本文共 8075 字,大约阅读时间需要 26 分钟。
系统介绍:
root@ubuntu:~# cat /etc/issue
Ubuntu 12.04.1 LTS \n \l
安装:
apt-get install snmpd
配置:
修改/etc/snmp/snmpd.conf文件;
屏蔽第15行
#agentAddress udp:127.0.0.1:161
打开第17行
agentAddress udp:161,udp6:[::1]:161
最下面添加如下信息:
com2sec notConfigUser default public
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1
access notConfigGroup "" any noauth exact systemview none none
syslocation 7 floor room 192.168.1.191
syscontact Root xzy
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
启动snmpd服务
service snmpd restart
安全:
为了更好做到安全策略,我们现在配置snmp只允许某个ip连接。
vim /etc/hosts.allow文件,添加如下信息:
snmpd:xx.xx.xx.xx:allow
snmpd:all:deny
系统介绍:
[root@localhost~]# cat /etc/issue
CentOS release 6.5 (Final)
Kernel \r on an \m
安装:
yum install -y net-snmp
yum install -y net-snmp-libs
yum install -y net-snmp-perl
yum install -y net-snmp-utils
启动:
service snmpd restart
修改配置文件:
cd /etc/snmp
mv snmpd.conf snmpd.conf.sav
vim snmpd.conf
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 | ############################################################################### # # EXAMPLE.conf: # An example configuration file for configuring the Net-SNMP agent ('snmpd') # See the 'snmpd.conf(5)' man page for details # # Some entries are deliberately commented out, and will need to be explicitly activated # ############################################################################### # # AGENT BEHAVIOUR # # Listen for connections from the local system only #agentAddress udp:127.0.0.1:161 # Listen for connections on all interfaces (both IPv4 *and* IPv6) agentAddress udp:161,udp6:[::1]:161 ############################################################################### # # SNMPv3 AUTHENTICATION # # Note that these particular settings don't actually belong here. # They should be copied to the file /var/lib/snmp/snmpd.conf # and the passwords changed, before being uncommented in that file *only*. # Then restart the agent # createUser authOnlyUser MD5 "remember to change this password" # createUser authPrivUser SHA "remember to change this one too" DES # createUser internalUser MD5 "this is only ever used internally, but still change the password" # If you also change the usernames (which might be sensible), # then remember to update the other occurances in this example config file to match. ############################################################################### # # ACCESS CONTROL # # system + hrSystem groups only view systemonly included .1.3.6.1.2.1.1 view systemonly included .1.3.6.1.2.1.25.1 # Full access from the local host #rocommunity public localhost # Default access to basic system info #rocommunity public default -V systemonly # Full access from an example network # Adjust this network address to match your local # settings, change the community string, # and check the 'agentAddress' setting above #rocommunity secret 10.0.0.0/16 # Full read-only access for SNMPv3 rouser authOnlyUser # Full write access for encrypted requests # Remember to activate the 'createUser' lines above #rwuser authPrivUser priv # It's no longer typically necessary to use the full 'com2sec/group/access' configuration # r[ou]user and r[ow]community, together with suitable views, should cover most requirements ############################################################################### # # SYSTEM INFORMATION # # Note that setting these values here, results in the corresponding MIB objects being 'read-only' # See snmpd.conf(5) for more details sysLocation Sitting on the Dock of the Bay sysContact Me <me@example.org> # Application + End-to-End layers sysServices 72 # # Process Monitoring # # At least one 'mountd' process proc mountd # No more than 4 'ntalkd' processes - 0 is OK proc ntalkd 4 # At least one 'sendmail' process, but no more than 10 proc sendmail 10 1 # Walk the UCD-SNMP-MIB::prTable to see the resulting output # Note that this table will be empty if there are no "proc" entries in the snmpd.conf file # # Disk Monitoring # # 10MBs required on root disk, 5% free on /var, 10% free on all other disks disk / 10000 disk /var 5% includeAllDisks 10% # Walk the UCD-SNMP-MIB::dskTable to see the resulting output # Note that this table will be empty if there are no "disk" entries in the snmpd.conf file # # System Load # # Unacceptable 1-, 5-, and 15-minute load averages load 12 10 5 # Walk the UCD-SNMP-MIB::laTable to see the resulting output # Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file ############################################################################### # # ACTIVE MONITORING # # send SNMPv1 traps trapsink localhost public # send SNMPv2c traps #trap2sink localhost public # send SNMPv2c INFORMs #informsink localhost public # Note that you typically only want *one* of these three lines # Uncommenting two (or all three) will result in multiple copies of each notification. # # Event MIB - automatically generate alerts # # Remember to activate the 'createUser' lines above iquerySecName internalUser rouser internalUser # generate traps on UCD error conditions defaultMonitors yes # generate traps on linkUp/Down linkUpDownNotifications yes ############################################################################### # # EXTENDING THE AGENT # # # Arbitrary extension commands # extend test1 /bin/echo Hello, world! extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35 #extend-sh test3 /bin/sh /tmp/shtest # Note that this last entry requires the script '/tmp/shtest' to be created first, # containing the same three shell commands, before the line is uncommented # Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table # and nsExtendOutput2Table) to see the resulting output # Note that the "extend" directive supercedes the previous "exec" and "sh" directives # However, walking the UCD-SNMP-MIB::extTable should still returns the same output, # as well as the fuller results in the above tables. # # "Pass-through" MIB extension command # #pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest #pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl # Note that this requires one of the two 'passtest' scripts to be installed first, # before the appropriate line is uncommented. # These scripts can be found in the 'local' directory of the source distribution, # and are not installed automatically. # Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output # # AgentX Sub-agents # # Run as an AgentX master agent master agentx # Listen for network connections (from localhost) # rather than the default named socket /var/agentx/master #agentXSocket tcp:localhost:705 com2sec notConfigUser default XXX group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser view systemview included .1 access notConfigGroup "" any noauth exact systemview none none syslocation 7 floor room XXX syscontact Root xzy pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat |
安全:
修改服务器iptables防火墙:
vim /etc/sysconfig/iptables
-A INPUT -s xxxx/xx -p udp -m udp --dport 161 -j ACCEPT
修改snmp的允许连接的ip:
vim /etc/hosts.allow
snmpd:xx.xx.xx.xx:allow
snmpd:all:deny
系统介绍:
安装:
开始-->控制面板-->添加或删除程序
添加/删除Windows组建(A)-->管理和监视工具
简单网络管理协议(SNMP) 打勾-->确定
中途可能会提示放入光盘,在光驱内放入win2003光盘即可
配置:
我点电脑-->右键-->管理
服务和应用程序-->服务
找到右边的SNMP Service服务双击选择属性-->安全分别添加团体名和信任主机ip
安装配置完成