2009/07/31

debian Linux 的 snmpd 設定 lenny版

Server snmpd設定

需要設定 Server 的 snmp 才可以讓標準的snmpd 通訊協定抓取統計資料
設定流程 in debian ,修改 /etc/snmpd.conf 設定值如下
[root@www:/etc/snmp]# vim snmpd.conf
# 安全性設定 打開本機 localhost 及 140.117.69.0/24 允許連入 snmpd
com2sec local localhost public
com2sec localnet 140.117.69.0/24 public

# 開放的 snmpd 通訊版本,及哪個版本允許哪個來源連入
group MyRWGroup v1 local
group MyROGroup v1 localnet

group MyROSystem v1 local
group MyROSystem v2c local
group MyROSystem usm local

group MyROGroup v1 localnet
group MyROGroup v2c localnet
group MyROGroup usm localnet

group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local

view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view all included .1 80

access MyROGroup "" any noauth prefix all none none
access MyRWGroup "" any noauth prefix all all all

# snmpd 關於這台裝置的聯絡人資訊
syslocation R1022-42U RACK (edit /etc/snmp/snmpd.conf)
syscontact cccm@cm.nsysu.edu.tw (configure /etc/snmp/snmp.local.conf)
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
重新啟動 snmpd
# /etc/init.d/snmpd restart
先使用 snmpdwalk 這之程式測試本機來源127.0.0.1版本v1是否可以讀取,不行的請更換為本機對外IP
如果沒有此程式請先安裝 apt-get install snmp scli tkmib
# snmpwalk localhost -c public -v1
or
# snmpwalk 140.117.69.6 -c public -v1
結果應該會是如下列內容:
[root@www:/etc/snmp]# snmpwalk 140.117.69.6 -c public -v1 | head -n 20
SNMPv2-MIB::sysDescr.0 = STRING: Linux www.cm.nsysu.edu.tw 2.6.26-1-686-bigmem #1 SMP Fri Mar 13 18:52:29 UTC 2009 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (10929) 0:01:49.29
SNMPv2-MIB::sysContact.0 = STRING: cccm@cm.nsysu.edu.tw (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: www.cm.nsysu.edu.tw
SNMPv2-MIB::sysLocation.0 = STRING: R1022-42U RACK (edit /etc/snmp/snmpd.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORDescr.1 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.3 = STRING: The management information definitions for the SNMP User-based Security Model.
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing TCP implementations
... 略...
debian linux 因為安全性關係,所以在 stable 版本有對於設定修改的比較嚴謹,請修改下列內容讓除了本機以外的機器可以連入 snmpd ,請修改下列檔案
[root@www:~]# vim /etc/default/snmpd
# SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
# 底下預設開啟所有的連接 port 接受連入,如果你的 snmpd.conf 權限控管不嚴格容易被人入侵。
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid UDP:161'
驗證 port 開啟的狀況
root@www:~]# netstat -tnulp | grep 161
udp 0 0 0.0.0.0:161 0.0.0.0:* 20521/snmpd
這樣 snmpd 服務就應該 OK了,但是別忘了預設 snmpd 服務開機要打開,debian指令為 sysvconfig,CentOS/RHEL指令為 chkconfig
[root@www:~]# sysvconfig --listlinks | grep snmpd
snmpd K20 K20 K20 K20 K20 K20 K20
[root@www:~]# runlevel
N 2
[root@www:~]# sysvconfig --enable snmpd
entering noninteractive enable
[root@www:~]# sysvconfig --listlinks | grep snmpd
snmpd K20 K20 S20 S20 S20 S20 K20
參考
http://www.debianhelp.co.uk/snmp.htm