SNMP V2默认配置


com2sec notConfigUser default public
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access notConfigGroup “” any noauth exact systemview none none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  root@localhost (configure /etc/snmp/snmp.local.conf)
dontLogTCPWrappersConnects yes


测试
snmpwalk -v 2c -c public 172.16.10.56 1.3.6.1.4.1.2021


SNMP V2修改后的设置


com2sec inlineUser 172.16.0.0/16 unline
group inlinexGroup v2c inlinexUser
view all included .1
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access inlinexGroup “” any noauth exact all none none
sysLocation = “JinxCheng 5F C1-5”
sysContact = “Bob  bk@mail.xxx.org
dontLogTCPWrappersConnects yes


测试
snmpwalk -v 2c -c public 172.16.10.56 1.3.6.1.4.1

SNMP V2简单配置文件,临时记录。
如有需求,请根据snmpd.conf配置文件文档介绍自行修改。


SNMP V3 配置


创建用户前先关闭snmpd服务。
service snmpd stop
systemctl stop snmpd

net-snmp-create-v3-user --help

net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]
[-a MD5|SHA] [-x DES|AES] [username]

1.创建用户名为inlinexro 密码为 yl$2P#26 传输加密密码 yLxd*-68ct#
net-snmp-create-v3-user -ro -a SHA -A yl$2P#26 -x DES -X yLxd*-68ct# inlinexro

adding the following line to /var/lib/net-snmp/snmpd.conf:
createUser inlinexro SHA " yl$2P#26" DES yLxd*-68ct#
adding the following line to /etc/snmp/snmpd.conf:
rouser inlinexro
#账户密码存放文件 /var/lib/net-snmp/snmpd.conf


#2.配置文件修改
cat /etc/snmp/snmpd.conf

com2sec inlinexro 172.16.0.0/16 uninline
group unlinev3Group v3 inlinexro
view all included .1
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access inlinev3Group “” any noauth exact all none none
sysLocation = “JinxCheng 5F C1-5”
sysContact = “Bob  bk@mail.xxx.org
dontLogTCPWrappersConnects yes
rouser inlinexro


#3防火墙放行,注意:防火墙默认为DROP策略。如果为ACCEPT策略,只需添加INPUT规则即可。

Centos 6.x
iptables -I INPUT -p udp -s 172.16.0.0/16 -d 172.16.0.0/16 --dport 161 -j ACCEPT
iptables -I OUTPUT -p udp -s 172.16.0.0/16 -d 172.16.0.0/16 --sport 161 -j ACCEPT
service iptables save &&service iptables restart

Centos7.X
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 1 -m udp -p udp -m state --state NEW,ESTABLISHED -s 172.16.0.0/16 -d 172.16.0.0/16 --dport 161 -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter OUTPUT_direct 1 -m udp -p udp -m state --state ESTABLISHED -s 172.16.0.0/16 -d 172.16.0.0/16 --sport 161 -j ACCEPT

firewall-cmd --runtime-to-permanent

#4检测 Net-SNMPv3账户密码
snmpwalk -v 3 -u inlinero -a SHA -A “账户密码” -x DES -X “加密密码” -l authPriv 172.16.10.56 sysDescr