will
be able to locate it automatically. Please make sure that it locates the correct service daemon that you have emplyoed.
If it does not, you will need to enter it in yourself. Press enter when done.
Next is HTTP monitoring. If you choose to monitor this service, enter true and press
enter. Next you have to input the location of the HTTP service init
script. If you are using Apache or other common HTTP service daemons, it will be
able to locate it automatically. If it does not, you will need to enter it
in yourself. Press enter when done.
Next is DNS monitoring. If you choose to monitor this service, enter true and press
enter. Next you have to select the port that your DNS service is running
on. Unless you have specially configured your DNS server to a custom port, it will
automatically detect this. Otherwise, you will need to enter the port and
press enter when ready. Next you have to input the location of the DNS service init
script. If you are using nameD or other common DNS service daemons, it
will be able to locate it automatically. If it does not, you will need to enter it
in yourself. Press enter when done.
Next is SSH monitoring. If you choose to monitor this service, enter true and press
enter. Next you have to select the port that your SSH service is running
on. Unless you have specially configured your SSH server to a custom port, it will
automatically detect this. Otherwise, you will need to enter the port and
press enter when ready. Next you have to input the location of the SSH service init
script. It will try to locate it automatically. If it does not, you will
need to enter it in yourself. Press enter when done.
Next is mySQL monitoring. If you choose to monitor this service, enter true and
press enter. Next you have to select the port that your mySQL service is
running on. Unless you have specially configured your mySQL server to a custom port,
it will automatically detect this. Otherwise, you will need to enter the
port and press enter when ready.
Next you have to input the location of the mySQL service init script. It will try to
locate it automatically. If it does not, you will need to enter it in
yourself. Press enter when done.
Next is SMTP monitoring. If you choose to monitor this service, enter true and press
enter. Next you have to select the port that your SMTP service is
running on. Unless you have specifally configured SMTP to run on a special port,
enter 25 and press enter. Next you have to input the location of the SMTP
service init script. It will try to locate it automatically. If it does not, you
will need to enter it in yourself. Press enter when done.
Next is XINET monitoring. If you choose to monitor this service, enter true and
press enter. It should automatically detect xinetd as the service name.
If it does not, you will need to manually enter the name of the service. Next you
have to select the port that your XINET service is running on. Unless you
have specifally configured XINET to run on a special port, enter 110 and press
enter. Next you have to input the location of the XINET service init script.
It will try to locate it automatically. If it does not, you will need to enter it in
yourself. Press enter when done.
Next is ENSIM monitoring. If you choose to monitor this service, enter true and
press enter. Next you have to select the port that your ENSIM
service is running on. Unless you have specifally configured ENSIM to run on a
special port, enter 19638 and press enter. Next you have to input the location
of the ENSIM service init script. It will try to locate it automatically. If it does
not, you will need to enter it in yourself. Press enter when done.
.
Next is postgreSQL If you choose to monitor this service, enter true and press
enter. Next you have to input the location of the PGSQL service init script.
It will try to locate it automatically. If it does not, you will need to enter it
in yourself. Press enter when done.
After that, you should see something similar to this:
The below are configuration options for System modules:
press return to continue...
Press enter when you are ready.
It will ask you if you want monitor the network. Unless you have two network devices
and two network connections to different networks, there is
no purpose to enable this. If the network goes down, it will be unable to send you
an email alert in the first place. If you need to monitor the network
availability of your server, we recommend using a monitor that runs from outside the
server's network.
Next is the load monitor. If you wish to monitor your system's load, type in true
and hit enter. Next you will select the warning threshold. The default is
25, which is actually pretty high. We recommend setting the limit to 10 or 15
instead, but it is up to you. Enter in the load limit, and press enter. Next
you must select the load "critical" limit. The default is 45, which is also very
high. we recommend 25 or 30.
If you would like a message sent to all current shell users on your server when the
load reaches the warning or critical levels, type in true and hit enter.
SIM gives you the option to renice (set different CPU priority) services if the load
gets too high. You can disable it (false), have it set to critical
(crit), or warning (warn). enter your choice and press return.
SIM also gives you the option to halt services when the load reaches the warning or
critical levels. You can disable it (false), have it set to critical
(crit),or warning (warn). enter your choice and press return.
lastly is the option to reboot the system when the load reaches the warning or
critical levels. We do not recommend this. This can cause the server to reboot
at strange and unexpected moments, which can corrupt hard drives and break other
things. You can disable it (false), have it set to critical (crit), or
warning (warn). enter your choice and press return.
After that, you should see something like this:
Configuration completed, saving conf.sim...
Done, conf.sim saved to /usr/local/sim.
and you are done! congrats!