Linux SNMP V2/V3 简单设置
SNMP V2默认配置
com2sec notConfigUser default public group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 access notConfigGroup "" any noauth exact systemview none none syslocation Unknown (edit /etc/snmp/snmpd.conf) syscontact Root root@localhost (configure /etc/snmp/snmp.local.conf) dontLogTCPWrappersConnects yes
测试 snmpwalk -v 2c -c public 172.16.10.56 1.3.6.1.4.1.2021
SNMP V2修改后的设置
com2sec inlineUser 172.16.0.0/16 unline group inlinexGroup v2c inlinexUser view all included .1 view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 access inlinexGroup "" any noauth exact all none none sysLocation = "JinxCheng 5F C1-5" sysContact = "Bob bk@mail.xxx.org" dontLogTCPWrappersConnects yes
测试 snmpwalk -v 2c -c public 172.16.10.56 1.3.6.1.4.1
SNMP V2简单配置文件,临时记录。 如有需求,请根据snmpd.conf配置文件文档介绍自行修改。
SNMP V3 配置
创建用户前先关闭snmpd服务。 service snmpd stop systemctl stop snmpd
net-snmp-create-v3-user --help
net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass] [-a MD5|SHA] [-x DES|AES] [username]
1.创建用户名为inlinexro 密码为 yl$2P#26 传输加密密码 yLxd*-68ct# net-snmp-create-v3-user -ro -a SHA -A yl$2P#26 -x DES -X yLxd*-68ct# inlinexro
adding the following line to /var/lib/net-snmp/snmpd.conf: createUser inlinexro SHA " yl$2P#26" DES yLxd*-68ct# adding the following line to /etc/snmp/snmpd.conf: rouser inlinexro #账户密码存放文件 /var/lib/net-snmp/snmpd.conf
#2.配置文件修改 cat /etc/snmp/snmpd.conf
com2sec inlinexro 172.16.0.0/16 uninline group unlinev3Group v3 inlinexro view all included .1 view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 access inlinev3Group "" any noauth exact all none none sysLocation = "JinxCheng 5F C1-5" sysContact = "Bob bk@mail.xxx.org" dontLogTCPWrappersConnects yes rouser inlinexro
#3防火墙放行,注意:防火墙默认为DROP策略。如果为ACCEPT策略,只需添加INPUT规则即可。
Centos 6.x iptables -I INPUT -p udp -s 172.16.0.0/16 -d 172.16.0.0/16 --dport 161 -j ACCEPT iptables -I OUTPUT -p udp -s 172.16.0.0/16 -d 172.16.0.0/16 --sport 161 -j ACCEPT service iptables save &&service iptables restart
Centos7.X firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 1 -m udp -p udp -m state --state NEW,ESTABLISHED -s 172.16.0.0/16 -d 172.16.0.0/16 --dport 161 -j ACCEPT firewall-cmd --direct --add-rule ipv4 filter OUTPUT_direct 1 -m udp -p udp -m state --state ESTABLISHED -s 172.16.0.0/16 -d 172.16.0.0/16 --sport 161 -j ACCEPT
firewall-cmd --runtime-to-permanent
#4检测 Net-SNMPv3账户密码 snmpwalk -v 3 -u inlinero -a SHA -A "账户密码" -x DES -X "加密密码" -l authPriv 172.16.10.56 sysDescr
