snmp移植

1.源码安装包

http://www.net-snmp.org/download.html

或者https://download.csdn.net/download/y7u8t6/10707891

2.交叉编译

root@IT-PC-135:/home/user1/hong/smdd/arm_for_snmp/net-snmp-5.7.2.1#

./configure --prefix=/home/user1/hong/smdd/arm_for_snmp/hi3536 --build=i386-linux --host=arm-linux --with-ndianness=little --disable-manuals --with-mib-modules='ucd-snmp/diskio ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable'  --enable-as-needed --disable-embedded-perl --without-perl-modules --disable-snmptrapd-subagent --disable-applications --disable-scripts --with-default-snmp-version="3" --with-sys-contact="[email protected]" --with-sys-location="china" --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp"  --with-cc=arm-hisiv300-linux-gcc --with-ar=arm-hisiv300-linux-ar --enable-ipv6

make clean
make LDFLAGS="-static" && make install
arm-hisiv300-linux-strip /home/user1/hong/smdd/arm_for_snmp/hi3536/sbin/snmpd

3.修改net-snmp-create-v3-user脚本

snmp v3 协议下选择no Auth,no Priv只需要输入Read/Write Security Name

生成的脚本默认都需要输入Authentication Password和Private Key Password

#!/bin/sh
#
# $Id$
#
# this shell script is designed to add new SNMPv3 users
# to Net-SNMP config file.

prefix=/home/user1/hong/smdd/arm_for_snmp/hi3536
exec_prefix=${prefix}
includedir=${prefix}/include
libdir=${exec_prefix}/lib
datarootdir=${prefix}/share
NSC_LDFLAGS=""
NSC_INCLUDEDIR=${includedir}
NSC_LIBDIR=-L${libdir}
NSC_LIBS="-lm "
NSC_AGENTLIBS="-lm  "
NSC_PREFIX=$prefix
NSC_EXEC_PREFIX=$exec_prefix
NSC_SRCDIR=.
NSC_INCDIR=${NSC_PREFIX}/include
NSC_BASE_SUBAGENT_LIBS="-lnetsnmpagent -lnetsnmp"
NSC_BASE_AGENT_LIBS="-lnetsnmpagent -lnetsnmpmibs -lnetsnmp"
NSC_SRC_LIBDIRS="agent/.libs snmplib/.libs"
NSC_SRC_LIBDEPS="agent/.libs/libnetsnmpmibs.a agent/.libs/libnetsnmpagent.a snmplib/.libs/libnetsnmp.a"

if test "x$NSC_SRCDIR" = "x." ; then
   NSC_SRCDIR="NET-SNMP-SOURCE-DIR"
fi

if /bin/ps -e | egrep ' snmpd *$' > /dev/null 2>&1 ; then
    echo "Apparently at least one snmpd demon is already running."
    echo "You must stop them in order to use this command."
    exit 1
fi

Aalgorithm="MD5"
Xalgorithm="DES"
token=rwuser
#echo "test 1111111"
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
case "$1" in
    -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
    *) optarg= ;;
esac

unset shifted
case $1 in
    --version|--ver*)
      echo 5.7.2.1
      ;;
    --help)
      usage="yes"
      ;;

    -A|-a)
	shift
	if test "x$1" = "x" ; then
	    echo "You must specify an authentication algorithm or pass phrase"
	    exit 1
	fi
        case $1 in
            MD5|SHA)
	    Aalgorithm=$1
	    shift
	    ;;
            md5|sha)
	    Aalgorithm=`echo $1 | tr a-z A-Z`
	    shift
	    ;;
            *)
	    apassphrase=$1
	    shift
	    ;;
        esac
        ;;
    -X|-x)
	shift
	if test "x$1" = "x" ; then
	    echo "You must specify an encryption algorithm or pass phrase"
	    exit 1
	fi
        case $1 in
            DES|AES|AES128)
	    Xalgorithm=$1
	    shift
	    ;;
            des|aes|aes128)
	    Xalgorithm=`echo $1 | tr a-z A-Z`
	    shift
	    ;;
            *)
	    xpassphrase=$1
	    shift
	    ;;
	esac
	;;
    -ro)
        token="rouser"
	shift
	;;
    -*)
	echo "unknown suboption to $0: $1"
	usage=yes
	done=1
	;;
    *)
        done=1
        ;;
    esac
done

