install and configure snmp

1. For CentOS 7
install service snmp

yum install net-snmp net-snmp-utils -y

Set configure file /etc/snmp/snmpd.conf
--------------------------------edit------------------------------------------------------------
#       sec.name  source          community
com2sec mynetwork  default       systemsecret

####
# Second, map the security name into a group name:

#       groupName      securityModel securityName
group   notConfigGroup v1           mynetwork
group   notConfigGroup v2c          mynetwork

# Make at least  snmpwalk -v 1 localhost -c public system fast again.
#       name           incl/excl     subtree         mask(optional)
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1

####
# Finally, grant the group read-only access to the systemview view.

#       group          context sec.model sec.level prefix read   write  notif
access  notConfigGroup ""      any       noauth    exact  systemview none none
--------------------------------save configure-----------------------------------------------

Enable service
systemctl enable snmpd
systemctl start snmpd
systemctl status snmpd

Check port runing
netstat -tulpn
udp        0      0 0.0.0.0:161             0.0.0.0:*                           21402/snmpd

Test snmpd at local server
snmpwalk -v 1 -c systemsecret -O e 127.0.0.1

Add firewall
firewall-cmd --permanent --add-port=161/udp
firewall-cmd --reload
firewall-cmd --list-all



2. For Debain 9
Install service snmpd

apt install snmpd snmp libsnmp-dev

Edit configure /etc/snmp/snmpd.con
---------------------------------------------------------
AGENT BEHAVIOUR
#
#  Listen for connections from the local system only
agentAddress  udp:127.0.0.1:161,udp:192.168.0.xx:161

ACCESS CONTROL
#
                                                 #  system + hrSystem groups only
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1

                                                 #  Full access from the local host
#rocommunity public  localhost
                                                 #  Default access to basic system info
# rocommunity public  default    -V systemonly
 rocommunity serversecret  default    -V systemonly
                                                 #  rocommunity6 is for IPv6
 rocommunity6 public  default   -V systemonly
#rocommunity secret  10.0.0.0/16
                                                 #  Full read-only access for SNMPv3
 rouser   authOnlyUser

SYSTEM INFORMATION
#
#  Note that setting these values here, results in the corresponding MIB objects being 'read-only'
#  See snmpd.conf(5) for more details
sysLocation    Sitting on the Dock of the Bay
sysContact     Me
                                                 # Application + End-to-End layers
sysServices    72
---------------------------------------------------------------------------
Enable service
systemctl enable snmpd
systemctl start snmpd
systemctl status snmpd

Check port runing
netstat -tulpn
udp        0      0 192.168.0.xx:161         0.0.0.0:*                           12142/snmpd         
udp        0      0 127.0.0.1:161           0.0.0.0:*                           12142/snmpd

ss -alnp | grep snmp | grep 161
udp    UNCONN     0      0      192.168.0.xx:161                   *:*                   users:(("snmpd",pid=12142,fd=12))
udp    UNCONN     0      0      127.0.0.1:161                   *:*                   users:(("snmpd",pid=12142,fd=9))

Test snmpd at local server
snmpwalk -v2c -c serversecret localhost

Add firewall
firewall-cmd --permanent --add-port=161/udp
firewall-cmd --reload
firewall-cmd --list-all



Post a Comment

Mới hơn Cũ hơn