728x90
snmp v3 설정 방법
테스트 환경
호스트명 | 아이피 | 운영체제 | NET-SNMP version | 비고 |
control1 | 192.168.0.51 | Ubuntu 22.04 | 5.9.1 | |
node1 | 192.168.0.61 | Ubuntu 22.04 | 5.9.1 | |
node2 | 192.168.0.62 | CentOS 7.9 | 5.7.2 |
snmp 패키지 설치
- ubuntu snmpd 패키지 설치
apt install -y snmpd
snmpd -v
$ snmpd -v
NET-SNMP version: 5.9.1
Web: http://www.net-snmp.org/
Email: [email protected]
** ubuntu에서는 snmpd 패키지 설치 시 자동으로 데몬을 실행합니다.
- centos net-snmp 패키지 설치
yum install -y net-snmp
snmpd -v
$ snmpd -v
NET-SNMP version: 5.7.2
Web: http://www.net-snmp.org/
Email: [email protected]
systemctl --now enable snmpd
$ systemctl --now enable snmpd
Created symlink from /etc/systemd/system/multi-user.target.wants/snmpd.service to /usr/lib/systemd/system/snmpd.service.
snmpwalk 명령어 사용을 위해 아래와 같은 패키지가 필요합니다.
- ubuntu snmp
apt install -y snmp
- centos net-snmp-utils
yum install -y net-snmp-utils
snmpwalk 명령으로 snmp 질의 테스트
snmpwalk -v1 -c public 127.0.0.1
$ snmpwalk -v1 -c public 127.0.0.1
iso.3.6.1.2.1.1.1.0 = STRING: "Linux kube-control1 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (99759) 0:16:37.59
iso.3.6.1.2.1.1.4.0 = STRING: "Me <[email protected]>"
...
iso.3.6.1.2.1.25.1.4.0 = STRING: "BOOT_IMAGE=/vmlinuz-5.15.0-56-generic root=/dev/mapper/vg0-lv--0 ro"
iso.3.6.1.2.1.25.1.5.0 = Gauge32: 2
iso.3.6.1.2.1.25.1.6.0 = Gauge32: 126
iso.3.6.1.2.1.25.1.7.0 = INTEGER: 0
End of MIB
snmpwalk -v1 -c public 127.0.0.1 iso.3.6.1.2.1.1.1.0
$ snmpwalk -v1 -c public 127.0.0.1 iso.3.6.1.2.1.1.1.0
iso.3.6.1.2.1.1.1.0 = STRING: "Linux kube-control1 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64"
snmpv3 user 생성
snmp server(control1)
net-snmp-config 명령을 사용하기 위해 libsnmp-dev 패키지를 설치해야 합니다.
apt install -y libsnmp-dev
$ apt install -y libsnmp-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
udev : Breaks: systemd (< 249.11-0ubuntu3.6) but 249.11-0ubuntu3.4 is to be installed
Recommends: systemd-hwe-hwdb but it is not going to be installed
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
apt install -y systemd
systemd --version
$ systemd --version
systemd 249 (249.11-0ubuntu3.6)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified
systemd 업그레이드 후 libsnmp-dev 패키지 설치가 가능하였다.
apt install -y libsnmp-dev
snmpd 실행 중지
systemctl stop snmpd
net-snmp-config --create-snmpv3-user 사용법
$ net-snmp-config --create-snmpv3-user --help
Usage:
net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]
[-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x DES|AES] [username]
snmpv3 user 설정
net-snmp-config --create-snmpv3-user -A auth-scbyun -X pri-scbyun -x AES -a SHA snmp-scbyun
$ net-snmp-config --create-snmpv3-user -A auth-scbyun -X pri-scbyun -x AES -a SHA snmp-scbyun
adding the following line to /var/lib/snmp/snmpd.conf:
createUser snmp-scbyun SHA "auth-scbyun" AES "pri-scbyun"
adding the following line to /usr/share/snmp/snmpd.conf:
rwuser snmp-scbyun
정상적으로 되었다면 snmpd.conf 설정 파일에 "rwuser" 라인이 생성됩니다.
cat /usr/share/snmp/snmpd.conf | grep rwuser
$ cat /usr/share/snmp/snmpd.conf | grep rwuser
rwuser snmp-scbyun
로컬 테스트
$ snmpwalk -v1 -c public 192.168.0.51 iso.3.6.1.2.1.1.5.0
iso.3.6.1.2.1.1.5.0 = STRING: "kube-control1"
$ snmpwalk -v2c -c public 192.168.0.51 iso.3.6.1.2.1.1.5.0
iso.3.6.1.2.1.1.5.0 = STRING: "kube-control1"
$ snmpstatus -v2c -c public 192.168.0.51
[UDP: [192.168.0.51]:161->[0.0.0.0]:34361]=>[Linux kube-control1 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64] Up: 0:07:10.68
Interfaces: 0, Recv/Trans packets: 0/0 | IP: 0/0
snmpwalk -v3 -u snmp-scbyun -l authPriv -a SHA -A auth-scbyun -x AES -X pri-scbyun 192.168.0.51
$ snmpwalk -v3 -u snmp-scbyun -l authPriv -a SHA -A auth-scbyun -x AES -X pri-scbyun 192.168.0.51 iso.3.6.1.2.1.1.5.0
iso.3.6.1.2.1.1.5.0 = STRING: "kube-control1"
snmp 클라이언스 설정
모니터링 대상 서버 : node1, node2
echo 'createUser snmp-scbyun SHA "auth-scbyun" AES "pri-scbyun"' >> /etc/snmp/snmpd.conf
echo 'rwuser snmp-scbyun' >> /etc/snmp/snmpd.conf
- ubuntu agent address 아이피 치환
sed -i 's/^agentaddress 127.0.0.1,\[::1\]/agentaddress 0.0.0.0/g' snmpd.conf
systemctl restart snmpd
snmp 질의 테스트(control1:server에서 실행)
snmpwalk -v3 -u snmp-scbyun -l authPriv -a SHA -A auth-scbyun -x AES -X pri-scbyun 192.168.0.61 iso.3.6.1.2.1.1.5.0
$ snmpwalk -v3 -u snmp-scbyun -l authPriv -a SHA -A auth-scbyun -x AES -X pri-scbyun 192.168.0.61 iso.3.6.1.2.1.1.5.0
iso.3.6.1.2.1.1.5.0 = STRING: "kube-node1"
$ snmpwalk -v3 -u snmp-scbyun -l authPriv -a SHA -A auth-scbyun -x AES -X pri-scbyun 192.168.0.62 iso.3.6.1.2.1.1.5.0
iso.3.6.1.2.1.1.5.0 = STRING: "kube-node2"
참고URL
- snmp v3 설정 방법 : https://scbyun.com/484
728x90
'리눅스' 카테고리의 다른 글
우분투에서 Samba 서버를 설정하고 구성하는 방법 (0) | 2022.12.16 |
---|---|
centos 7에 go(golang) 설치하는 방법 (0) | 2022.12.16 |
snmpwalk 명령어 (0) | 2022.12.14 |
CentOS 7에서 vsftpd 데몬을 추가 구성하는 방법 (0) | 2022.12.12 |
CentOS 7에서 네트워크 구성을 설정하는 방법(network configuration) (0) | 2022.12.12 |