if test "x$usage" = "xyes"; then
    echo ""
    echo "Usage:"
    echo "  net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]"
    echo "                          [-a MD5|SHA] [-x DES|AES] [username]"
    echo ""
    exit
fi

if test "x$1" = "x" ; then
    prompt=yes
    echo "Enter a SNMPv3 user name to create: "
    read user
else
    user=$1
    shift
fi
if test "x$user" = "x" ; then
    echo "You must specify a user name"
    exit 1
fi
if test "x$apassphrase" = "x" ; then
    promptamos=halfyes
#    echo "Enter authentication pass-phrase: "
#    read apassphrase
fi
#if test "x$apassphrase" = "x" ; then
#    echo "You must specify an authentication pass-phrase"
#    exit 1
#fi
if test "x$promptamos" = "xhalfyes" -a "x$xpassphrase" = "x" ; then
         promptamos=yes
#    echo "Enter encryption pass-phrase: "
#    echo "  [press return to reuse the authentication pass-phrase]"
#    read xpassphrase
fi
outdir="/var/net-snmp"
outfile="$outdir/snmpd.conf"
line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm $xpassphrase"
if test "x$promptamos" = "xyes" ; then
        line="createUser $user"
fi
#echo "adding the following line to $outfile:"
#echo "adding the following line to test"
echo "  " $line
# in case it hasn't ever been started yet, start it.
if test ! -d $outdir ; then
    mkdir $outdir
fi
if test ! -d $outfile ; then
    touch $outfile
fi
echo $line >> $outfile
outfile="/tmp/snmpd.conf"
line="$token $user"
if test "x$promptamos" = "xyes" ; then
        line="$token $user noauth"
fi
#echo "adding the following line to $outfile:"
#echo "  " $line
if test ! -d $outfile ; then
    touch $outfile
fi
echo $line >> $outfile

4.配置文件 snmp.conf

mibs + ALL
###### ---------------------------------------------------------------------------- 
#IPv4
com2sec  readonly   default    readonly_v12c 
com2sec  writeread  default    writeread_v12c   
com2sec  milesight  default         public
com2sec  v3rdprivusername  default   
com2sec  v3wrprivusername  default 
com2sec  v3rdauthusername  default   
com2sec  v3wrauthusername  default 
com2sec  v3rdnoauthusername  default   
com2sec  v3wrnoauthusername  default 
 
com2sec  local      localhost       public
com2sec  mynetwork  default         public
com2sec  mynetwork  192.168.5.0/24  public

#IPv6
com2sec6  readonly   default    readonly_v12c 
com2sec6  writeread  default    writeread_v12c   
com2sec6  milesight  default         public
com2sec6  v3rdprivusername  default   
com2sec6  v3wrprivusername  default 
com2sec6  v3rdauthusername  default   
com2sec6  v3wrauthusername  default 
com2sec6  v3rdnoauthusername  default   
com2sec6  v3wrnoauthusername  default 
 
com2sec6  local      localhost       public
com2sec6  mynetwork  default         public
com2sec6  mynetwork  192.168.5.0/24  public

###### ----------------------------------------------------------------------------
group MyROSystem v1        milesight
group MyROSystem v2c       milesight
group v3rdprivsnmp    usm    v3rdprivusername   
group v3wrprivsnmp    usm    v3wrprivusername   
group v3rdauthsnmp    usm    v3rdauthusername   
group v3wrauthsnmp    usm    v3wrauthusername   
group v3noauthrdsnmp  usm    v3rdnoauthusername   
group v3noauthwrsnmp  usm    v3wrnoauthusername   

group MyROGroup v1         readonly
group MyROGroup v2c        readonly
group MyROGroup usm        readonly

group MyRWGroup v1         writeread
group MyRWGroup v2c        writeread
group MyRWGroup usm        writeread

group MyRWGroup v1         mynetwork
group MyRWGroup v2c        mynetwork
group MyRWGroup usm        mynetwork

