1.源码安装包
http://www.net-snmp.org/download.html
或者https://download.csdn.net/download/y7u8t6/10707891
2.交叉编译
root@IT-PC-135:/home/user1/hong/smdd/arm_for_snmp/net-snmp-5.7.2.1#
./configure --prefix=/home/user1/hong/smdd/arm_for_snmp/hi3536 --build=i386-linux --host=arm-linux --with-ndianness=little --disable-manuals --with-mib-modules='ucd-snmp/diskio ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable' --enable-as-needed --disable-embedded-perl --without-perl-modules --disable-snmptrapd-subagent --disable-applications --disable-scripts --with-default-snmp-version="3" --with-sys-contact="[email protected]" --with-sys-location="china" --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp" --with-cc=arm-hisiv300-linux-gcc --with-ar=arm-hisiv300-linux-ar --enable-ipv6
make clean
make LDFLAGS="-static" && make install
arm-hisiv300-linux-strip /home/user1/hong/smdd/arm_for_snmp/hi3536/sbin/snmpd
3.修改net-snmp-create-v3-user脚本
snmp v3 协议下选择no Auth,no Priv只需要输入Read/Write Security Name
生成的脚本默认都需要输入Authentication Password和Private Key Password
#!/bin/sh
#
# $Id$
#
# this shell script is designed to add new SNMPv3 users
# to Net-SNMP config file.
prefix=/home/user1/hong/smdd/arm_for_snmp/hi3536
exec_prefix=${prefix}
includedir=${prefix}/include
libdir=${exec_prefix}/lib
datarootdir=${prefix}/share
NSC_LDFLAGS=""
NSC_INCLUDEDIR=${includedir}
NSC_LIBDIR=-L${libdir}
NSC_LIBS="-lm "
NSC_AGENTLIBS="-lm "
NSC_PREFIX=$prefix
NSC_EXEC_PREFIX=$exec_prefix
NSC_SRCDIR=.
NSC_INCDIR=${NSC_PREFIX}/include
NSC_BASE_SUBAGENT_LIBS="-lnetsnmpagent -lnetsnmp"
NSC_BASE_AGENT_LIBS="-lnetsnmpagent -lnetsnmpmibs -lnetsnmp"
NSC_SRC_LIBDIRS="agent/.libs snmplib/.libs"
NSC_SRC_LIBDEPS="agent/.libs/libnetsnmpmibs.a agent/.libs/libnetsnmpagent.a snmplib/.libs/libnetsnmp.a"
if test "x$NSC_SRCDIR" = "x." ; then
NSC_SRCDIR="NET-SNMP-SOURCE-DIR"
fi
if /bin/ps -e | egrep ' snmpd *$' > /dev/null 2>&1 ; then
echo "Apparently at least one snmpd demon is already running."
echo "You must stop them in order to use this command."
exit 1
fi
Aalgorithm="MD5"
Xalgorithm="DES"
token=rwuser
#echo "test 1111111"
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
unset shifted
case $1 in
--version|--ver*)
echo 5.7.2.1
;;
--help)
usage="yes"
;;
-A|-a)
shift
if test "x$1" = "x" ; then
echo "You must specify an authentication algorithm or pass phrase"
exit 1
fi
case $1 in
MD5|SHA)
Aalgorithm=$1
shift
;;
md5|sha)
Aalgorithm=`echo $1 | tr a-z A-Z`
shift
;;
*)
apassphrase=$1
shift
;;
esac
;;
-X|-x)
shift
if test "x$1" = "x" ; then
echo "You must specify an encryption algorithm or pass phrase"
exit 1
fi
case $1 in
DES|AES|AES128)
Xalgorithm=$1
shift
;;
des|aes|aes128)
Xalgorithm=`echo $1 | tr a-z A-Z`
shift
;;
*)
xpassphrase=$1
shift
;;
esac
;;
-ro)
token="rouser"
shift
;;
-*)
echo "unknown suboption to $0: $1"
usage=yes
done=1
;;
*)
done=1
;;
esac
done
if test "x$usage" = "xyes"; then
echo ""
echo "Usage:"
echo " net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]"
echo " [-a MD5|SHA] [-x DES|AES] [username]"
echo ""
exit
fi
if test "x$1" = "x" ; then
prompt=yes
echo "Enter a SNMPv3 user name to create: "
read user
else
user=$1
shift
fi
if test "x$user" = "x" ; then
echo "You must specify a user name"
exit 1
fi
if test "x$apassphrase" = "x" ; then
promptamos=halfyes
# echo "Enter authentication pass-phrase: "
# read apassphrase
fi
#if test "x$apassphrase" = "x" ; then
# echo "You must specify an authentication pass-phrase"
# exit 1
#fi
if test "x$promptamos" = "xhalfyes" -a "x$xpassphrase" = "x" ; then
promptamos=yes
# echo "Enter encryption pass-phrase: "
# echo " [press return to reuse the authentication pass-phrase]"
# read xpassphrase
fi
outdir="/var/net-snmp"
outfile="$outdir/snmpd.conf"
line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm $xpassphrase"
if test "x$promptamos" = "xyes" ; then
line="createUser $user"
fi
#echo "adding the following line to $outfile:"
#echo "adding the following line to test"
