Skip to content

Commit 21981b3

Browse files
docs: fix SQL syntax error, stale version references, and prose errors (#222)
Refs #222 Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
1 parent ed4c330 commit 21981b3

8 files changed

Lines changed: 66 additions & 76 deletions

Boost.md

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,11 @@
22

33
## Summary
44

5-
Cacti Performance Settings, formally known as `boost` are available to support
5+
Cacti Performance Settings, formerly known as `boost` are available to support
66
very large Cacti installations, and are required for supporting the multiple
77
**Data Collector** architecture that Cacti affords.
88

9-
Designed years ago, Boosts intent was to reduce the the main data collectors
9+
Designed years ago, Boost's intent was to reduce the main data collector's
1010
cycle time by caching writes to disk, and those writes would be handled by an
1111
out of band process currently known as `poller_boost.php`.
1212

@@ -61,7 +61,7 @@ important. That will be explained in more detail later on in this chapter.
6161
## Checking how your system is configured
6262

6363
To see how your system is configured, you can goto
64-
`Console > Utilityes > System Utilities > View Boost Status` option, when you go
64+
`Console > Utilities > System Utilities > View Boost Status` option, when you go
6565
there, you will see an image similar to that below.
6666

6767
![Boost Status Screen](images/boost-status1.png)
@@ -119,17 +119,17 @@ column, even though the column type is `varchar()`. By default it's
119119
`varchar(512)`. Therefore, if your system only needs 50 bytes, you will have 90%
120120
waste in your `poller_output_boost` table.
121121

122-
The next step would me to modify the structure of your `poller_output` and
122+
The next step would be to modify the structure of your `poller_output` and
123123
`poller_output_boost` tables. You would do this by doing the following:
124124

125125
```sql
126-
ALTER TABLE poller_output,
127-
MODIFY column output varchar(50) NOT NULL default ""
128-
ENGINE=memory;
126+
ALTER TABLE poller_output
127+
MODIFY COLUMN output varchar(50) NOT NULL DEFAULT '',
128+
ENGINE=MEMORY;
129129

130-
ALTER TABLE poller_output_boost,
131-
MODIFY column output varchar(50) NOT NULL default ""
132-
ENGINE=memory;
130+
ALTER TABLE poller_output_boost
131+
MODIFY COLUMN output varchar(50) NOT NULL DEFAULT '',
132+
ENGINE=MEMORY;
133133
```
134134