###### ----------------------------------------------------------------------------
view all    included  .1                               80    
view system included  .1.3.6.1.2.1.1
view mib2  included  .iso.org.dod.internet.mgmt.mib-2           
#view system included  .iso.org.dod.internet.mgmt.mib-2.system

######
access v3rdprivsnmp   ""   any       priv    exact  all none  none
access v3wrprivsnmp   ""   any       priv    exact  all all   none
access v3rdauthsnmp   ""   any       auth    exact  all none  none
access v3wrauthsnmp   ""   any       auth    exact  all all   none
access v3noauthrdsnmp ""   any       noauth  exact  all none  none
access v3noauthwrsnmp ""   any       noauth  exact  all all   none

access MyROGroup      ""   any       noauth  exact  all none  none
access MyRWGroup      ""   any       noauth  exact  all all   none

###### ----------------------------------------------------------------------------
#syslocation Unknown (configure /etc/snmp/snmpd.local.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmpd.conf)
syslocation China.
syscontact  Amos <[email protected]>


###### ----------------------------------------------------------------------------
proc sendmail 10 1
extend echotest /bin/echo hello world
disk / 10000

###### ----------------------------------------------------------------------------
load 12 14 14


###### ----------------------------------------------------------------------------
extend .1.3.6.1.2.1.1.1.0 ps /bin/ps 
extend .1.3.6.1.4.1.2021.51 echo 123 
extend .1.3.6.1.2.1.39165.1.6.2 /bin/echoMac
extend .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
#exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq

4.执行命令

killall -9 snmpd
rm -f /tmp/snmpd.conf
cp -f /etc/snmpd.conf /tmp/snmpd.conf
snmpd -c /tmp/snmpd.conf
killall -2 snmpd
rm -f /var/net-snmp/snmpd.conf

sed -i 's/v3rdnoauthusername/uread1/' /tmp/snmpd.conf
sed -i 's/v3wrnoauthusername/uwrite1/' /tmp/snmpd.conf

net-snmp-create-v3-user -ro uread1
net-snmp-create-v3-user uwrite1

snmpd udp:161,udp6:161 -c /tmp/snmpd.conf

5.接口示例

#define SNMP_CREATE_PREFIX "/opt/app/snmp/"
struct snmp
{
	int v1_enable;
	int v2c_enable;
	char write_community[MAX_LEN_64];
	char read_community[MAX_LEN_64];

	int v3_enable;
	char read_security_name[MAX_LEN_64];
	int read_level_security;//0=auth,priv 1=auth,no priv 2=no auth,no priv
	int read_auth_algorithm;//0=MD5 1=SHA
	char read_auth_password[MAX_LEN_64];
	int read_pri_algorithm;//0=DES 1=AES
	char read_pri_password[MAX_LEN_64];

	char write_security_name[MAX_LEN_64];
	int write_level_security;//0=auth,priv 1=auth,no priv 2=no auth,no priv
	int write_auth_algorithm;//0=MD5 1=SHA
	char write_auth_password[MAX_LEN_64];
	int write_pri_algorithm;//0=DES 1=AES
	char write_pri_password[MAX_LEN_64];

	int port;
};

static void snmp_set_conf(struct snmp *snmp, char flag)
{
	if (!snmp) return;

	char cmd[256] = {0};
	if (flag == 0)
	{
		//read_conf_v1/v2
		snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "readonly_v12c", snmp->read_community); 
		ms_system(cmd);

