IT Stuff and Security Notes: NConf 1.3.0 Install on Ubuntu 22.04.5 LTS

This is how I got NConf working on my Nagios server. Components:

Ubuntu 22.04.5 LTS Server (minimized install)
Nagios 4
NConf 1.3.0
Full package list at the bottom.
It'll setup Apache for HTTPS with auto re-write from 80 to 443
Also it will turn on your firewall with prior rules allowing SSH/HTTP/HTTPS

Make a backup of your Nagios server if you've already got one setup.

Do a backup.

Perform the backup.

Backup the server!

None of this should break anything but you're introducing OLD CODE with possible SECURITY FLAWS. If you decide you don't want that risk, you can revert to your backup.

That said, put your dang Nagios server behind a firewall/etc if you're going to do this. Don't come complaining to me that you go hacked because you followed this and put your Nagios server directly onto the internet with a public IP.

Also a side note. Apparently you can automatically transfer the config to your Nagios server via SCP or you could even do a SMB mount I suppose. From a security perspective, you could give NConf it's own server in a locked down environment, then the only thing it can do is send those configs over to Nagios for use. That's a whole different discussion though.

Ok, moving on...

This is a bash script tested on a fresh install of Ubuntu Server Minimized. Nothing special. Nothing extra installed. etc etc etc.

##########################################

#!/bin/bash
set -e
clear
echo "=== Installing NConf on Ubuntu 22.04 ==="

# === SECURITY WARNING ===
echo -e "\033[1;31mWARNING:\033[0m NConf is old, unmaintained software."
echo -e "\033[1;31mIt may contain security vulnerabilities and should NOT be exposed to the internet.\033[0m"
echo -e "\033[1;31mUse this only in a secured, isolated environment for legacy Nagios configurations.\033[0m"
echo

read -p "Do you still want to continue the installation? (y/N): " confirm
if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
    echo -e "\033[1;33mInstallation aborted by user.\033[0m"
    exit 1
fi

echo ""
read -rp "Enter NConf database username: " NCONF_DB_USER
read -srp "Enter password for user '$NCONF_DB_USER': " NCONF_DB_PASS
echo ""
read -rp "Enter WebUI username (ex: admin): " NCONF_UI_USER
read -srp "Enter WebWI password: " NCONF_UI_PASS
echo ""


# --- Function to check and install a dependency ---
check_install() {
    pkg=$1
    if ! dpkg -s "$pkg" &>/dev/null; then
        echo "Installing missing dependency: $pkg"
        sudo apt install -y "$pkg"
    else
        echo "Dependency already installed: $pkg"
    fi
}

# --- Update and ensure dependencies ---
sudo apt update -y

for pkg in software-properties-common curl ufw unzip wget apache2 mariadb-server mariadb-client; do
    check_install "$pkg"
done

# PHP 5.6 modules
sudo add-apt-repository ppa:ondrej/php -y
sudo apt update -y
for pkg in php5.6 php5.6-cli php5.6-mysql php5.6-ldap php5.6-gd php5.6-xml php5.6-mbstring libapache2-mod-php5.6; do
    check_install "$pkg"
done

# --- Start services ---
sudo systemctl enable --now mariadb apache2

# --- MariaDB setup ---
sudo mysql_secure_installation

sudo mysql -u root <<EOF
CREATE DATABASE IF NOT EXISTS nconf CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON nconf.* TO '${NCONF_DB_USER}'@'localhost' IDENTIFIED BY '${NCONF_DB_PASS}';
FLUSH PRIVILEGES;
EOF

# --- Fetch and verify NConf ---
cd /var/www/html
NCONF_TGZ="nconf-1.3.0-0.tgz"
NCONF_URL="https://sourceforge.net/projects/nconf/files/nconf/1.3.0-0/$NCONF_TGZ"

echo "Downloading NConf..."
wget -q --show-progress -O "$NCONF_TGZ" "$NCONF_URL" || { echo "ERROR: Download failed!"; exit 1; }

if [[ ! -f "$NCONF_TGZ" ]]; then
    echo "ERROR: NConf tarball not found after download!"
    exit 1
fi

echo "Extracting NConf..."
tar -xf "$NCONF_TGZ" || { echo "ERROR: Extraction failed!"; exit 1; }

if [[ ! -d "nconf" ]]; then
    echo "ERROR: Extraction did not create expected 'nconf' directory!"
    exit 1
fi

sudo chown -R www-data:www-data /var/www/html/nconf
sudo mkdir -p /var/www/html/nconf/cfg_files
sudo chmod -R 775 /var/www/html/nconf/{config,output,static_cfg,temp,cfg_files}

echo "NConf successfully downloaded and extracted."