135135
As previously mentioned, its also important that the `poller_output` table is
@@ -174,7 +174,7 @@ max_heap_table_size=132M
174174
```
175175

176176
Then, save the file, and restart MySQL. Once this is done, you are ready to
177-
enable Boost as described above.
177+
"enable" Boost as described above.
178178

179179
## Flushing the Boost Cache
180180

Cacti-SSL-Configuration.md

Lines changed: 16 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,22 @@
1-
# Configuring and enabling SSL for Cacti with a self signed certificate
1+
# Configuring and enabling SSL for Cacti with a self-signed certificate
22

3-
Enabling SSL for Cacti is mostly done at the webserver level. An example SSL
4-
config for HTTP is as follows:
3+
Enabling SSL for Cacti is done at the web server level. An example HTTPS
4+
configuration for Apache is as follows:
55

66
```bash
7-
yum install -y mod_ssl -y
8-
openssl genrsa -out ca.key 2048
7+
yum install -y mod_ssl
8+
openssl genrsa -out ca.key 4096
99
openssl req -new -key ca.key -out ca.csr
1010
openssl x509 -req -days 700 -in ca.csr -signkey ca.key -out ca.crt
1111
cp ca.crt /etc/pki/tls/certs
1212
cp ca.key /etc/pki/tls/private/ca.key
1313
cp ca.csr /etc/pki/tls/private/ca.csr
14-
1514
```
1615

16+
> **Note on key size**: A 4096-bit RSA key is used above. NIST SP 800-57
17+
> recommends a minimum of 3072 bits for RSA keys through 2030. 2048-bit keys
18+
> are below that threshold and should not be used for new certificates.
19+
1720
Then we need to update the Apache SSL configuration file:
1821

1922
```ini
@@ -28,16 +31,17 @@ Restart the httpd service:
2831
systemctl restart httpd
2932
```
3033

31-
After configuring the web server to accept https, you can enable https in the
32-
GUI
33-
34-
---
34+
After configuring the web server to accept HTTPS, you can enable HTTPS in the
35+
GUI.
3536

36-
**Note**: if using multiple pollers, all must have HTTPS enabled for the remote polling feature to work properly.
37+
> **Note for public-facing servers**: Instead of a self-signed certificate,
38+
> use a certificate from a trusted CA. [Certbot](https://certbot.eff.org/)
39+
> from Let's Encrypt provides free, automatically-renewed certificates and
40+
> is the recommended approach for any internet-accessible Cacti instance.
3741
3842
---
3943

40-
**Note**: If your Cacti system is public, it is recommended to get a certificate from a trusted certificate provider.
44+
**Note**: if using multiple pollers, all must have HTTPS enabled for the remote polling feature to work properly.
4145

4246
---
4347

Contributing-Translations.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ Cacti will need these files name in hyphenated format, so: `fr_FR.po`, becomes
8080

8181
## Considerations
8282

83-
As Cacti is GPL2.0+, you acknowledge, by sigining up to the Cacti Weblate site,
83+
As Cacti is GPL2.0+, you acknowledge, by signing up to the Cacti Weblate site,
8484
that your contributions will be GPL2.0+ as well.
8585

8686
---

Debugging.md

Lines changed: 1 addition & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -186,29 +186,6 @@ Last resort would be to check, that the correct data sources are used. Go to
186186
the RRDfile and data source to be used. You may check, that all of them are as
187187
wanted.
188188

189-
## Miscellaneous
190-
191-
Up to current cacti 0.8.6h, table `poller_output` may increase beyond reasonable
192-
size.
193-
194-
This is commonly due to php.ini's memory settings of 8MB default. Change this to
195-
at least 64 MB.
196-
197-
To check this, run the following SQL from MySQL CLI (or phpMyAdmin or the like)
198-
199-
```sql
200-
select count(*) from poller_output;
201-
```
202-
203-
If the result is huge, you may get rid of those stuff by
204-
205-
```sql
206-
truncate table poller_output;
207-
```
208-
209-
As of current SVN code for upcoming cacti 0.9, I saw measures were taken on both
210-
issues (memory size, truncating poller_output).
211-
212189
## RPM Installation
213190

214191
Most rpm installations will setup the crontab entry now. If you've followed the
@@ -248,7 +225,7 @@ shell> crontab -e -u cactiuser
248225

249226
Pay attention to custom scripts. It is required, that external commands called
250227
from there are in the `$PATH` of the cactiuser running the poller. It is
251-
therefor recommended to provide `/full/path/to/external/command`
228+
therefore recommended to provide `/full/path/to/external/command`
252229

253230
User "criggie" reported an issue with running smartctl. It was complaining "you
254231
are not root" so a quick `chmod +s` on the script fixed that problem.

Principles-of-Operation.md

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Principles of Operation
22

3-
To understand Cacti's principal of operation, you have to start
3+
To understand Cacti's principles of operation, you have to start
44
at the top and work down. Cacti's operational model is
55
divided into multiple layers. They include
66

@@ -15,34 +15,34 @@ divided into multiple layers. They include
1515

1616
Cacti **Devices** are either physical hosts, sensors, clusters,
1717
services, or any type of object with a name and that can
18-
provide information about it self that should go into a
18+
provide information about itself that should go into a
1919
**Graph** or could be used to provide additional information
2020
useful for Operations.
2121

2222
The Cacti **Device** object serves as the center Cacti's world
23-
it's where stores information on how gather data about it. You
23+
it stores information on how to gather data about it. You
2424
can have from one to tens of thousands of **Devices** monitored
2525
from one Cacti system. It's very scalable. They can be
2626
discovered using Cacti's Automation sub-system, added manually,
27-
or gathered from a CMDB and added to Cacti using it's command
27+
or gathered from a CMDB and added to Cacti using its command
