Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ How to configure SNMPv3 on Ubuntu, CentOS and Cisco systems     - To install Emacs under CentOS 6.5 (Linux)

- Linux System Getting Started Learning: Linux in the last command (Linux)

- Oracle lag () and lpad () function (Database)

- Compile and install Memcached can not find GCC (Programming)

- To install the Contiki development toolchain on Ubuntu (Linux)

- Oracle Data File Management (Database)

- Compile and install Ubuntu Linux 4.0.5 kernel, network and fix vmware kernel module compilation error (Linux)

- Intrusion analysis and prevention tools Knark under Linux platform (Linux)

- The basic principles for the protection of a good linux server security (Linux)

- Use the top command (Linux)

- SQL Server 2008 database synchronization Notes (Database)

- Detailed Linux network security policies and protection measures (Linux)

- Oracle archive log deletion (Database)

- Python extension module Ganglia 3.1.x (Linux)

- shell script: MySQL startup script simple (Database)

- Use CutyCapt to convert HTML pages to png images on Linux (Linux)

- Heartbeat cluster components Overview (Server)

- PostgreSQL use pgpool achieve high availability (Database)

- Print Linux system error codes (Linux)

- RHEL 7.1 compile and install Ganglia 3.7.1 (Server)

 
         
  How to configure SNMPv3 on Ubuntu, CentOS and Cisco systems
     
  Add Date : 2017-08-31      
         
         
         
  Simple Network Management Protocol (SNMP) is a widely used protocol for collecting information inside the device is in progress. For example, many other performance CPU and RAM usage, server load rate of network traffic status of an interface, and the device can use SNMP to query.

Currently, SNMP has three versions: v1, v2c and v3. SNMP v1 and v2c, can be easily configured, which is discussed in the previous article. SNMPv3 adds some extra features, including authentication and encryption scheme (for example, MD5, SHA, AES and DES). This allows us to run queries on the Internet SNMP, SNMPv3 safer and more desirable.

Compared with SNMP v1 or v2c, SNMPv3 configuration is a little different. The following configuration is explained in detail how to proceed.

In Ubuntu and Debian configuration SNMPv3

Use net-snmp-config tool to configure your tool. The following example creates a read-only privileges SNMPv3 account, the user name "snmpv3user" password "snmpv3pass". The default authentication method is MD5 encryption, DES uses a default. These settings can also be changed as desired.

root @ server: ~ # apt-get install snmp snmpd
root @ server: ~ # service snmpd stop
root @ server: ~ # net-snmp-config --create-snmpv3-user -ro -A snmpv3pass snmpv3user

## OUTPUT ##

adding the following line to /var/lib/snmp/snmpd.conf:

  createUser snmpv3user MD5 "snmpv3pass" DES

adding the following line to /usr/share/snmp/snmpd.conf:

  rouser snmpv3user

root @ server: ~ # service snmpd start

SNMPv3 test

Test using snmpwalk SNMP configuration. Successful test results should have a large number of output data. The following example uses V3 accounts established above demonstrates snmpwalk use. Ubuntu and Debian the local server IP address 192.168.1.1.

### SAMPLE OUTPUT ###
iso.3.6.1.2.1.1.1.0 = STRING: "Linux server 3.5.0-23-generic # 35 ~ precise1-Ubuntu SMP Fri Jan 25 17:13:26 UTC 2013 x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (68028) 0: 11: 20.28
iso.3.6.1.2.1.1.7.0 = INTEGER: 72
iso.3.6.1.2.1.1.8.0 = Timeticks: (0) 0: 00: 00.00
iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.10.3.1.1
iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.11.3.1.1
iso.3.6.1.2.1.1.9.1.2.3 = OID: iso.3.6.1.6.3.15.2.1.1
iso.3.6.1.2.1.1.9.1.2.4 = OID: iso.3.6.1.6.3.1
iso.3.6.1.2.1.1.9.1.2.5 = OID: iso.3.6.1.2.1.49
iso.3.6.1.2.1.1.9.1.2.6 = OID: iso.3.6.1.2.1.4
iso.3.6.1.2.1.1.9.1.2.7 = OID: iso.3.6.1.2.1.50
iso.3.6.1.2.1.1.9.1.2.8 = OID: iso.3.6.1.6.3.16.2.2.1
iso.3.6.1.2.1.1.9.1.3.1 = STRING: "The SNMP Management Architecture MIB."
iso.3.6.1.2.1.1.9.1.3.2 = STRING: "The MIB for Message Processing and Dispatching."
iso.3.6.1.2.1.1.9.1.3.3 = STRING: "The management information definitions for the SNMP User-based Security Model."
iso.3.6.1.2.1.1.9.1.3.4 = STRING: "The MIB module for SNMPv2 entities"
iso.3.6.1.2.1.1.9.1.3.5 = STRING: "The MIB module for managing TCP implementations"
iso.3.6.1.2.1.1.9.1.3.6 = STRING: "The MIB module for managing IP and ICMP implementations"
iso.3.6.1.2.1.1.9.1.3.7 = STRING: "The MIB module for managing UDP implementations"
iso.3.6.1.2.1.1.9.1.3.8 = STRING: "View-based Access Control Model for SNMP."
iso.3.6.1.2.1.1.9.1.4.1 = Timeticks: (0) 0: 00: 00.00
iso.3.6.1.2.1.1.9.1.4.2 = Timeticks: (0) 0: 00: 00.00
iso.3.6.1.2.1.1.9.1.4.3 = Timeticks: (0) 0: 00: 00.00
iso.3.6.1.2.1.1.9.1.4.4 = Timeticks: (0) 0: 00: 00.00
iso.3.6.1.2.1.1.9.1.4.5 = Timeticks: (0) 0: 00: 00.00
### And the walk goes on and on ###
Delete SNMPv3 account