# --- Apache config ---
sudo tee /etc/apache2/sites-available/nconf.conf > /dev/null <<'APACHECONF'
<VirtualHost *:80>
    ServerName nconf.local
    Redirect / https://nconf.local/
</VirtualHost>

<VirtualHost *:443>
    ServerName nconf.local
    DocumentRoot /var/www/html/nconf
    <Directory /var/www/html/nconf>
        AllowOverride All
        Options Indexes FollowSymLinks
        Require all granted
        AuthType Basic
        AuthName "NConf Access"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Directory>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/nconf-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/nconf-selfsigned.key
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
    ErrorLog ${APACHE_LOG_DIR}/nconf-error.log
    CustomLog ${APACHE_LOG_DIR}/nconf-access.log combined
</VirtualHost>
APACHECONF

# --- SSL + htpasswd ---
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/ssl/private/nconf-selfsigned.key \
  -out /etc/ssl/certs/nconf-selfsigned.crt \
  -subj "/C=US/ST=State/L=City/O=Org/OU=IT/CN=nconf.local"

sudo htpasswd -b -c /etc/apache2/.htpasswd $NCONF_UI_USER $NCONF_UI_PASS

# --- Perl fix for ExportNagios.pm ---
sudo sed -i.bak 's/%{\$srv->\[2\]}/\${\$srv->[2]}/g' /var/www/html/nconf/bin/lib/NConf/ExportNagios.pm

# --- Update PHP configuration dynamically ---
PHP_VER=$(ls /etc/php | grep -Eo '^[0-9]+\.[0-9]+' | sort -r | head -1)
sudo sed -i 's/^short_open_tag.*/short_open_tag = On/; s/^register_globals.*/register_globals = Off/; s/^magic_quotes_gpc.*/magic_quotes_gpc = Off/' /etc/php/$PHP_VER/apache2/php.ini

# --- Enable Apache modules and restart ---
sudo a2enmod rewrite ssl headers
sudo a2ensite nconf.conf
sudo systemctl restart apache2

# --- Firewall setup ---
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw --force enable

# --- Import NConf schema ---
mysql -u "$NCONF_DB_USER" -p"$NCONF_DB_PASS" nconf < /var/www/html/nconf/INSTALL/create_database.sql

# --- PHP autoload fix ---
sudo tee /var/www/html/nconf/include/includeAllClasses.php > /dev/null <<'EOF'
<?php
spl_autoload_register(function ($class_name) {
    $class_path = NCONFDIR.'/include/classes/class.'.$class_name.'.php';
    if (!empty($class_name) && file_exists($class_path)) {
        require_once($class_path);
        NConf_DEBUG::set("class $class_name", 'DEBUG', 'Autoload');
    }
});
?>
EOF

sudo perl -pi.bak -e 's/foreach my \$def_srv_deps_param \(keys\(\$\{\$srv->\[2\]\}\)\)/foreach my \$def_srv_deps_param (keys(%{$srv->[2]}))/; s/unless\(\$def_srv_deps_param && \${\$srv->\[2\]}->\{\$def_srv_deps_param\}\)/unless($def_srv_deps_param && $srv->[2]->{$def_srv_deps_param})/; s/\$fval\s*=\s*\${\$srv->\[2\]}->\{\$def_srv_deps_param\}/\$fval = $srv->[2]->{$def_srv_deps_param}/' /var/www/html/nconf/bin/lib/NConf/ExportNagios.pm

sudo rm -rf /var/www/html/nconf/temp/* && \
sudo mkdir -p /var/www/html/nconf/temp/test /var/www/html/nconf/temp/Default_collector && \
sudo chown -R www-data:www-data /var/www/html/nconf/temp && \
sudo chmod -R 775 /var/www/html/nconf/temp



DEPLOY_FILE="/var/www/html/nconf/config/deployment.ini"

# Backup existing file if it exists
[ -f "$DEPLOY_FILE" ] && sudo cp "$DEPLOY_FILE" "${DEPLOY_FILE}.old"

# Write the new deployment.ini
sudo tee "$DEPLOY_FILE" > /dev/null <<'EOF'
[extract config]
type        = local
source_file = "/var/www/html/nconf/output/NagiosConfig.tgz"
target_file = "/var/www/html/nconf/cfg_files/"
action      = extract
EOF