echo " " $line
# in case it hasn't ever been started yet, start it.
if test ! -d $outdir ; then
mkdir $outdir
fi
if test ! -d $outfile ; then
touch $outfile
fi
echo $line >> $outfile
outfile="/tmp/snmpd.conf"
line="$token $user"
if test "x$promptamos" = "xyes" ; then
line="$token $user noauth"
fi
#echo "adding the following line to $outfile:"
#echo " " $line
if test ! -d $outfile ; then
touch $outfile
fi
echo $line >> $outfile
4.配置文件 snmp.conf
mibs + ALL
###### ----------------------------------------------------------------------------
#IPv4
com2sec readonly default readonly_v12c
com2sec writeread default writeread_v12c
com2sec milesight default public
com2sec v3rdprivusername default
com2sec v3wrprivusername default
com2sec v3rdauthusername default
com2sec v3wrauthusername default
com2sec v3rdnoauthusername default
com2sec v3wrnoauthusername default
com2sec local localhost public
com2sec mynetwork default public
com2sec mynetwork 192.168.5.0/24 public
#IPv6
com2sec6 readonly default readonly_v12c
com2sec6 writeread default writeread_v12c
com2sec6 milesight default public
com2sec6 v3rdprivusername default
com2sec6 v3wrprivusername default
com2sec6 v3rdauthusername default
com2sec6 v3wrauthusername default
com2sec6 v3rdnoauthusername default
com2sec6 v3wrnoauthusername default
com2sec6 local localhost public
com2sec6 mynetwork default public
com2sec6 mynetwork 192.168.5.0/24 public
###### ----------------------------------------------------------------------------
group MyROSystem v1 milesight
group MyROSystem v2c milesight
group v3rdprivsnmp usm v3rdprivusername
group v3wrprivsnmp usm v3wrprivusername
group v3rdauthsnmp usm v3rdauthusername
group v3wrauthsnmp usm v3wrauthusername
group v3noauthrdsnmp usm v3rdnoauthusername
group v3noauthwrsnmp usm v3wrnoauthusername
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
group MyRWGroup v1 writeread
group MyRWGroup v2c writeread
group MyRWGroup usm writeread
group MyRWGroup v1 mynetwork
group MyRWGroup v2c mynetwork
group MyRWGroup usm mynetwork
###### ----------------------------------------------------------------------------
view all included .1 80
view system included .1.3.6.1.2.1.1
view mib2 included .iso.org.dod.internet.mgmt.mib-2
#view system included .iso.org.dod.internet.mgmt.mib-2.system
######
access v3rdprivsnmp "" any priv exact all none none
access v3wrprivsnmp "" any priv exact all all none
access v3rdauthsnmp "" any auth exact all none none
access v3wrauthsnmp "" any auth exact all all none
access v3noauthrdsnmp "" any noauth exact all none none
access v3noauthwrsnmp "" any noauth exact all all none
access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none
###### ----------------------------------------------------------------------------
#syslocation Unknown (configure /etc/snmp/snmpd.local.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmpd.conf)
syslocation China.