When the process of net-snmp-config tool operation, the information is stored in the account among var / lib / snmp / snmpd.conf and /usr/share/snmp/snmpd.conf. Two files. Delete this account is deleted information in the file can be.

root @ server: ~ # service snmpd stop
root @ server: ~ # vim /var/lib/snmp/snmpd.conf

## There should be a similar encrypted line that contains information on the user ##
## This line is removed ##
usmUser 1 3 0x80001f8880056e06573a1e895100000000 0x736e6d7076337573657200 0x736e6d7076337573657200 NULL .1.3.6.1.6.3.10.1.1.2 0x945ed3c9708ea5493f53f953b45a4513 .1.3.6.1.6.3.10.1.2.2 0x945ed3c9708ea5493f53f953b45a4513 ""
root @ server: ~ # vim /usr/share/snmp/snmpd.conf

## The following line is removed ##
   rouser snmpv3user
Then do not forget to restart snmpd

root @ server: ~ # service snmpd start

Configuring SNMPv3 on CentOS or RHEL in

Compared to Ubuntu, configure SNMP v3 user process in CentOS and RHEL are a little different, but basically the same.

First, use yum to install the necessary software

[Root @ server ~] # yum install net-snmp-utils net-snmp-devel

After installation is complete, stop snmpd, then create an account with SNMP read-only property. .

[Root @ server ~] # service snmpd stop

[Root @ server ~] # net-snmp-create-v3-user -ro -A snmpv3pass -a MD5 -x DES snmpv3user

## OUTPUT ##

adding the following line to /var/lib/net-snmp/snmpd.conf:

  createUser snmpv3user MD5 "snmpv3pass" DES

adding the following line to /etc/snmp/snmpd.conf:

  rouser snmpv3user

[Root @ server ~] # service snmpd start

SNMPv3 test

snmpwalk SNMP test configuration and output excellent tool. Successful test results should have a large number of output data.

[Root @ server ~] # snmpwalk -u snmpv3user -A snmpv3pass -a MD5 -l authnoPriv 192.168.1.2 -v3

### OUTPUT ###

SNMPv2-MIB :: sysDescr.0 = STRING: Linux server.example.tst 2.6.32-71.el6.i686 # 1 SMP Fri Nov 12 04:17:17 GMT 2010 i686

SNMPv2-MIB :: sysObjectID.0 = OID: NET-SNMP-MIB :: netSnmpAgentOIDs.10

DISMAN-EVENT-MIB :: sysUpTimeInstance = Timeticks: (28963) 0: 04: 49.63

SNMPv2-MIB :: sysORLastChange.0 = Timeticks: (1) 0: 00: 00.01

SNMPv2-MIB :: sysORID.1 = OID: SNMP-MPD-MIB :: snmpMPDMIBObjects.3.1.1

SNMPv2-MIB :: sysORID.2 = OID: SNMP-USER-BASED-SM-MIB :: usmMIBCompliance

SNMPv2-MIB :: sysORID.3 = OID: SNMP-FRAMEWORK-MIB :: snmpFrameworkMIBCompliance

SNMPv2-MIB :: sysORID.4 = OID: SNMPv2-MIB :: snmpMIB

SNMPv2-MIB :: sysORID.5 = OID: TCP-MIB :: tcpMIB

SNMPv2-MIB :: sysORID.6 = OID: IP-MIB :: ip

SNMPv2-MIB :: sysORID.7 = OID: UDP-MIB :: udpMIB

SNMPv2-MIB :: sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB :: vacmBasicGroup

SNMPv2-MIB :: sysORDescr.1 = STRING: The MIB for Message Processing and Dispatching.

SNMPv2-MIB :: sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.