		//wr_conf_v1/v2
		memset(cmd, 0x0, sizeof(cmd));
		snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "writeread_v12c", snmp->write_community);	 
		ms_system(cmd);
	}
	else if (flag == 1)
	{
		char read_auth_algo[4] = "MD5";
		char read_priv_algo[4] = "DES";
		char write_auth_algo[4] = "MD5";
		char write_priv_algo[4] = "DES";
		char create_read_usr[256] = {0};
		char create_write_usr[256] = {0};

		//ms_system("snmpd -c /tmp/snmpd.conf");
		//ms_system("killall -2 snmpd");
		//ms_system("rm -f /var/net-snmp/snmpd.conf");

		if (snmp->read_auth_algorithm == 1)
			snprintf(read_auth_algo, sizeof(read_auth_algo), "%s", "SHA");
		
		if (snmp->read_pri_algorithm == 1)
			snprintf(read_priv_algo, sizeof(read_auth_algo), "%s", "AES");

		if (snmp->write_auth_algorithm == 1)
			snprintf(write_auth_algo, sizeof(write_auth_algo), "%s", "SHA");
		
		if (snmp->write_pri_algorithm == 1)
			snprintf(write_priv_algo, sizeof(write_priv_algo), "%s", "AES");
		
		if (snmp->read_level_security == 0)
		{
			//net-snmp-create-v3-user -ro -a ms345678 -A MD5 -x ms345678 -X DES root
			snprintf(create_read_usr, sizeof(create_read_usr), "%snet-snmp-create-v3-user -ro -a %s -A %s -x %s -X %s %s", \
				SNMP_CREATE_PREFIX, snmp->read_auth_password, read_auth_algo, snmp->read_pri_password, read_priv_algo, snmp->read_security_name);
			
			snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3rdprivusername", snmp->read_security_name);	
			ms_system(cmd);	
		}
		else if (snmp->read_level_security == 1)
		{
			snprintf(create_read_usr, sizeof(create_read_usr), "%snet-snmp-create-v3-user -ro -a %s -A %s %s", \
				SNMP_CREATE_PREFIX, snmp->read_auth_password, read_auth_algo, snmp->read_security_name);
			snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3rdauthusername", snmp->read_security_name);	
			ms_system(cmd);
		}
		else if (snmp->read_level_security == 2)
		{
			snprintf(create_read_usr, sizeof(create_read_usr), "%snet-snmp-create-v3-user -ro  %s", SNMP_CREATE_PREFIX, snmp->read_security_name);
			snprintf(cmd,sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3rdnoauthusername", snmp->read_security_name);
			ms_system(cmd);
		}

		memset(cmd, 0x0, sizeof(cmd));
		if (snmp->write_level_security == 0)
		{
			snprintf(create_write_usr, sizeof(create_write_usr), "%snet-snmp-create-v3-user -a %s -A %s -x %s -X %s %s", \
				SNMP_CREATE_PREFIX, snmp->write_auth_password, write_auth_algo, snmp->write_pri_password, write_priv_algo, snmp->write_security_name);
			snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3wrprivusername", snmp->write_security_name);
			ms_system(cmd);
		}
		else if (snmp->write_level_security == 1)
		{
			snprintf(create_write_usr, sizeof(create_write_usr), "%snet-snmp-create-v3-user -a %s -A %s %s", \
				SNMP_CREATE_PREFIX, snmp->write_auth_password, write_auth_algo, snmp->write_security_name);
			snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3wrauthusername", snmp->write_security_name);
			ms_system(cmd);

		}
		else if (snmp->write_level_security == 2)
		{
			snprintf(create_write_usr, sizeof(create_write_usr), "%snet-snmp-create-v3-user %s", SNMP_CREATE_PREFIX, snmp->write_security_name);
			snprintf(cmd,sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3wrnoauthusername", snmp->write_security_name);	
			ms_system(cmd);
			
