SNMP 를 설정해 보자(CentOS 5.6)
1. snmp 설치
- root 계정으로 접속
#yum -y install net-snmp*
snmpd 의 설정파일은 /etc/snmp/snmpd.conf 파일인에,
yum 으로 최초로 설치되는 snmpd.conf 파일 안에는 뭔가가 아주 많이 들어 있다.
다 삭제하고 read only 로 public 커뮤니티 하나만 세팅해 보자..
# cd /etc/snmp
# mv /etc/snmp/snmpd.conf /etc/snmpd.conf.orig
# echo rocommunity public > snmpd.conf
이렇게 해서 /etc/snmp/snmpd.conf 파일을 열어 보면,
rocommunity public
이렇게 한 줄만 들어가 있다. read only 커뮤니티 public 을 설정한다는 의미일 것이다.
2. snmpd 재시작
# service snmpd restart
다른 방법
#/etc/init.d/snmpd start
방화벽 오픈 및 다른 곳에서 모니터링하기
snmp 는 UDP 161 포트를 사용하고,
snmp trap 은 UDP 162 포트를 사용한다.
3. iptable 설정(리눅스 방화벽)
#cd /etc/sysconfig
#vi iptables
-A INPUT -P udp --dport 161 -j ACCEPT
#service iptables restart
#netstat -nulp
4. nmap 설치 미 확인
#yum -y install nmap
#nmap -sU localhost
5. localhost 의 정보를 읽어 보자
#snmpwalk
USAGE: snmpwalk [OPTIONS] AGENT [OID]
Version: 5.3.2.2
Web: http://www.net-snmp.org/
Email: net-snmp-coders@lists.sourceforge.net
OPTIONS:
-h, --help display this help message
-H display configuration file directives understood
-v 1|2c|3 specifies SNMP version to use
-V, --version display package version number
SNMP Version 1 or 2c specific
-c COMMUNITY set the community string
SNMP Version 3 specific
-a PROTOCOL set authentication protocol (MD5|SHA)
-A PASSPHRASE set authentication protocol pass phrase
-e ENGINE-ID set security engine ID (e.g. 800000020109840301)
-E ENGINE-ID set context engine ID (e.g. 800000020109840301)
-l LEVEL set security level (noAuthNoPriv|authNoPriv|authPriv)
-n CONTEXT set context name (e.g. bridge1)
-u USER-NAME set security name (e.g. bert)
-x PROTOCOL set privacy protocol (DES|AES)
-X PASSPHRASE set privacy protocol pass phrase
-Z BOOTS,TIME set destination engine boots/time
General communication options
-r RETRIES set the number of retries
-t TIMEOUT set the request timeout (in seconds)
Debugging
-d dump input/output packets in hexadecimal
-D[TOKEN[,...]] turn on debugging output for the specified TOKENs
(ALL gives extremely verbose debugging output)
General options
-m MIB[:...] load given list of MIBs (ALL loads everything)
-M DIR[:...] look in given list of directories for MIBs
-P MIBOPTS Toggle various defaults controlling MIB parsing:
u: allow the use of underlines in MIB symbols
c: disallow the use of "--" to terminate comments
d: save the DESCRIPTIONs of the MIB objects
e: disable errors when MIB symbols conflict
w: enable warnings when MIB symbols conflict
W: enable detailed warnings when MIB symbols conflict
R: replace MIB symbols from latest module
-O OUTOPTS Toggle various defaults controlling output display:
0: print leading 0 for single-digit hex characters
a: print all strings in ascii format
b: do not break OID indexes down
e: print enums numerically
E: escape quotes in string indices
f: print full OIDs on output
n: print OIDs numerically
q: quick print for easier parsing
Q: quick print with equal-signs
s: print only last symbolic element of OID
S: print MIB module-id plus last element
t: print timeticks unparsed as numeric integers
T: print human-readable text along with hex strings
u: print OIDs using UCD-style prefix suppression
U: don't print units
v: print values only (not OID = value)
x: print all strings in hex format
X: extended index format
-I INOPTS Toggle various defaults controlling input parsing:
b: do best/regex matching to find a MIB node
h: don't apply DISPLAY-HINTs
r: do not check values for range/type legality
R: do random access to OID labels
u: top-level OIDs must have '.' prefix (UCD-style)
s SUFFIX: Append all textual OIDs with SUFFIX before parsing
S PREFIX: Prepend all textual OIDs with PREFIX before parsing
-L LOGOPTS Toggle various defaults controlling logging:
e: log to standard error
o: log to standard output
n: don't log at all
f file: log to the specified file
s facility: log to syslog (via the specified facility)
(variants)
[EON] pri: log to standard error, output or /dev/null for level 'pri' and above
[EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'
[FS] pri token: log to file/syslog for level 'pri' and above
[FS] p1-p2 token: log to file/syslog for levels 'p1' to 'p2'
-C APPOPTS Set various application specific behaviours:
p: print the number of variables found
i: include given OID in the search range
I: don't include the given OID, even if no results are returned
c: do not check returned OIDs are increasing
t: Display wall-clock time to complete the request
6. localhost 의 snmp 정보 모으기
#snmpwalk -v 2c -c public localhost
7. 원격지 시스템의 snmp 정보 모으기
: 원격지 시스템(넥스지 UTM을 대상으로 함 community 는 aaa로 설정 하였다
#snmpwalk -v 2c -c aaa 호스트IP
#snmpwalk -v2c -c aaa 호스트IP
SNMPv2-MIB::sysDescr.0 = STRING: Linux ns.aaa.or.kr 2.6.6-8hl #1 Tue Oct 12 00:22:29 KST 2004 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (54657) 0:09:06.57
SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
#snmpwalk -v2c -c read-aaa -O f 호스트IP
.iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0 = STRING: Linux ns.aaa.or.kr 2.6.6-8hl #1 Tue Oct 12 00:22:29 KST 2004 i686
.iso.org.dod.internet.mgmt.mib-2.system.sysObjectID.0 = OID: .iso.org.dod.internet.private.enterprises.netSnmp.netSnmpEnumerations.netSnmpAgentOIDs.10
.iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.0 = Timeticks: (47124) 0:07:51.24
.iso.org.dod.internet.mgmt.mib-2.system.sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
#snmpwalk -v2c -c aaa -O fn 호스트IP
.1.3.6.1.2.1.1.1.0 = STRING: Linux ns.aaa.or.kr 2.6.6-8hl #1 Tue Oct 12 00:22:29 KST 2004 i686
.1.3.6.1.2.1.1.2.0 = OID: .1.3.6.1.4.1.8072.3.2.10
.1.3.6.1.2.1.1.3.0 = Timeticks: (76934) 0:12:49.34
.1.3.6.1.2.1.1.4.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