2828
line interface.
2929

3030
## Sites
3131

32-
Cacti works with **Sites**. So, when you add a phyical **Device**
32+
Cacti works with **Sites**. So, when you add a physical **Device**
3333
to Cacti, you can associate it with a **Site**. Sites are designed
34-
to be physical locations. Cacti can organize **Devices** and it's
34+
to be physical locations. Cacti can organize **Devices** and its
3535
**Graphs** by Site in a convenient fashion.
3636

3737
## Data Collectors
3838

3939
These are the physical or virtual hosts or containers that gather
4040
data about a group of devices either within a network or a site.
41-
They are resiliant in that if the central Cacti server is not reachable,
41+
They are resilient in that if the central Cacti server is not reachable,
4242
they will cache data and wait for it to become available again.
4343

44-
Cacti supports upto dozens of Data Collectors today. Some customers
45-
use somethings as simple as a Raspberry Pi or Nuk for
44+
Cacti supports up to dozens of Data Collectors today. Some customers
45+
use something as simple as a Raspberry Pi or Intel NUC for
4646
Data Collectors. However, Virtual Machines are preferred as they
4747
can be migrated live which does not interrupt data collection.
4848

@@ -79,7 +79,7 @@ can be nearer in latency than the database, can scale to 30,
7979
40, even 50 thousand devices with relative ease in Cacti
8080
depending on the size of your database and data collector
8181
infrastructure (sockets, cores, threads). When using this
82-
N-Tiered methology, most customers will use Cacti's
82+
N-Tiered methodology, most customers will use Cacti's
8383
`script server` which is a pool of memory resident PHP
8484
interpreters that preloads all scripts used to gather data,
8585
therefore, it's super fast, and parallel in nature.
@@ -102,7 +102,7 @@ hammer. Other approaches in the industry use SQL database,
102102
others flat files or document stores like ElasticSearch, Splunk,
103103
Mongo DB, InfluxDB. There are a number of options out there.
104104
You can get more information about RRDfile from the
105-
[RRDtool Website](http://www.RRDtool.org/).
105+
[RRDtool Website](https://www.rrdtool.org/).
106106

107107
`RRD` is an acronym for **Round Robin Database**. RRD is a system to store and
108108
display time-series data (i.e. network bandwidth, machine-room temperature,
@@ -118,7 +118,7 @@ different consolidation functions: AVERAGE, MAXIMUM, MINIMUM and LAST.
118118

119119
## Data Presentation
120120

121-
One of the most appreciated features of [RRDtool](http://www.RRDtool.org/) is
121+
One of the most appreciated features of [RRDtool](https://www.rrdtool.org/) is
122122
the built-in graphing function. This comes in useful when combining this with
123123
some commonly used web server. Such, it is possible to access the graphs from
124124
merely any browser on any platform.
@@ -177,10 +177,10 @@ results with others.
177177
## Beyond Graphs
178178

179179
Cacti is not just a Graphing platform, it's also a Network Operations
180-
Framework. Thought the dozens of plugins and user contributed
180+
Framework. Through the dozens of plugins and user contributed
181181
Graph Templates, the sky is the limit as to what can be done using the
182-
Cacti Framework. It's stood the test of time now in it's 19th year
183-
of existence in the Open Source world.
182+
Cacti Framework. It's stood the test of time now for over two decades
183+
in the Open Source world.
184184

185185
---
186186
Copyright (c) 2004-2026 The Cacti Group

Requirements.md

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -104,10 +104,12 @@ Cacti requires that the following software is installed on your system.
104104
the only feature in MariaDB or MySQL becomes temporary table space
105105
which may not be dependent on the **max_heap_table_size**.
106106

107-
- **table_cache >= 200**
107+
- **table_open_cache >= 200**
108108

109109
Keeping the table cache larger means less file open/close operations
110-
when using innodb_file_per_table.
110+
when using innodb_file_per_table. (Note: `table_cache` was renamed to
111+
`table_open_cache` in MySQL 5.1.3; use `table_open_cache` on all
112+
current MySQL and MariaDB releases.)
111113

112114
- **max_allowed_packet >= 16777216**
113115

@@ -163,11 +165,6 @@ Cacti requires that the following software is installed on your system.
163165
second rather than at commit. This allows MySQL/MariaDB to perform
164166
writing less often.
165167

166-
- **innodb_file_io_threads >= 16**
167-
168-
With modern SSD type storage, having multiple io threads is advantageous
169-
for applications with high IO characteristics.
170-
171168
- **innodb_flush_log_at_timeout >= 3**
172169

173170
If your MySQL/MariaDB version supports it, the you can control how often

Standards-Code-Formatting.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,10 @@
55
Over the years Cacti has attempted to adhere to standards in code construction,
66
syntax, style, etc. It has been a very organic grow which has resulted in some
77
mixed styles. Cacti is in the process of moving to [PHP Standards
8-
Recommendations](http://www.php-fig.org/psr/) (PSR) standards.
8+
Recommendations](https://www.php-fig.org/psr/) (PSR) standards.
99

10-
Initially we are moving towards [PSR-2](http://www.php-fig.org/psr/psr-2/) code
11-
syntax standard with the following exceptions:
10+
Initially we are moving towards [PSR-12](https://www.php-fig.org/psr/psr-12/)
11+
(Extended Coding Style) with the following exceptions:
1212

1313
- Initial white space must be tabs not spaces followed by the use of spaces to
1414
align elements after initial tab.
@@ -47,7 +47,7 @@ Tab stops should be set to 4 spaces.
4747
Below are the vim rules to accomplish this:
4848

4949
```console
50-
set expandtab
50+
set noexpandtab
5151
set shiftwidth=4
5252
set softtabstop=4
5353
set tabstop=4

