NET-SNMP V3 Protocol Installation configuration note (CentOS 6.3/5.6)

Note: SNMP V3 requires the need to turn off selinux and firewalls;

To close the SELinux method:

#VI /etc/selinux/config

The selinux= "" in the file is disabled and then restarted.

To turn off the firewall method:

Service Iptables Stop

Boot does not start the firewall:

Chkconfig iptables off

1. Check if the server has the NET-SNMP service installed and skip this link if it is already installed.

Pre-Installation Prerequisite kit NET-SNMP Net-snmp-devel net-snmp-utils
Description

NET-SNMP: Provides a portal that allows the monitoring server to communicate with the monitored machine from this portal via the SNMP protocol net-snmp-devel: To use Net-snmp-config, Net-snmp-utils is designed to use Snmpwalknet-snmp-libs: Provides a library file that runs the required net-snmp-utils:  provides a set of tools to communicate with the SNMP protocol

My installation is as follows:

Yum Install net-snmp net-snmp-devel net-snmp-utils

2. After successful, start configuring/etc/snmp/snmpd.conf

If it is already started, stop it before configuring it:

[root@hxweb101~]service snmpd stop

#注意:-A is the password,-A is the password encryption method, and the user name with      the last Face #-ro represents a read-only user group, you can collect information, but you cannot change the system settings # Description: When the Snmpwalk test,-a means the encryption method,-  ~]$ net-snmp-config--create-snmpv3-user-ro-a mypass-/var/lib/net-snmp/snmpd.conf:#    "[email protected]"/etc/snmp/snmpd.conf:#   rouser myname 

Note here that the path to the configuration file has changed:

5. X is:/var/net-snmp/6. X is:/var/lib/net-snmp/snmpd.conf

Then start, test:

[[Email protected] ~]$ Service snmpd start[[email protected]~]$ snmpwalk-v3-u myname-l auth-a md5-a mypass127.0.0.1 if#如果输出下面信息, stating that the configuration was successful: IF-mib::ifindex.1= INTEGER:1IF-mib::ifindex.2= INTEGER:2IF-mib::ifindex.3= INTEGER:3IF-mib::ifdescr.1=string:loif-mib::ifdescr.2=string:em1if-mib::ifdescr.3=string:em2if-mib::iftype.1= Integer:softwareloopback ( -) IF-mib::iftype.2= INTEGER:ETHERNETCSMACD (6) IF-mib::iftype.3= INTEGER:ETHERNETCSMACD (6) IF-mib::ifmtu.1= INTEGER:16436IF-mib::ifmtu.2= INTEGER: theIF-mib::ifmtu.3= INTEGER: the........ IF-mib::ifoutdiscards.1= Counter32:0IF-mib::ifoutdiscards.2= Counter32:0IF-mib::ifoutdiscards.3= Counter32:0IF-mib::ifouterrors.1= Counter32:0IF-mib::ifouterrors.2= Counter32:0IF-mib::ifouterrors.3= Counter32:0IF-mib::ifoutqlen.1= Gauge32:0IF-mib::ifoutqlen.2= Gauge32:0IF-mib::ifoutqlen.3= Gauge32:0IF-mib::ifspecific.1= oid:snmpv2-smi::zerodotzeroif-mib::ifspecific.2= oid:snmpv2-smi::zerodotzeroif-mib::ifspecific.3= Oid:snmpv2-smi::zerodotzero

I created the user without setting the Privpass, is to simplify the process, if you want to create with Privpass authentication, and this privpass can also choose different from the password encryption method, for example, my password with MD5 encryption, and Privpass with AES encryption, Increase the crack difficulty, then you can write

net-snmp-config:--create-snmpv3-user [-ro] [-a authpass] [-X Privpass] [-X DES] [-A md5| SHA] [Username]

Snmpwalk V3 Validation Common parameters:

1|2c| 3              Specifies SNMP versionto use-u user-name          set security name (e.g. Bert)-L level              set Securi Ty level (noauthnopriv|authnopriv|  AUTHPRIV)-a PROTOCOL           set authentication PROTOCOL (md5|  SHA)-A PASSPHRASE         set authentication protocol pass phrase-x Protocol           Set Privacy Protocol ( des| AES) -X PASSPHRASE         Set Privacy Protocol pass phrase

Snmpwalk v2c/v1 validation commonly used:

-C COMMUNITY          string

For example, an SNMP V3 user creates an instance:

[Email protected] ~]$ net-snmp-config--create-snmpv3-user-ro-a mypass-a md5-x myprivpass-127.0. 
   
    0.1
    If
   

After the command executes, a new configuration file snmpd.conf is automatically created, and the content is simple. Only the user name and permissions, and information about the authentication method is stored in the/var/net-snmp/snmpd.conf file.

Cat /var/lib/net-snmp/snmpd.conf

3. Set Iptables to ensure safety

The next thing is to open the UDP port that specifies IP access 161

12. Only x.x.x.x can send a UDP packet to your server's 161 port # for SNMP--------------   161 -161 -j ACCEPT

Original: Http://blog.hexu.org/archives/1698.shtml/comment-page-1

NET-SNMP V3 Protocol Installation configuration note (CentOS 6.3/5.6)