syscontact Amos <[email protected]>
###### ----------------------------------------------------------------------------
proc sendmail 10 1
extend echotest /bin/echo hello world
disk / 10000
###### ----------------------------------------------------------------------------
load 12 14 14
###### ----------------------------------------------------------------------------
extend .1.3.6.1.2.1.1.1.0 ps /bin/ps
extend .1.3.6.1.4.1.2021.51 echo 123
extend .1.3.6.1.2.1.39165.1.6.2 /bin/echoMac
extend .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
#exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
4.执行命令
killall -9 snmpd
rm -f /tmp/snmpd.conf
cp -f /etc/snmpd.conf /tmp/snmpd.conf
snmpd -c /tmp/snmpd.conf
killall -2 snmpd
rm -f /var/net-snmp/snmpd.conf
sed -i 's/v3rdnoauthusername/uread1/' /tmp/snmpd.conf
sed -i 's/v3wrnoauthusername/uwrite1/' /tmp/snmpd.conf
net-snmp-create-v3-user -ro uread1
net-snmp-create-v3-user uwrite1
snmpd udp:161,udp6:161 -c /tmp/snmpd.conf
5.接口示例
#define SNMP_CREATE_PREFIX "/opt/app/snmp/"
struct snmp
{
int v1_enable;
int v2c_enable;
char write_community[MAX_LEN_64];
char read_community[MAX_LEN_64];
int v3_enable;
char read_security_name[MAX_LEN_64];
int read_level_security;//0=auth,priv 1=auth,no priv 2=no auth,no priv
int read_auth_algorithm;//0=MD5 1=SHA
char read_auth_password[MAX_LEN_64];
int read_pri_algorithm;//0=DES 1=AES
char read_pri_password[MAX_LEN_64];
char write_security_name[MAX_LEN_64];
int write_level_security;//0=auth,priv 1=auth,no priv 2=no auth,no priv
int write_auth_algorithm;//0=MD5 1=SHA
char write_auth_password[MAX_LEN_64];
int write_pri_algorithm;//0=DES 1=AES
char write_pri_password[MAX_LEN_64];
int port;
};
static void snmp_set_conf(struct snmp *snmp, char flag)
{
if (!snmp) return;
char cmd[256] = {0};
if (flag == 0)
{
//read_conf_v1/v2
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "readonly_v12c", snmp->read_community);
ms_system(cmd);
//wr_conf_v1/v2
memset(cmd, 0x0, sizeof(cmd));
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "writeread_v12c", snmp->write_community);
ms_system(cmd);
}
else if (flag == 1)
{
char read_auth_algo[4] = "MD5";
char read_priv_algo[4] = "DES";
char write_auth_algo[4] = "MD5";
char write_priv_algo[4] = "DES";
char create_read_usr[256] = {0};
char create_write_usr[256] = {0};
//ms_system("snmpd -c /tmp/snmpd.conf");
//ms_system("killall -2 snmpd");
//ms_system("rm -f /var/net-snmp/snmpd.conf");
if (snmp->read_auth_algorithm == 1)
snprintf(read_auth_algo, sizeof(read_auth_algo), "%s", "SHA");
if (snmp->read_pri_algorithm == 1)
snprintf(read_priv_algo, sizeof(read_auth_algo), "%s", "AES");
if (snmp->write_auth_algorithm == 1)
snprintf(write_auth_algo, sizeof(write_auth_algo), "%s", "SHA");
if (snmp->write_pri_algorithm == 1)
snprintf(write_priv_algo, sizeof(write_priv_algo), "%s", "AES");
if (snmp->read_level_security == 0)
{
//net-snmp-create-v3-user -ro -a ms345678 -A MD5 -x ms345678 -X DES root
snprintf(create_read_usr, sizeof(create_read_usr), "%snet-snmp-create-v3-user -ro -a %s -A %s -x %s -X %s %s", \
SNMP_CREATE_PREFIX, snmp->read_auth_password, read_auth_algo, snmp->read_pri_password, read_priv_algo, snmp->read_security_name);
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3rdprivusername", snmp->read_security_name);
ms_system(cmd);
}
else if (snmp->read_level_security == 1)
{
snprintf(create_read_usr, sizeof(create_read_usr), "%snet-snmp-create-v3-user -ro -a %s -A %s %s", \
SNMP_CREATE_PREFIX, snmp->read_auth_password, read_auth_algo, snmp->read_security_name);
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3rdauthusername", snmp->read_security_name);
ms_system(cmd);
}
else if (snmp->read_level_security == 2)
{
snprintf(create_read_usr, sizeof(create_read_usr), "%snet-snmp-create-v3-user -ro %s", SNMP_CREATE_PREFIX, snmp->read_security_name);
