Linux installation snmp Comments
Transmission protocol between Snmp A network can collect information via snmp many indicators such as cpu, memory and disk, and now more and more network devices basically support snmp, snmp This article describes the installation process.
Second, the security tools / materials
- SecureCrt
- Xftp
Third, the security method / step
l snmp downloaded from the Internet related to tar packets, and then uploaded to the server, and then extract the installation package, run the following command: tar -zxvf net-snmp-5.7.2.1.tar.gz
l modify the decompressed file name, the default file name for the unpacked package foregoing tar content. Execute the command: mv net-snmp-5.7.2.1 net-snmp
l then enter the list of net-snmp, the following command: ./ configure --prefix = / usr / local / net-snmp --with-default-snmp-version = "2" --with-logfile = "/ var / log / snmpd.log "--with-persistent-directory =" / var / net-snmp "--with-mib-modules =" ucd-snmp / diskio "
L After entering this command, there will be a process of interaction, all interactions directly enter. After the run is completed configure, make execution instruction.
l make command completes, remember to root Run make install, the installation. Because only the root user has permission to certain directories.
l into the / usr / local / directory under the root user. Net-snmp need to modify the directory permissions using chmod -R 755 net-snmp command (hereinafter both root user operation).
l into the / usr / local / net-snmp / bin directory, the command execution ./snmpconf generated snmpd.conf file. Select snmpd.conf, to enter the corresponding number.
L will later select snmpd.conf configuration options selected here Access Control Setup, enter the corresponding number, press enter.
l and select a SNMPv1 / SNMPv2c read-only access community name, can enter the corresponding number. And then press Enter.
L give permission back input selection process, The community name to add read-only access for, where you can enter the public.
L will later appear the following interface, and prompts you for information OID card address, etc., directly enter the Enter key on the line here.
L will later appear the following interface, here we enter finished, and then press Enter on the line.
L will later appear the following interface, here we enter finished, and then press Enter on the line.
L will later appear the following interface, here we enter quit, and then press Enter on the line.
We have found the following l bin directory generates snmpd.conf, and then to move the file / usr / local / net-snmp / share / snmp directory.
and then proceeds to l / usr / local at / net-snmp / sbin directory, start the snmpd, Run: ./ snmpd -c /usr/local/net-snmp/share/snmp/snmpd.conf
l How to verify a successful start it? By the way you can view the process, use the command ps -ef | grep snmpd, if the information process of return, indicating a successful start.
l into the / usr / local / net-snmp / bin directory. Performing ./snmpwalk -v 2c -c public localhost system command (public property determined by the snmpd.conf rocommunity), if the following information is returned, the installation was successful.
Three, snmpV3 way to set up simple and more secure.
Configuration:
1. Stop the snmpd service
#service snmpd STOP
2. increase snmpv3 users, and configure the authentication and encryption
# NET-snmp-the Create the User-v3-
the Enter the User name to the Create A SNMPv3:
enocsnmpv3
the Enter authentication Pass-phrase:
enocsnmpv3pw
Encryption Pass-phrase the Enter:
[Press return to Reuse The authentication Pass-phrase]
enocsnmpv3pk
Adding to /var/lib/net-snmp/snmpd.conf The following Line:
the createUser enocsnmpv3 the MD5 "enocsnmpv3pw" the DES enocsnmpv3pk
Adding to Line The following / etc / snmp / the snmpd.conf:
rwuser enocsnmpv3
3. start the snmpd service
# service snmpd restart
now through snmpwalk test:
# snmpwalk -v3 -uenocsnmpv3 -lauth -aMD5 -A"enocsnmpv3pw" -X"enocsnmpv3pk" localhost | more
SNMPv2-MIB::sysDescr.0 = STRING: Linux CentOS60A 2.6.32-71.el6.i686 #1 SMP Fri Nov 12 04:17:17 GMT 2010 i686
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::org
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (9443) 0:01:34.43
或:
# snmpwalk -v3 -uenocsnmpv3 -lauth -aMD5 -A"enocsnmpv3pw" localhost .1 | more
或:
# snmpwalk -v3 -lauth -uenocsnmpv3 -aMD5 -xDES -A"enocsnmpv3pw" -X"enocsnmpv3pk" localhost .1 | more
补充:
SNMP Version 3 specific
-a PROTOCOL set authentication protocol (MD5|SHA)
-A PASSPHRASE set authentication protocol pass phrase
-e ENGINE-ID set security engine ID (e.g. 800000020109840301)
-E ENGINE-ID set context engine ID (e.g. 800000020109840301)
-l LEVEL set security level (noAuthNoPriv|authNoPriv|authPriv)
-n CONTEXT set context name (e.g. bridge1)
-u USER-NAME set security name (e.g. bert)
-x PROTOCOL set privacy protocol (DES|AES)
-X PASSPHRASE set privacy protocol pass phrase
-Z BOOTS,TIME set destination engine boots/time