# --- Verification ---
echo -e "\n=== Verifying NConf setup ==="

echo -e "\n--- Checking MariaDB ---"
sudo systemctl is-active --quiet mariadb && echo "MariaDB is running ✔" || echo "MariaDB not running ❌"

echo -e "\n--- Testing NConf database access ---"
mysql -u "$NCONF_DB_USER" -p"$NCONF_DB_PASS" -e "SHOW TABLES;" nconf >/dev/null && echo "NConf DB accessible ✔" || echo "NConf DB access failed ❌"

echo -e "\n--- Checking Apache ---"
sudo systemctl is-active --quiet apache2 && echo "Apache is running ✔" || echo "Apache not running ❌"

echo -e "\n--- Checking PHP ---"
php -v | head -n 1

echo -e "\n--- Testing NConf web ---"
curl -skI https://localhost/nconf/ | grep -q "200\|302" && echo "NConf web responds ✔" || echo "NConf not responding ❌"

echo -e "\n--- Checking permissions ---"
for dir in config output static_cfg temp; do
  test -w /var/www/html/nconf/$dir && echo "$dir writable ✔" || echo "$dir not writable ❌"
done

echo -e "\n=== Installation complete ==="
echo -e "\nAccess NConf at: https://<server-ip>/nconf/"
echo "DBNAME = nconf"
echo "DBUSER = $NCONF_DB_USER"
echo "DBPASS = $NCONF_DB_PASS"
echo -e "\nRemember to set your Nagios binary path inside the NConf web GUI."
echo -e "\nAlso you'll need to set your nagios.cfg to point to /var/www/html/nconf/cfg_files/"

##########################################

A couple things:

1. At the end of the web ui config, you'll get "copy config file (deployment.ini) FAILED".  That's ok.  The script did it for us.

2. After config, permissions will need set for config output per our config:
chown www-data:www-data /var/www/html/nconf/cfg_files/

3. When you go to 'Generate Nagios config', you'll probably get:
Error: Cannot open main configuration file '/var/www/html/nconf/temp/test/Default_collector.cfg' for reading!
- To fix this, edit the config file as shown:
nano +1273 /var/www/html/nconf/bin/lib/NConf/ExportNagios.pm

foreach my $def_srv_deps_param (keys(%{$srv->[2]})){
# OLD --> foreach my $def_srv_deps_param (keys(${$srv->[2]})){
unless($def_srv_deps_param && $srv->[2]->{$def_srv_deps_param}) { next }
# OLD --> unless($def_srv_deps_param && ${$srv->[2]}->{$def_srv_deps_param}){next}
$fattr = $def_srv_deps_param;
# OLD --> $fval = ${$srv->[2]}->{$def_srv_deps_param};
$fval = $srv->[2]->{$def_srv_deps_param};

##########################################

Package	Version	Ubuntu/Source
apache2	2.4.52-1	ubuntu4.16
apache2-bin	2.4.52-1	ubuntu4.16
apache2-data	2.4.52-1	ubuntu4.16
apache2-utils	2.4.52-1	ubuntu4.16
curl	7.81.0-1	ubuntu1.21
libapache2-mod-php5.6	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
libcurl3-gnutls	7.81.0-1	ubuntu1.21
libcurl4	7.81.0-1	ubuntu1.21
libxmlsec1-openssl	1.2.33-1build2
mariadb-client	1:10.6.22-0	ubuntu0.22.04.1
mariadb-client-10.6	1:10.6.22-0	ubuntu0.22.04.1
mariadb-client-core-10.6	1:10.6.22-0	ubuntu0.22.04.1
mariadb-server	1:10.6.22-0	ubuntu0.22.04.1
mariadb-server-10.6	1:10.6.22-0	ubuntu0.22.04.1
mariadb-server-core-10.6	1:10.6.22-0	ubuntu0.22.04.1
needrestart	3.5-5	ubuntu2.4
openssl	3.0.2-0	ubuntu1.20
php5.6	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
php5.6-cli	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
php5.6-common	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
php5.6-gd	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
php5.6-json	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
php5.6-ldap	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
php5.6-mbstring	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
php5.6-mysql	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
php5.6-opcache	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
php5.6-readline	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
php5.6-xml	5.6.40-86+	ubuntu22.04.1+deb.sury.org+1
python3-openssl	21.0.0-1
software-properties-common	0.99.22.9
tar	1.34+dfsg-1	ubuntu0.1.22.04.2
ufw	0.36.1-4	ubuntu0.1
unzip	6.0-26	ubuntu3.2
wget	1.21.2-2	ubuntu1.1

IT Stuff and Security Notes

Tuesday, November 4, 2025

NConf 1.3.0 Install on Ubuntu 22.04.5 LTS

No comments: