Linux SNMP V2/V3 簡單設置
SNMP V2默認配置
com2sec notConfigUser default public
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access notConfigGroup "" any noauth exact systemview none none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
dontLogTCPWrappersConnects yes
測試
snmpwalk -v 2c -c public 172.16.10.56 1.3.6.1.4.1.2021
SNMP V2修改後的設置
com2sec inlineUser 172.16.0.0/16 unline
group inlinexGroup v2c inlinexUser
view all included .1
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access inlinexGroup "" any noauth exact all none none
sysLocation = "JinxCheng 5F C1-5"
sysContact = "Bob <[email protected]>"
dontLogTCPWrappersConnects yes
測試
snmpwalk -v 2c -c public 172.16.10.56 1.3.6.1.4.1
SNMP V2簡單配置文件,臨時記錄。
如有需求,請根據snmpd.conf配置文件文檔介紹自行修改。
SNMP V3 配置
創建用戶前先關閉snmpd服務。
service snmpd stop
systemctl stop snmpd
net-snmp-create-v3-user --help
net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]
[-a MD5|SHA] [-x DES|AES] [username]
1.創建用戶名爲inlinexro 密碼爲 yl$2P#26 傳輸加密密碼 yLxd-68ct#
net-snmp-create-v3-user -ro -a SHA -A yl$2P#26 -x DES -X yLxd-68ct# inlinexro
adding the following line to /var/lib/net-snmp/snmpd.conf:
createUser inlinexro SHA " yl$2P#26" DES yLxd*-68ct#
adding the following line to /etc/snmp/snmpd.conf:
rouser inlinexro
#賬戶密碼存放文件 /var/lib/net-snmp/snmpd.conf
#2.配置文件修改
cat /etc/snmp/snmpd.conf
com2sec inlinexro 172.16.0.0/16 uninline
group unlinev3Group v3 inlinexro
view all included .1
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access inlinev3Group "" any noauth exact all none none
sysLocation = "JinxCheng 5F C1-5"
sysContact = "Bob <[email protected]>"
dontLogTCPWrappersConnects yes
rouser inlinexro
#3防火牆放行,注意:防火牆默認爲DROP策略。如果爲ACCEPT策略,只需添加INPUT規則即可。
Centos 6.x
iptables -I INPUT -p udp -s 172.16.0.0/16 -d 172.16.0.0/16 --dport 161 -j ACCEPT
iptables -I OUTPUT -p udp -s 172.16.0.0/16 -d 172.16.0.0/16 --sport 161 -j ACCEPT
service iptables save &&service iptables restart
Centos7.X
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 1 -m udp -p udp -m state --state NEW,ESTABLISHED -s 172.16.0.0/16 -d 172.16.0.0/16 --dport 161 -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter OUTPUT_direct 1 -m udp -p udp -m state --state ESTABLISHED -s 172.16.0.0/16 -d 172.16.0.0/16 --sport 161 -j ACCEPT
firewall-cmd --runtime-to-permanent
#4檢測 Net-SNMPv3賬戶密碼
snmpwalk -v 3 -u inlinero -a SHA -A "賬戶密碼" -x DES -X "加密密碼" -l authPriv 172.16.10.56 sysDescr