Standards-Security.md

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ you are using unvalidated data. They include:
1616

1717
* get_filter_request_var('somevariable') - This function call, by default,
1818
will validate that the variable `$_REQUEST['somevariable']` returned
19-
is actually an integer, if not, Cacti will block the the page
19+
is actually an integer, if not, Cacti will block the page
2020
function from continuing.
2121

2222
* get_filter_request_var('somevariable', 'options') - This version of the
@@ -28,9 +28,21 @@ you are using unvalidated data. They include:
2828
Generally speaking, you should never use either `$_GET`, `$_REQUEST` or
2929
`$_POST` in your Cacti code. Use the validators. When you do, you can
3030
turn on the Cacti setting `Log Input Validation Issues` when you are
31-
developing, and you Cacti log will include warnings when an invalidate
31+
developing, and your Cacti log will include warnings when an invalid
3232
variable has been encountered.
3333

34+
## OS Command Injection
35+
36+
Never pass unsanitized input to shell execution functions (`exec()`,
37+
`shell_exec()`, `system()`, `passthru()`, `popen()`). Device fields,
38+
OID strings, community names, and any other user-influenced values must
39+
be treated as untrusted.
40+
41+
Always escape arguments with `escapeshellarg()`. If you need to run an
42+
external command from a plugin, use Cacti's `api_plugin_safe_exec()` API
43+
where available, as it enforces an allowlist of permitted executables and
44+
strips dangerous characters before any shell invocation.
45+
3446
## Prepared Statements
3547

3648
The second method of hardening your Cacti application is through the use

0 commit comments

Comments
 (0)