First you need to install the necessary SNMP package on the system to monitor a Linux Host using SNMP.
# yum install net-snmp-utils net-snmp
Make sure the the snmpd runs on runlevel 3 and 5
# chkconfig --level 35 snmpd on (You can verify this by #chkconfig --list snmpd)
snmpd should be listening on tcp port 199
# netstat -an | grep 199
You can see that
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN
CONFIGURATION
Next, you need to back up the original snmpd.conf and create your own snmpd.conf
# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
# vim /etc/snmp/snmpd.conf
Now do the following four steps
First, map the community name "public" into a "security name" by changing
com2sec notConfigUser default public
with these
com2sec local localhost public
com2sec mynetwork 192.168.1.0/24 public
Note that the public community string setting above also specifies a network (192.168.1.0/24 is what my network is) from which the query must originate from. This is a good security measure for limiting access.
Second, map the security name into a group name by changing
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
these with
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
group MyROGroup usm mynetwork
Third, create a view for us to let the group have rights to by changing
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
with these
view all included .1 80
Finally, grant the group read-only access to the systemview view by changing
access notConfigGroup "" any noauth exact systemview none none
with these
access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none
Save the configuration file and restart snmpd service (# service snmpd restart).
VERIFICATION
You can verify this by run this command
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
Now you should get something like
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.192.168.1.11 = INTEGER: 2
Where 192.168.2.11 is ip address of my Linux Host.
Note:
1. The easiest way to configure snmp on your system is to edit the configuration file and specify a community string that can be used to issue queries.
# vim /etc/snmp/snmpd.conf
rocommunity public 192.168.1.0/24, where 192.168.1.0 is your network.
Save the configuration file and restart snmp services. You can verify snmp is properly configured by
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
2. If you are using firewall you need to edit your firewall settings. You will need to open up UDP port 161 to allow SNMP queries to the Linux Host. Add these line to the file /etc/sysconfig/iptables and restart iptable.
iptables -I INPUT -p udp –-destination-port 161 -j ACCEPT
3. If you are using TCP Wrappers you may need to add the address of your Linux Host to the allowed hosts file (/etc/hosts.allow).
No comments:
Post a Comment