debian standart repository
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
vim /etc/apt/sources.list ------------------------- deb http://deb.debian.org/debian bullseye main contrib non-free deb-src http://deb.debian.org/debian bullseye main contrib non-free deb http://deb.debian.org/debian-security/ bullseye-security main contrib non-free deb-src http://deb.debian.org/debian-security/ bullseye-security main contrib non-free deb http://deb.debian.org/debian bullseye-updates main contrib non-free deb-src http://deb.debian.org/debian bullseye-updates main contrib non-free deb http://deb.debian.org/debian bullseye-backports main contrib non-free deb-src http://deb.debian.org/debian bullseye-backports main contrib non-free ------------------------- |
Установка:
1 2 3 |
apt-get update && sudo apt-get install snmp snmpd apt-get install snmp-mibs-downloader download-mibs |
Готовим конфиг snmpd.conf — Находим две строки и редактируем их:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
!!! находим строку "#agentaddress 127.0.0.1,[::1]", приводим к виду "agentaddress udp:161" !!! находим строку "rocommunity public default -V systemonly", приводим к виду "rocommunity vasian 192.168.0.0/16" !!! vasian - наше комьюнити !!! 192.168.0.0/16 - наша сеть vim /etc/snmp/snmpd.conf ------------------------ #agentaddress 127.0.0.1,[::1] agentaddress udp:161 # Read-only access to everyone to the systemonly view #rocommunity public default -V systemonly #rocommunity6 public default -V systemonly rocommunity vasian 192.168.0.0/16 ------------------------ |
Проверка:
1 2 3 4 5 6 7 |
ss -alnp | grep snmp | grep 161 snmpwalk -v 2c -c myCommunity localhost snmpwalk -v2c -c public localhost snmpwalk -v2c -c public 192.168.0.1 snmpwalk -v2c -c YouCommunity 192.168.0.1 | head snmptranslate -Tp |
snmp v3
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
0. Останавливаем демон snmpd systemctl stop snmpd 1. Для snmpv3 требуется создать пользователя, для этого используется команда net-snmp-create-v3-user net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass][-x DES|AES] [username] net-snmp-create-v3-user -ro -A SecUREDpass -a SHA -X StRongPASS -x AES snmpreadonly Выполнив эту команду в файл snmpd.conf (по умолчанию /etc/snmp/snmpd.conf, но могут быть и /var/lib/snmp/snmpd.conf, /usr/share/snmp/snmpd.conf ) createUser snmpreadonly SHA "SecUREDpass" AES StRongPASS rouser snmpreadonly 2. Для проверки локально: net-snmp-create-v3-user -x AES -a SHA 3. Запускаем демон snmpd systemctl start snmpd systemctl enable snmpd 4. Проверяем snmpwalk -v3 -a SHA -A SecUREDpass -x AES -X StRongPASS -l authPriv -u snmpreadonly localhost | head -10 |
Пример конфига snmpd.conf:
1 2 3 4 5 6 7 8 |
sysServices 72 master agentx agentaddress udp:161 view systemonly included .1.3.6.1.2.1.1 view systemonly included .1.3.6.1.2.1.25.1 rocommunity vasian 192.168.0.0/16 createUser snmpreadonly SHA "SecUREDpass" AES "StRongPASS" rouser snmpreadonly |