SNMPv2-MIB :: sysORDescr.3 = STRING: The SNMP Management Architecture MIB.

SNMPv2-MIB :: sysORDescr.4 = STRING: The MIB module for SNMPv2 entities

SNMPv2-MIB :: sysORDescr.5 = STRING: The MIB module for managing TCP implementation

## And the output continues ##

Delete SNMPv3 account

SNMPv3 account information is included in the two files. Delete this account is deleted information in the file can be.

root @ server: ~ # service snmpd stop

root @ server: ~ # vim /var/lib/net-snmp/snmpd.conf

## There should be a similar encrypted line that contains information on the user ##

## This line is removed ##

usmUser 1 3 0x80001f8880056e06573a1e895100000000 0x736e6d7076337573657200 0x736e6d7076337573657200 NULL .1.3.6.1.6.3.10.1.1.2 0x945ed3c9708ea5493f53f953b45a4513 .1.3.6.1.6.3.10.1.2.2 0x945ed3c9708ea5493f53f953b45a4513 ""

root @ server: ~ # vim /etc/snmp/snmpd.conf

## The following line is removed ##

  rouser snmpv3user

root @ server: ~ # service snmpd start

Firewall adjustment (optional)

The following example firewall rules can be used to limit SNMP is allowed to query the source IP address. Two IP addresses (for example, 192.168.1.100 / 101) is placed in the whitelist.

root @ server: ~ # iptables -A INPUT -s 192.168.1.100/32 -p udp -dport 161 -j ACCEPT
root @ server: ~ # iptables -A INPUT -s 192.168.1.101/32 -p udp -dport 161 -j ACCEPT
root @ server: ~ # iptables -A INPUT -p udp -dport 161 -j DROP

Cisco switch and router configuration SNMPv3

Cisco switches and routers also support SNMPv3. The following example will create an access control list (ACL) restrictions allowed to make SNMP queries source IP address. However, this step is skipped.

Set access control list (ACL) (optional)

## Global config mode ##
ip access-list standard SNMP_ACL
permit 192.168.1.100
permit 192.168.1.100

SNMPv3 Configuration

The following configuration creates a group called v3Group and certification AuthNoPriv security level v3. Access previously defined list of optional settings are also supported.

## Global config mode ##
## With ACL ##
snmp-server group v3Group v3 auth access SNMP_ACL
 
## Without ACL ##
snmp-server group v3Group v3 auth

V3user user is created and added in v3Group. MD5 password and AES encryption key is also defined.

snmp-server user v3user v3Group v3 auth md5 snmpv3pass priv aes 128 snmpv3pass

SNMPv3 test

SNMP and related user groups can be viewed in Cisco devices.

### Privileged EXEC mode ##
show snmp user

User name: v3user

Engine ID: ************************

storage-type: nonvolatile active

Authentication Protocol: MD5

Privacy Protocol: AES128

Group-name: v3Group

Snmpwalk any Linux device can be used to verify the configuration and examine the output.

snmpwalk -u snmpv3user -A snmpv3pass -a MD5 -l authnoPriv 192.168.1.3 -v3

iso.3.6.1.2.1.1.1.0 = STRING: "Cisco IOS Software"

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.9.1.1166

iso.3.6.1.2.1.1.7.0 = INTEGER: 78

iso.3.6.1.2.1.1.8.0 = Timeticks: (0) 0: 00: 00.00

iso.3.6.1.2.1.2.1.0 = INTEGER: 54

iso.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1

iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2

iso.3.6.1.2.1.2.2.1.1.3 = INTEGER: 3

## Output truncated ##
     
         
         
         
  More:      
 
- CentOS6.0 successful installation and configuration OpenCV (Linux)
- Source encountered problems and solutions when installing SaltStack (Server)
- Oracle index visible and hidden (visible / invisible) (Database)
- 256 with rich colors decorate your terminal (Linux)
- How to use Android Studio to play more package names APK (Programming)
- How to cool down your Ubuntu system (Linux)
- Android graphic introduction NDK installation and simple jni demo implementation (Linux)
- Editor of the popular Linux Gvim (Linux)
- MongoDB 3.2 Cluster Setup (Database)
- Sniffer Linux Environment (Linux)
- Differences Shell scripting languages and compiled languages (Programming)
- Availability Hadoop platform - Oozie Workflow (Server)
- Linux server alarms using Java (Server)
- Ubuntu achieve initialization iptables (Linux)
- RM Environment Database RMAN Backup Strategy Formulation (Database)
- KVM QEMU virtual machine installation configuration under CentOS (Linux)
- Linux system security Comments (Linux)
- Ubuntu install Scala 2.10.x version (Linux)
- Python-- for anomalies and reflection of objects articles (Programming)
- Laravel 4.2 Laravel5 comprehensive upgrade Raiders (Server)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.