Note: SNMP V3 requires the need to turn off selinux and firewalls;
To close the SELinux method:
#VI /etc/selinux/config
The selinux= "" in the file is disabled and then restarted.
To turn off the firewall method:
Service Iptables Stop
Boot does not start the firewall:
Chkconfig iptables off
1. Check if the server has the NET-SNMP service installed and skip this link if it is already installed.
Pre-Installation Prerequisite kit NET-SNMP Net-snmp-devel net-snmp-utils
Description
NET-SNMP: Provides a portal that allows the monitoring server to communicate with the monitored machine from this portal via the SNMP protocol net-snmp-devel: To use Net-snmp-config, Net-snmp-utils is designed to use Snmpwalknet-snmp-libs: Provides a library file that runs the required net-snmp-utils: provides a set of tools to communicate with the SNMP protocol
My installation is as follows:
Yum Install net-snmp net-snmp-devel net-snmp-utils
2. After successful, start configuring/etc/snmp/snmpd.conf
If it is already started, stop it before configuring it:
[root@hxweb101~]service snmpd stop
#注意:-A is the password,-A is the password encryption method, and the user name with the last Face #-ro represents a read-only user group, you can collect information, but you cannot change the system settings # Description: When the Snmpwalk test,-a means the encryption method,- ~]$ net-snmp-config--create-snmpv3-user-ro-a mypass-/var/lib/net-snmp/snmpd.conf:# "[email protected]"/etc/snmp/snmpd.conf:# rouser myname
Note here that the path to the configuration file has changed:
5. X is:/var/net-snmp/6. X is:/var/lib/net-snmp/snmpd.conf
Then start, test:
[[Email protected] ~]$ Service snmpd start[[email protected]~]$ snmpwalk-v3-u myname-l auth-a md5-a mypass127.0.0.1 if#如果输出下面信息, stating that the configuration was successful: IF-mib::ifindex.1= INTEGER:1IF-mib::ifindex.2= INTEGER:2IF-mib::ifindex.3= INTEGER:3IF-mib::ifdescr.1=string:loif-mib::ifdescr.2=string:em1if-mib::ifdescr.3=string:em2if-mib::iftype.1= Integer:softwareloopback ( -) IF-mib::iftype.2= INTEGER:ETHERNETCSMACD (6) IF-mib::iftype.3= INTEGER:ETHERNETCSMACD (6) IF-mib::ifmtu.1= INTEGER:16436IF-mib::ifmtu.2= INTEGER: theIF-mib::ifmtu.3= INTEGER: the........ IF-mib::ifoutdiscards.1= Counter32:0IF-mib::ifoutdiscards.2= Counter32:0IF-mib::ifoutdiscards.3= Counter32:0IF-mib::ifouterrors.1= Counter32:0IF-mib::ifouterrors.2= Counter32:0IF-mib::ifouterrors.3= Counter32:0IF-mib::ifoutqlen.1= Gauge32:0IF-mib::ifoutqlen.2= Gauge32:0IF-mib::ifoutqlen.3= Gauge32:0IF-mib::ifspecific.1= oid:snmpv2-smi::zerodotzeroif-mib::ifspecific.2= oid:snmpv2-smi::zerodotzeroif-mib::ifspecific.3= Oid:snmpv2-smi::zerodotzero
I created the user without setting the Privpass, is to simplify the process, if you want to create with Privpass authentication, and this privpass can also choose different from the password encryption method, for example, my password with MD5 encryption, and Privpass with AES encryption, Increase the crack difficulty, then you can write
net-snmp-config:--create-snmpv3-user [-ro] [-a authpass] [-X Privpass] [-X DES] [-A md5| SHA] [Username]
Snmpwalk V3 Validation Common parameters:
1|2c| 3 Specifies SNMP versionto use-u user-name set security name (e.g. Bert)-L level set Securi Ty level (noauthnopriv|authnopriv| AUTHPRIV)-a PROTOCOL set authentication PROTOCOL (md5| SHA)-A PASSPHRASE set authentication protocol pass phrase-x Protocol Set Privacy Protocol ( des| AES) -X PASSPHRASE Set Privacy Protocol pass phrase
Snmpwalk v2c/v1 validation commonly used:
-C COMMUNITY string
For example, an SNMP V3 user creates an instance:
[Email protected] ~]$ net-snmp-config--create-snmpv3-user-ro-a mypass-a md5-x myprivpass-127.0.
0.1
If
After the command executes, a new configuration file snmpd.conf is automatically created, and the content is simple. Only the user name and permissions, and information about the authentication method is stored in the/var/net-snmp/snmpd.conf file.
Cat /var/lib/net-snmp/snmpd.conf
3. Set Iptables to ensure safety
The next thing is to open the UDP port that specifies IP access 161
12. Only x.x.x.x can send a UDP packet to your server's 161 port # for SNMP-------------- 161 -161 -j ACCEPT
Original: Http://blog.hexu.org/archives/1698.shtml/comment-page-1
NET-SNMP V3 Protocol Installation configuration note (CentOS 6.3/5.6)