snmp协议
作者:互联网
snmp安装与使用
snmp安装包
1.net-snmp(主程序)
2.net-snmp-libs(运行库文件)
3.net-snmp-utils(snmp命令工具)
4.net-snmp-devel(net-snmp-config命令工具)
snmp安装
yum install net-snmp net-smp-libs net-snmp-utils systemctl start snmpd systemctl enable snmpd
snmp配置文件
snmp v1/v2配置
vi /etc/snmp/snmpd.conf #### # First, map the community name "public" into a "security name" # sec.name source community com2sec notConfigUser default public # 定义public团体名称映射到安全名notConfigUser #### # Second, map the security name into a group name: # groupName securityModel securityName group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser # 将安全名notConfigUser加入组notConfigGroup,并定义安全模式 #### # Third, create a view for us to let the group have rights to: # Make at least snmpwalk -v 1 localhost -c public system fast again. # name incl/excl subtree mask(optional) #view systemview included .1.3.6.1.2.1.1 #view systemview included .1.3.6.1.2.1.25.1.1 view systemview included .1 # 创建一个可以查看snmp的视图名称systeview及范围.1 #### # Finally, grant the group read-only access to the systemview view. # group context sec.model sec.level prefix read write notif access notConfigGroup "" any noauth exact systemview systemview none # 给notConfigGroup组定义在systemview视图下的权限read/write syslocation Unknown (edit /etc/snmp/snmpd.conf) syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf) # 联系人信息 dontLogTCPWrappersConnects yes proc mountd proc ntalkd 4 proc sendmail 10 1 # 进程检查 disk / 10000 # 磁盘检查 load 12 14 14 # 负载均衡检查
验证
# 测试v1 snmpwalk -v 1 -c public 127.0.0.1 .1 # 测试v2 snmpwalk -v 2c -c public 127.0.0.1 .1
snmp v3配置
# 停止服务 systemctl stop snmpd # 使用net-snmp-create-v3-user用法,创建用户 net-snmp-create-v3-user -h Usage: net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass] [-a MD5|SHA] [-x DES|AES] [username] # -ro:只读,不加-ro默认为读写权限。 # -A authpwd: 用户密码 # -a MD5|SHA: 用户密码加密方式 # -X privpwd: 加密密码 # -x DES|AES: 密码加密方式 # username 用户名 # 创建用户 net-snmp-create-v3-user Enter a SNMPv3 user name to create: # 用户名 snmpuser Enter authentication pass-phrase: # 密码 12345678 Enter encryption pass-phrase: [press return to reuse the authentication pass-phrase] # 加密密码 12345678 adding the following line to /var/lib/net-snmp/snmpd.conf: createUser snmpuser MD5 "12345678" DES 12345678 adding the following line to /etc/snmp/snmpd.conf: rwuser snmpuser #rwuser表示读写权限用户
安全级别
# 1.noAuthNoPriv(不认证不加密基本不用,网上没有找到这个级别的资料,一般用下面两种) # 2.authNoPriv(认证不加密) # 创建snmp v3用户时,不指定加密密码 net-snmp-create-v3-user -ro -A 12345678 -a MD5 -x DES snmp # 3.authPriv(认证且加密) # 创建snmp v3用户时,指定加密密码 net-snmp-create-v3-user -ro -A 12345678 -X 12345678 -a MD5 -x DES snmp
验证
# 1.noAuthNoPriv(不认证不加密基本不用) # 略 # 2.authNoPriv(认证不加密) snmpwalk -v 3 -l authNoPriv -u snmp -A 12345678 -a MD5 -x DES 127.0.0.1 .1 # 3.authPriv(认证且加密) snmpwalk -v 3 -l authPriv -u snmp -A 12345678 -a MD5 -X 12345678 -x DES 127.0.0.1 .1
snmp trap
研究中…
标签:协议,加密,create,snmp,12345678,v3,net 来源: https://blog.51cto.com/hiwjk/2983142