一、安装 SNMP 服务🐳
1、安装 SNMP 服务及工具
[root@compute ~]# yum -y install net-snmp net-snmp-utils -y
2、查看版本号
[root@compute ~]# snmpd -v
NET-SNMP version: 5.7.2
Web: http://www.net-snmp.org/
Email: net-snmp-coders@lists.sourceforge.net
二、修改 SNMP Trap 配置文件🐬
1、SNMP V2 Trap 配置文件修改
(1)修改配置文件
在配置文件/etc/snmp/snmpd.conf
中修改community内容
vi /etc/snmp/snmpd.conf
...
####
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec notConfigUser default public
...
将上面的 public 团体名根据实际情况进行修改,修改完成如下所示:
# sec.name source community
com2sec notConfigUser default Ad123min
(2)重启服务
# 启动 SNMP 服务
[root@compute ~]# systemctl start snmpd.service
# 开机启动 SNMP 服务
[root@compute ~]# systemctl enable snmpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/snmpd.service to /usr/lib/systemd/system/snmpd.service.
2、SNMP V3 Trap 配置文件修改
(1)修改配置文件
修改配置文件/etc/snmp/snmptrapd.conf
,在配置文件末尾追加一行,内容格式如下:
createUser -e engineID myuser SHA "my authentication pass" AES "my encryption pass"
# engineID 将要发送trap的应用程序的EngineID
# myuser 将要发送trap的USM用户名
# SHA 身份验证类型(SHA或MD5,其中SHA更好)
# my authentication pass 用于生成机密身份验证密钥的身份验证密码短语。如果包含空格,请用引号将其括起来
# AES 要使用的加密类型(AES或DES,AES更好)
# my encryption pass 用于生成机密加密密钥的加密密码短语。如果包含空格,请用引号将其括起来。如果您将其禁用,它将设置为与身份验证密码相同的密码短语。
示例:
vim /etc/snmp/snmptrapd.conf
# Example configuration file for snmptrapd
#
# No traps are handled by default, you must edit this file!
#
# authCommunity log,execute,net public
# traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold
createUser Ad123min SHA "Ad123min" AES "Ad123min"
(2)重启服务
# 启动 SNMP 服务
[root@compute ~]# systemctl start snmpd.service
# 开机启动 SNMP 服务
[root@compute ~]# systemctl enable snmpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/snmpd.service to /usr/lib/systemd/system/snmpd.service.
三、放通防火墙策略🐠
1、放通 udp 162 端口
(1)查看防火墙状态,如下所示,防火墙未启动,所以不用放通策略。之后的步骤全部省略。
[root@compute ~]# firewall-cmd --state
not running
(2)查看防火墙状态,如下所示,防火墙正在运行,所以需要放通策略。
[root@compute ~]# firewall-cmd --state
running
(3)显示所有公共区域
[root@compute ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
(4)修改配置文件
修改配置文件 /etc/firewalld/zones/public.xml
,增加内容 <port protocol="udp" port="161"/>
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<port protocol="udp" port="161"/>
<service name="dhcpv6-client"/>
</zone>
(5)重启防火墙服务
[root@compute ~]# systemctl restart firewalld.service
(6)重启 SNMP 服务
[root@compute ~]# systemctl restart snmpd.service
请问 这是什么程序源码啊