본문 바로가기

리눅스

[리눅스] snmp v3 설정 방법

728x90

snmp v3 설정 방법

테스트 환경

호스트명 아이피 운영체제 NET-SNMP version 비고
control1 192.168.0.51 Ubuntu 22.04 5.9.1  
node1 192.168.0.61 Ubuntu 22.04 5.9.1  
node2 192.168.0.62 CentOS 7.9 5.7.2  

snmp 패키지 설치

  • ubuntu snmpd 패키지 설치
apt install -y snmpd
snmpd -v
$ snmpd -v

NET-SNMP version:  5.9.1
Web:               http://www.net-snmp.org/
Email:             [email protected]

** ubuntu에서는 snmpd 패키지 설치 시 자동으로 데몬을 실행합니다.

  • centos net-snmp 패키지 설치
yum install -y net-snmp
snmpd -v
$ snmpd -v

NET-SNMP version:  5.7.2
Web:               http://www.net-snmp.org/
Email:             [email protected]

 

systemctl --now enable snmpd
$ systemctl --now enable snmpd
Created symlink from /etc/systemd/system/multi-user.target.wants/snmpd.service to /usr/lib/systemd/system/snmpd.service.

snmpwalk 명령어 사용을 위해 아래와 같은 패키지가 필요합니다.

  • ubuntu snmp
apt install -y snmp
  • centos net-snmp-utils
yum install -y net-snmp-utils

 

snmpwalk 명령으로 snmp 질의 테스트

snmpwalk -v1 -c public 127.0.0.1
$ snmpwalk -v1 -c public 127.0.0.1
iso.3.6.1.2.1.1.1.0 = STRING: "Linux kube-control1 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (99759) 0:16:37.59
iso.3.6.1.2.1.1.4.0 = STRING: "Me <[email protected]>"
...
iso.3.6.1.2.1.25.1.4.0 = STRING: "BOOT_IMAGE=/vmlinuz-5.15.0-56-generic root=/dev/mapper/vg0-lv--0 ro"
iso.3.6.1.2.1.25.1.5.0 = Gauge32: 2
iso.3.6.1.2.1.25.1.6.0 = Gauge32: 126
iso.3.6.1.2.1.25.1.7.0 = INTEGER: 0
End of MIB

 

snmpwalk -v1 -c public 127.0.0.1 iso.3.6.1.2.1.1.1.0
$ snmpwalk -v1 -c public 127.0.0.1 iso.3.6.1.2.1.1.1.0
iso.3.6.1.2.1.1.1.0 = STRING: "Linux kube-control1 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64"

snmpv3 user 생성

snmp server(control1)

net-snmp-config 명령을 사용하기 위해 libsnmp-dev 패키지를 설치해야 합니다.

apt install -y libsnmp-dev
$ apt install -y libsnmp-dev       
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 udev : Breaks: systemd (< 249.11-0ubuntu3.6) but 249.11-0ubuntu3.4 is to be installed
        Recommends: systemd-hwe-hwdb but it is not going to be installed
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.

 

apt install -y systemd

 

systemd --version
$ systemd --version
systemd 249 (249.11-0ubuntu3.6)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified

systemd 업그레이드 후 libsnmp-dev 패키지 설치가 가능하였다.

apt install -y libsnmp-dev

snmpd 실행 중지

systemctl stop snmpd

net-snmp-config --create-snmpv3-user 사용법

$ net-snmp-config --create-snmpv3-user --help

Usage:
  net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]
                          [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x DES|AES] [username]

snmpv3 user 설정

net-snmp-config --create-snmpv3-user -A auth-scbyun -X pri-scbyun -x AES -a SHA snmp-scbyun
$ net-snmp-config --create-snmpv3-user -A auth-scbyun -X pri-scbyun -x AES -a SHA snmp-scbyun
adding the following line to /var/lib/snmp/snmpd.conf:
   createUser snmp-scbyun SHA "auth-scbyun" AES "pri-scbyun"
adding the following line to /usr/share/snmp/snmpd.conf:
   rwuser snmp-scbyun

정상적으로 되었다면 snmpd.conf 설정 파일에 "rwuser" 라인이 생성됩니다.

cat /usr/share/snmp/snmpd.conf | grep rwuser
$ cat /usr/share/snmp/snmpd.conf | grep rwuser
rwuser snmp-scbyun

로컬 테스트

$ snmpwalk -v1 -c public 192.168.0.51 iso.3.6.1.2.1.1.5.0
iso.3.6.1.2.1.1.5.0 = STRING: "kube-control1"
$ snmpwalk -v2c -c public 192.168.0.51 iso.3.6.1.2.1.1.5.0
iso.3.6.1.2.1.1.5.0 = STRING: "kube-control1"
$ snmpstatus -v2c -c public 192.168.0.51
[UDP: [192.168.0.51]:161->[0.0.0.0]:34361]=>[Linux kube-control1 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64] Up: 0:07:10.68
Interfaces: 0, Recv/Trans packets: 0/0 | IP: 0/0
snmpwalk -v3 -u snmp-scbyun -l authPriv -a SHA -A auth-scbyun -x AES -X pri-scbyun 192.168.0.51
$ snmpwalk -v3 -u snmp-scbyun -l authPriv -a SHA -A auth-scbyun -x AES -X pri-scbyun 192.168.0.51 iso.3.6.1.2.1.1.5.0
iso.3.6.1.2.1.1.5.0 = STRING: "kube-control1"

snmp 클라이언스 설정

모니터링 대상 서버 : node1, node2 

echo 'createUser snmp-scbyun SHA "auth-scbyun" AES "pri-scbyun"' >> /etc/snmp/snmpd.conf
echo 'rwuser snmp-scbyun' >> /etc/snmp/snmpd.conf

- ubuntu agent address 아이피 치환

sed -i 's/^agentaddress  127.0.0.1,\[::1\]/agentaddress  0.0.0.0/g' snmpd.conf
systemctl restart snmpd

snmp 질의 테스트(control1:server에서 실행)

snmpwalk -v3 -u snmp-scbyun -l authPriv -a SHA -A auth-scbyun -x AES -X pri-scbyun 192.168.0.61 iso.3.6.1.2.1.1.5.0
$ snmpwalk -v3 -u snmp-scbyun -l authPriv -a SHA -A auth-scbyun -x AES -X pri-scbyun 192.168.0.61 iso.3.6.1.2.1.1.5.0
iso.3.6.1.2.1.1.5.0 = STRING: "kube-node1"
$ snmpwalk -v3 -u snmp-scbyun -l authPriv -a SHA -A auth-scbyun -x AES -X pri-scbyun 192.168.0.62 iso.3.6.1.2.1.1.5.0
iso.3.6.1.2.1.1.5.0 = STRING: "kube-node2"

 

참고URL

- snmp v3 설정 방법 : https://scbyun.com/484

 

728x90