Install Checkmk Raw Edition on CentOS 7

< All Topics

Steps to install checkmk Raw Edition on CentOS 7 on VMware ESXi 6.7 Host

Preparation of CentOS 7 Host

  • Add EPEL Repository
  • Install open-vm-tools
  • Disabled SELinux & Firewalld
  • Install NTPd & wget
  • Reboot Server
#Add Extra Packages for Enterprise Linux 7 (EPEL) Repository 
yum install epel-release -y

yum update

#Install open vm tools 
yum install -y open-vm-tools
ls /usr/bin/vmtoolsd 

#Disabled SELinux
vi /etc/sysconfig/selinux 

#Disable Firewalld
systemctl disable firewalld
#If Disable Firewalld is NOT an option
#Allow inbound HTTP & HTTPS 
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
#Reload Firewalld
firewall-cmd --reload

#Install NTP
yum install ntp -y
systemctl start ntpd
systemctl enable ntpd

#Install wget 
yum install wget -y

#Reboot the server

Install CheckMK RAW Edition

  • Download and Install CheckMK RAW 1.6.0p7
  • Verify OMD is installed properly
cd /tmp
#It will take sometime to download depending on the Bandwidth -131MB 

#Install - 770MB will all dependacy package required
yum install check-mk-raw-1.6.0p7-el7-38.x86_64.rpm

#Verify OMD is installed 
[[email protected] tmp]# omd version
OMD - Open Monitoring Distribution Version 1.6.0p7.cre

Update chechmk to latest version

Verify existing version installed

[[email protected] conf.d]# omd version
OMD - Open Monitoring Distribution Version 1.6.0p7.cre
[[email protected] conf.d]# omd sites
SITE             VERSION          COMMENTS
checkmk          1.6.0p7.cre      default version

Download and install the latest version (check_mk_raw-1.6.0p9)

[[email protected] tmp]# wget

[[email protected] tmp]# yum install check-mk-raw-1.6.0p9-el7-38.x86_64.rpm

[[email protected] tmp]# omd versions
1.6.0p9.cre (default)

Upgrade existing site to latest version

[[email protected] tmp]# omd sites
SITE             VERSION          COMMENTS
checkmk          1.6.0p7.cre
[[email protected] tmp]# su - checkmk
Last login: Thu Mar 12 15:12:15 +08 2020 on pts/0
OMD[checkmk]:~$ omd stop
OMD[checkmk]:~$ omd update
OMD[checkmk]:~$ omd version
OMD - Open Monitoring Distribution Version 1.6.0p9.cre

Create a Site for checkmk

Create a new site called checkmk (You can name it differently)

[[email protected] tmp]# omd create checkmk
Adding /opt/omd/sites/checkmk/tmp to /etc/fstab.
Creating temporary filesystem /omd/sites/checkmk/tmp...OK
Restarting Apache...OK
Created new site checkmk with version 1.6.0p7.cre.

  The site can be started with omd start checkmk.
  The default web UI is available at

  The admin user for the web applications is cmkadmin with password: K3vCkKSG
  (It can be changed with 'htpasswd -m ~/etc/htpasswd cmkadmin' as site user.
  Please do a su - checkmk for administration of this site.

Change default password for cmkadmin if required

[[email protected] tmp]# su - checkmk
OMD[checkmk]:~$ htpasswd -m ~/etc/htpasswd cmkadmin
New password:
Re-type new password:
Updating password for user cmkadmin

Start Checkmk Service

[[email protected] tmp]# omd start checkmk
Starting mkeventd...OK
Starting rrdcached...OK
Starting npcd...OK
Starting nagios...OK
Starting apache...OK
Initializing Crontab...OK

Login via with default admin : cmkadmin and password generated during "omd create checkmk"

Install Checkmk Raw Edition


Configure https access in Apache

Refer to the steps below to enable HTTPS Access

Install mod_ssl package for Apache

yum install mod_ssl
#Verify mod_ssl is loaded 
apachectl -M | grep ssl_module
	 ssl_module (shared)

Configure SSL Certificate

Let’s Encrypt wild card certificate is used

#Upload cert.cer & cert.key to CentOS 
scp cert.* [email protected]:/tmp
#Copy both SSL Cert to /etc/httpd/conf.d
cp /tmp/cert.* /etc/httpd/conf.d/
#Modify ssl.conf to point to the SSL Cert 
vi /etc/httpd/conf.d/ssl.conf 
	SSLCertificateFile /etc/httpd/conf.d/cert.cer
	SSLCertificateKeyFile /etc/httpd/conf.d/cert.key

