其他分享
首页 > 其他分享> > snmp协议

snmp协议

作者:互联网

snmp安装与使用

snmp安装包

1.net-snmp(主程序)

2.net-snmp-libs(运行库文件)

3.net-snmp-utils(snmp命令工具)

4.net-snmp-devel(net-snmp-config命令工具)

snmp安装

yum install net-snmp net-smp-libs net-snmp-utils
systemctl start snmpd
systemctl enable snmpd

snmp配置文件

snmp v1/v2配置

vi /etc/snmp/snmpd.conf
####
# First, map the community name "public" into a "security name"
#       sec.name  source          community
com2sec notConfigUser  default       public
# 定义public团体名称映射到安全名notConfigUser
####
# Second, map the security name into a group name:
#       groupName      securityModel securityName
group   notConfigGroup v1            notConfigUser
group   notConfigGroup v2c           notConfigUser
# 将安全名notConfigUser加入组notConfigGroup,并定义安全模式
####
# Third, create a view for us to let the group have rights to:
# Make at least  snmpwalk -v 1 localhost -c public system fast again.
#       name           incl/excl     subtree         mask(optional)
#view    systemview    included   .1.3.6.1.2.1.1
#view    systemview    included   .1.3.6.1.2.1.25.1.1
view    systemview    included   .1
# 创建一个可以查看snmp的视图名称systeview及范围.1
####
# Finally, grant the group read-only access to the systemview view.
#       group          context sec.model sec.level prefix read       write     notif
access  notConfigGroup ""      any       noauth    exact  systemview systemview none
# 给notConfigGroup组定义在systemview视图下的权限read/write
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
# 联系人信息
dontLogTCPWrappersConnects yes
proc mountd
proc ntalkd 4
proc sendmail 10 1
# 进程检查
disk / 10000
# 磁盘检查
load 12 14 14
# 负载均衡检查

验证

# 测试v1
snmpwalk -v 1 -c public 127.0.0.1 .1
# 测试v2
snmpwalk -v 2c -c public 127.0.0.1 .1

snmp v3配置

# 停止服务
systemctl stop snmpd
# 使用net-snmp-create-v3-user用法,创建用户
net-snmp-create-v3-user -h
Usage:
  net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]
                          [-a MD5|SHA] [-x DES|AES] [username]
# -ro:只读,不加-ro默认为读写权限。
# -A authpwd: 用户密码
# -a MD5|SHA: 用户密码加密方式
# -X privpwd: 加密密码
# -x DES|AES: 密码加密方式
# username     用户名

# 创建用户
net-snmp-create-v3-user
Enter a SNMPv3 user name to create: 
# 用户名
snmpuser
Enter authentication pass-phrase:
# 密码
12345678
Enter encryption pass-phrase: 
  [press return to reuse the authentication pass-phrase]
# 加密密码
12345678
adding the following line to /var/lib/net-snmp/snmpd.conf:
   createUser snmpuser MD5 "12345678" DES 12345678
adding the following line to /etc/snmp/snmpd.conf:
   rwuser snmpuser                   #rwuser表示读写权限用户
   

安全级别

# 1.noAuthNoPriv(不认证不加密基本不用,网上没有找到这个级别的资料,一般用下面两种)

# 2.authNoPriv(认证不加密)
# 创建snmp v3用户时,不指定加密密码
net-snmp-create-v3-user -ro -A 12345678 -a MD5 -x DES snmp
# 3.authPriv(认证且加密)
# 创建snmp v3用户时,指定加密密码
net-snmp-create-v3-user -ro -A 12345678 -X 12345678 -a MD5 -x DES snmp

验证

# 1.noAuthNoPriv(不认证不加密基本不用)
# 略
# 2.authNoPriv(认证不加密)
snmpwalk -v 3 -l authNoPriv -u snmp -A 12345678 -a MD5 -x DES 127.0.0.1 .1
# 3.authPriv(认证且加密)
snmpwalk -v 3 -l authPriv -u snmp -A 12345678 -a MD5 -X 12345678 -x DES 127.0.0.1 .1

snmp trap

研究中…

 

标签:协议,加密,create,snmp,12345678,v3,net
来源: https://blog.51cto.com/hiwjk/2983142