snprintf(cmd,sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3rdnoauthusername", snmp->read_security_name);
ms_system(cmd);
}
memset(cmd, 0x0, sizeof(cmd));
if (snmp->write_level_security == 0)
{
snprintf(create_write_usr, sizeof(create_write_usr), "%snet-snmp-create-v3-user -a %s -A %s -x %s -X %s %s", \
SNMP_CREATE_PREFIX, snmp->write_auth_password, write_auth_algo, snmp->write_pri_password, write_priv_algo, snmp->write_security_name);
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3wrprivusername", snmp->write_security_name);
ms_system(cmd);
}
else if (snmp->write_level_security == 1)
{
snprintf(create_write_usr, sizeof(create_write_usr), "%snet-snmp-create-v3-user -a %s -A %s %s", \
SNMP_CREATE_PREFIX, snmp->write_auth_password, write_auth_algo, snmp->write_security_name);
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3wrauthusername", snmp->write_security_name);
ms_system(cmd);
}
else if (snmp->write_level_security == 2)
{
snprintf(create_write_usr, sizeof(create_write_usr), "%snet-snmp-create-v3-user %s", SNMP_CREATE_PREFIX, snmp->write_security_name);
snprintf(cmd,sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3wrnoauthusername", snmp->write_security_name);
ms_system(cmd);
}
ms_system(create_read_usr);
ms_system(create_write_usr);
}
return;
}
int ms_set_net_snmp(struct snmp *snmp)
{
if (!snmp) return -1;
int flag = 0;
char cmd[256] = {0};
ms_system("killall -9 snmpd");
ms_system("rm -rf /tmp/snmpd.conf");
if (snmp->v3_enable == 1)
{
//v3
ms_system("cp -f /opt/app/snmp/snmpd.conf /tmp/snmpd.conf");
flag = 1;
snmp_set_conf(snmp, 1);
}
if (snmp->v1_enable == 1 || snmp->v2c_enable == 1)
{
//v1 v2c
if (!flag)
{
ms_system("cp -f /opt/app/snmp/snmpd.conf /tmp/snmpd.conf");
}
flag = 1;
snmp_set_conf(snmp, 0);
}
if (flag == 1)
{
//snmpd udp:161,udp6:161 -c /tmp/snmpd.conf
int port = snmp->port;
if (port == 0)
port = 161;
snprintf(cmd, sizeof(cmd), "snmpd udp:%d,udp6:%d -c /tmp/snmpd.conf", port, port);
ms_system(cmd);
//printf("cmd:%s\n", cmd);
}
else
{
//has already stop
}
return 0;
}
5.测试命令
snmp v1 v2c: 主机地址:192.168.9.51 2001:f80:754::152 读共同体名称:public 端口:161
获取系统基本信息.1.3.6.1.2.1.1.1.0 snmpget -v 2c -c public 192.168.9.51:161 .1.3.6.1.2.1.1.1.0
snmpget -v 2c -c public udp6:[2001:f80:754::152]:161 .1.3.6.1.2.1.1.1.0
如果是默认端口161,则:161可以不写。
系统运行的进程列表.1.3.6.1.2.1.25.4.2.1.2 snmpwalk -v 2c -c public 192.168.9.51 .1.3.6.1.2.1.25.4.2.1.2
snmpwalk -v 2c -c public udp6:[2001:f80:754::152] .1.3.6.1.2.1.25.4.2.1.2
snmp v3 主机地址:192.168.9.51 2001:f80:754::152 读安全名称:uread 安全级别:auth,priv 认证算法:MD5 认证密码:11111111 私钥算法:DES 私钥密码:22222222
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 192.168.9.51 .1.3.6.1.2.1.1.1.0
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.1.0
snmp v3 主机地址:192.168.9.51 2001:f80:754::152 读安全名称:uread 安全级别:auth,no priv 认证算法:MD5 认证密码:11111111
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authNoPriv 192.168.9.51 .1.3.6.1.2.1.1.1.0
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authNoPriv udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.1.0
snmp v3 主机地址:192.168.9.51 2001:f80:754::152 读安全名称:uread 安全级别:no auth,no priv
snmpget -v 3 -u uread -l noAuthNoPriv 192.168.9.51 .1.3.6.1.2.1.1.1.0
snmpget -v 3 -u uread -l noAuthNoPriv udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.1.0
set命令:
设置机器名:.1.3.6.1.2.1.1.5.0
snmp v1 v2c:主机地址:192.168.9.51 2001:f80:754::152 写共同体名称:private 端口:161
snmpset -v 2c -c private 192.168.9.51:161 .1.3.6.1.2.1.1.5.0 s NVR
snmpset -v 2c -c private udp6:[2001:f80:754::152]:161 .1.3.6.1.2.1.1.5.0 s NVR
snmp v3 主机地址:192.168.9.51 2001:f80:754::152 写安全名称:uwrite 安全级别:auth,priv 认证算法:MD5 认证密码:11111111 私钥算法:DES 私钥密码:22222222
snmpset -v 3 -u uwrite -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 192.168.9.51 .1.3.6.1.2.1.1.5.0 s NVR
snmpset -v 3 -u uwrite -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.5.0 s NVR