Restart httpd service

systemctl restart httpd

You should be able to access now

Force Http to Https Redirect

Add the following to lines at the end of /etc/httpd/conf.d/welcome.conf

#Force HTTP to HTTPS Redirect
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]

Redirect Home Page

Add the following to lines at the end of /etc/httpd/conf.d/welcome.conf to redirect to

Redirect /

Restart httpd service to apply the changes

systemctl restart httpd

Integration with Active Directory

Allow AD Users who is member of CMK_Admin Group to login to checkmk

Create a new LDAP Connection with unique ID under WATO – Users – LDAP Connections – New Connection

it will sync with AD Domain Controller every 5 minutes

Select Active Directory and enter the IP Address of AD Domain Controller . Check Bind Credential and enter the Credential of Domain Administrator

Enter User Base DN with Search Filter to sync users who are member of CMK_Admin Group only.


Enable User-ID Attribute = samaccountname

Enter the DN for AD Group (CMK_Admin) with Search Filter and Member Attributes enabled


Click Save & Test to verify the connectivity with AD Domain Controller.

The members of CMK_Admin should displayed now. You can click Sync Users to force it to sync immediately


Assign Administrator Role to the LDAP User, and you can login with AD User now.

Email Notification

Install Sendmail SMTP Server for checkmk to send email notification

yum install epel-release
yum install sendmail sendmail-cf m4 -y

#Verify Sendmail is installed
rpm -qa | grep sendmail

Masquerade Sender Address In Sendmail

The email send from sendmail will have a default address of host.domain, like [email protected]

Steps to change the email address format to

Comment out the following MASQUERADE_XXXX in /etc/mail/

[[email protected] mail]# grep 'MASQUERADE' /etc/mail/
dnl # MASQUERADE_AS(`')dnl
dnl # MASQUERADE_DOMAIN(localhost)dnl
dnl # MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl # MASQUERADE_DOMAIN(mydomain.lan)dnl

Enable domaintable & Genericstable feature in /etc/mail/ by adding the following lines before MAILER(smtp)dnl

[[email protected]]# vi /etc/mail/

FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnl

Add the external email domain to /etc/mail/domaintable

[[email protected]]# vi /etc/mail/domaintable

# The "domain table" can be used to provide domain name mapping.
# Use of this should really be limited to your own domains.
# It may be useful if you change names (e.g., your company
# changes names from to

Add the external email domain to /etc/mail/generics-domains

[[email protected]]# vi /etc/mail/generics-domains

Map user email address in /etc/mail/genericstable

[[email protected] ~]# vi /etc/mail/genericstable
root [email protected]

Regenerate the and restart sendmail service

[[email protected] ~]# m4 /etc/mail/ > /etc/mail/
[[email protected] ~]# systemctl restart sendmail.service

The configuration file is generated automatically from a much shorter file called This file contains special macros that are processed by a program called m4. The m4 program reads the macros in the file and expands them to create the actual file.

Send a test email to [email protected] to verify the sender address is show as [email protected]

[[email protected] ~]# echo "Subject: sendmail test" | sendmail -v [email protected]

Relay via Smarthost

Add the line in /etc/mail/ to send email via

define(`RELAY_MAILER_ARGS',`TCP $h 25')dnl
define(`SMART_HOST', `')dnl

Restart Sendmail

[[email protected] ~]# m4 /etc/mail/ > /etc/mail/
[[email protected] ~]# systemctl restart sendmail.service

Verify email is send via now

# tail -n 100 /var/log/maillog
Nov 13 07:56:29 checkmk sendmail[15245]: 0ACNuTkD015245: [email protected],[email protected], [email protected] (998/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=67851, relay=[] [], dsn=2.0.0, stat=Sent (0ACNuTJn015246 Message accepted for delivery)
Nov 13 07:56:31 checkmk sendmail[15248]: STARTTLS=client,, version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Nov 13 07:56:32 checkmk sendmail[15248]: 0ACNuTJn015246: to=<[email protected]>,<[email protected]>, delay=00:00:03, xdelay=00:00:03, mailer=relay, pri=158172, [], dsn=2.0.0, stat=Sent (OK id=1kdMS8-RyuQ5p-6W)

Email Notification in CHECKMK

Assign Email Address to checkmk admin in WATO – CONFIGURATION – Users

Send a Test Email Notification to the email address configured for cmkadmin

Email Notification send from checkmk

Optional Changes

  1. Change the default theme to Modem (Dark) – Optional


Reference Links

Previous Install Checkmk Agent on Windows Server
Next Monitor HPE MSA Storage with CheckMK
Table of Contents