# Introduction
SNMP, or Simple Network Management Protocol, is widely used to communicate with and monitor network devices, servers, and more,
all via IP. In this case, we’ll be installing an SNMP agent on a CentOS 6.5 server, which will allow for collection of data from
our server, and make the information available to a remote SNMP manager.
# Install SNMP packages
yum -y install net-snmp net-snmp-utils
# Configure SNMP
cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
cat <<'EOF' > /etc/snmp/snmpd.conf
###################################################################
# SNMP configuration - Customzie by Sam KUON #
###################################################################
# Agent address
#agentaddress udp:161
agentAddress udp:161,udp6:[::1]:161
## Access control
#@@ Firstly, Map the community into a security name
# sec.name source community
#com2sec <sec.name> <monitor_server> <community_password>
#com2sec6 <sec.name> <monitor_server_ipv6> <community_password>
com2sec AllowSpecific 192.168.50.10 only4spec!
com2sec AllowAll 192.168.50.10 not4you!
#@@ Secondly, Map the security name into a group
# group.name sec.model sec.name
#group <group_name> <security_mode> <security_name>
group SpecificGroup v2c AllowSpecific
group AllGroup v2c AllowAll
#@@ Thirdly, Create a view to let group have rights to:
#@@ Open up the whole tree for ro, make the RFC 1213 required ones rw.
# Define 'SystemView', which includes everything under .1.3.6.1.2.1.1 (or .1.3.6.1.2.1.25.1)
# Define 'AllView', which includes everything under .1
# view.name incl/excl subtree.mask(Optional)
view SystemView included .1.3.6.1.2.1.1
view SystemView included .1.3.6.1.2.1.25.1.1
view AllView included .1
#@@ Finally, Grant right to group
# Give 'SpecificGroup' read access to objects in the view 'SystemView'
# Give 'AllGroup' read access to objects in the view 'AllView'
# group.name context model level prefix read write notify
access SpecificGroup "" any noauth exact SystemView none none
access AllGroup "" any noauth exact AllView none none
## System contact information
#syslocation <location set>
#syscontact <contact_info>
syslocation Infrastructure, PNH, KH
syscontact Sam KUON, Email:sam.kuonssp@gmail.com, Mob: 086231646
## <<<<<<<<<<<<<<<<<<<<<<<<<<<< End of config >>>>>>>>>>>>>>>>>>>>>>>>>>>>#
EOF
# IPTABLES
echo '-A INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT' >> /etc/sysconfig/iptables.extra
lokkit --custom-rules=ipv4:filter:/etc/sysconfig/iptables.extra
# Enable and start SNMP service
systemctl enable snmpd
systemctl start snmpd
# To test SNMP configuration
snmpwalk -v 2c -c <community> -O e <servername or IP address>
snmpwalk -v 2c -c not4you! -O e 192.168.50.20
snmpwalk -v 2c -c allowfromall! -O e 192.168.50.20
SNMP, or Simple Network Management Protocol, is widely used to communicate with and monitor network devices, servers, and more,
all via IP. In this case, we’ll be installing an SNMP agent on a CentOS 6.5 server, which will allow for collection of data from
our server, and make the information available to a remote SNMP manager.
# Install SNMP packages
yum -y install net-snmp net-snmp-utils
# Configure SNMP
cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
cat <<'EOF' > /etc/snmp/snmpd.conf
###################################################################
# SNMP configuration - Customzie by Sam KUON #
###################################################################
# Agent address
#agentaddress udp:161
agentAddress udp:161,udp6:[::1]:161
#@@ Firstly, Map the community into a security name
# sec.name source community
#com2sec <sec.name> <monitor_server> <community_password>
#com2sec6 <sec.name> <monitor_server_ipv6> <community_password>
com2sec AllowSpecific 192.168.50.10 only4spec!
com2sec AllowAll 192.168.50.10 not4you!
#@@ Secondly, Map the security name into a group
# group.name sec.model sec.name
#group <group_name> <security_mode> <security_name>
group SpecificGroup v2c AllowSpecific
group AllGroup v2c AllowAll
#@@ Thirdly, Create a view to let group have rights to:
#@@ Open up the whole tree for ro, make the RFC 1213 required ones rw.
# Define 'SystemView', which includes everything under .1.3.6.1.2.1.1 (or .1.3.6.1.2.1.25.1)
# Define 'AllView', which includes everything under .1
# view.name incl/excl subtree.mask(Optional)
view SystemView included .1.3.6.1.2.1.1
view SystemView included .1.3.6.1.2.1.25.1.1
view AllView included .1
#@@ Finally, Grant right to group
# Give 'SpecificGroup' read access to objects in the view 'SystemView'
# Give 'AllGroup' read access to objects in the view 'AllView'
# group.name context model level prefix read write notify
access SpecificGroup "" any noauth exact SystemView none none
access AllGroup "" any noauth exact AllView none none
## System contact information
#syslocation <location set>
#syscontact <contact_info>
syslocation Infrastructure, PNH, KH
syscontact Sam KUON, Email:sam.kuonssp@gmail.com, Mob: 086231646
## <<<<<<<<<<<<<<<<<<<<<<<<<<<< End of config >>>>>>>>>>>>>>>>>>>>>>>>>>>>#
EOF
# IPTABLES
echo '-A INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT' >> /etc/sysconfig/iptables.extra
lokkit --custom-rules=ipv4:filter:/etc/sysconfig/iptables.extra
# Enable and start SNMP service
systemctl enable snmpd
systemctl start snmpd
# To test SNMP configuration
snmpwalk -v 2c -c <community> -O e <servername or IP address>
snmpwalk -v 2c -c not4you! -O e 192.168.50.20
snmpwalk -v 2c -c allowfromall! -O e 192.168.50.20
"Semoga artikel ini dapat bermanfaat"
Comments
Post a Comment