		}

		ms_system(create_read_usr);
		ms_system(create_write_usr);
	}

	return;
}


int ms_set_net_snmp(struct snmp *snmp)
{
	if (!snmp) return -1;
	
	int flag = 0;
	char cmd[256] = {0};
	
	ms_system("killall -9 snmpd");
	ms_system("rm -rf /tmp/snmpd.conf");

	if (snmp->v3_enable == 1)
	{
		//v3
		ms_system("cp -f /opt/app/snmp/snmpd.conf /tmp/snmpd.conf");
		flag = 1;
		snmp_set_conf(snmp, 1);
	}
	
	if (snmp->v1_enable == 1 || snmp->v2c_enable == 1)
	{
		//v1 v2c
		if (!flag)
		{
			ms_system("cp -f /opt/app/snmp/snmpd.conf /tmp/snmpd.conf");
		}

		flag = 1;
		snmp_set_conf(snmp, 0);
	}

	if (flag == 1)
	{
		//snmpd udp:161,udp6:161 -c /tmp/snmpd.conf
		int port = snmp->port;
		if (port == 0)
			port = 161;

		snprintf(cmd, sizeof(cmd), "snmpd udp:%d,udp6:%d -c /tmp/snmpd.conf", port, port);
		ms_system(cmd);
		//printf("cmd:%s\n", cmd);
	}
	else
	{
		//has already stop
	}
	return 0;
}

5.测试命令

snmp v1 v2c: 主机地址：192.168.9.51 2001:f80:754::152 读共同体名称：public 端口：161
获取系统基本信息.1.3.6.1.2.1.1.1.0  snmpget -v 2c -c public 192.168.9.51:161 .1.3.6.1.2.1.1.1.0
                                    snmpget -v 2c -c public udp6:[2001:f80:754::152]:161 .1.3.6.1.2.1.1.1.0
                                    如果是默认端口161，则:161可以不写。

系统运行的进程列表.1.3.6.1.2.1.25.4.2.1.2    snmpwalk -v 2c -c public 192.168.9.51 .1.3.6.1.2.1.25.4.2.1.2
                                             snmpwalk -v 2c -c public udp6:[2001:f80:754::152] .1.3.6.1.2.1.25.4.2.1.2

snmp v3 主机地址：192.168.9.51 2001:f80:754::152 读安全名称：uread 安全级别：auth,priv 认证算法：MD5 认证密码：11111111 私钥算法：DES 私钥密码：22222222
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 192.168.9.51 .1.3.6.1.2.1.1.1.0
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.1.0

snmp v3 主机地址：192.168.9.51 2001:f80:754::152 读安全名称：uread 安全级别：auth,no priv 认证算法：MD5 认证密码：11111111
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authNoPriv 192.168.9.51 .1.3.6.1.2.1.1.1.0
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authNoPriv udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.1.0

snmp v3 主机地址：192.168.9.51 2001:f80:754::152 读安全名称：uread 安全级别：no auth,no priv
snmpget -v 3 -u uread -l noAuthNoPriv 192.168.9.51 .1.3.6.1.2.1.1.1.0
snmpget -v 3 -u uread -l noAuthNoPriv udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.1.0


set命令:
设置机器名：.1.3.6.1.2.1.1.5.0
snmp v1 v2c：主机地址：192.168.9.51 2001:f80:754::152 写共同体名称：private 端口：161
snmpset -v 2c -c private 192.168.9.51:161 .1.3.6.1.2.1.1.5.0 s NVR
snmpset -v 2c -c private udp6:[2001:f80:754::152]:161 .1.3.6.1.2.1.1.5.0 s NVR

snmp v3 主机地址：192.168.9.51 2001:f80:754::152 写安全名称：uwrite 安全级别：auth,priv 认证算法：MD5 认证密码：11111111 私钥算法：DES 私钥密码：22222222
snmpset -v 3 -u uwrite -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 192.168.9.51 .1.3.6.1.2.1.1.5.0 s NVR
snmpset -v 3 -u uwrite -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.5.0 s NVR

猜你喜欢