Linux SNMP V2/V3 简单设置
SNMP V2默认配置
com2sec notConfigUser default public
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access notConfigGroup “” any noauth exact systemview none none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root root@localhost (configure /etc/snmp/snmp.local.conf)
dontLogTCPWrappersConnects yes
测试
snmpwalk -v 2c -c public 172.16.10.56 1.3.6.1.4.1.2021
SNMP V2修改后的设置
com2sec inlineUser 172.16.0.0/16 unline
group inlinexGroup v2c inlinexUser
view all included .1
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access inlinexGroup “” any noauth exact all none none
sysLocation = “JinxCheng 5F C1-5”
sysContact = “Bob bk@mail.xxx.org”
dontLogTCPWrappersConnects yes
测试
snmpwalk -v 2c -c public 172.16.10.56 1.3.6.1.4.1
SNMP V2简单配置文件,临时记录。
如有需求,请根据snmpd.conf配置文件文档介绍自行修改。
SNMP V3 配置
创建用户前先关闭snmpd服务。
service snmpd stop
systemctl stop snmpd
net-snmp-create-v3-user --help
net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]
[-a MD5|SHA] [-x DES|AES] [username]
1.创建用户名为inlinexro 密码为 yl$2P#26 传输加密密码 yLxd*-68ct#
net-snmp-create-v3-user -ro -a SHA -A yl$2P#26 -x DES -X yLxd*-68ct# inlinexro
adding the following line to /var/lib/net-snmp/snmpd.conf:
createUser inlinexro SHA " yl$2P#26" DES yLxd*-68ct#
adding the following line to /etc/snmp/snmpd.conf:
rouser inlinexro
#账户密码存放文件 /var/lib/net-snmp/snmpd.conf
#2.配置文件修改
cat /etc/snmp/snmpd.conf
com2sec inlinexro 172.16.0.0/16 uninline
group unlinev3Group v3 inlinexro
view all included .1
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access inlinev3Group “” any noauth exact all none none
sysLocation = “JinxCheng 5F C1-5”
sysContact = “Bob bk@mail.xxx.org”
dontLogTCPWrappersConnects yes
rouser inlinexro
#3防火墙放行,注意:防火墙默认为DROP策略。如果为ACCEPT策略,只需添加INPUT规则即可。
Centos 6.x
iptables -I INPUT -p udp -s 172.16.0.0/16 -d 172.16.0.0/16 --dport 161 -j ACCEPT
iptables -I OUTPUT -p udp -s 172.16.0.0/16 -d 172.16.0.0/16 --sport 161 -j ACCEPT
service iptables save &&service iptables restart
Centos7.X
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 1 -m udp -p udp -m state --state NEW,ESTABLISHED -s 172.16.0.0/16 -d 172.16.0.0/16 --dport 161 -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter OUTPUT_direct 1 -m udp -p udp -m state --state ESTABLISHED -s 172.16.0.0/16 -d 172.16.0.0/16 --sport 161 -j ACCEPT
firewall-cmd --runtime-to-permanent
#4检测 Net-SNMPv3账户密码
snmpwalk -v 3 -u inlinero -a SHA -A “账户密码” -x DES -X “加密密码” -l authPriv 172.16.10.56 sysDescr
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://hqyman.cn/post/4077.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
休息一下~~