■RHEL7のSNMP/SNMPTrapdを設定してみる。 $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.1 (Maipo) ■SNMPのデフォルトの設定を確認。 $ sudo awk '!/^#|^$/' /etc/snmp/snmpd.conf com2sec notConfigUser default public group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 access notConfigGroup "" any noauth exact systemview none none syslocation Unknown (edit /etc/snmp/snmpd.conf) syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf) dontLogTCPWrappersConnects yes ■コミュニティ名myhomeとしてアクセス権を追加。 $ sudo grep myhome /etc/snmp/snmpd.conf || \ echo 'rocommunity myhome 172.31.31.0/24 .1.3.6.1.2.1.1' | \ sudo tee -a /etc/snmp/snmpd.conf; \ sudo systemctl reload snmpd; \ sudo grep $(date '+%H:%M:%S') /var/log/messages rocommunity myhome 172.31.31.0/24 .1.3.6.1.2.1.1 Apr 23 22:50:53 localhost systemd: Reloading Simple Network Management Protocol (SNMP) Daemon.. Apr 23 22:50:53 localhost snmpd[26139]: Reconfiguring daemon Apr 23 22:50:53 localhost snmpd[26139]: NET-SNMP version 5.7.2 restarted Apr 23 22:50:53 localhost systemd: Reloaded Simple Network Management Protocol (SNMP) Daemon.. $ netstat -an | grep :16[12] udp 0 0 0.0.0.0:161 0.0.0.0:* $ snmpwalk -c myhome -v1 172.31.31.54 | awk '/SNMP/{sum+=1}END{print sum}' 36 $ snmpwalk -c myhome -v2c 172.31.31.54 | awk '/SNMP/{sum+=1}END{print sum}' 37 ■firewall-cmdのデフォルト設定の確認 $ firewall-cmd --get-active-zones public interfaces: eno16780032 $ firewall-cmd --list-all --zone=public public (default, active) interfaces: eno16780032 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: ■[dhcpv6-client]はサービスに登録あり、再起動後も使用しない[--permanent]ので削除。 $ firewall-cmd --get-services | tr ' ' '\n' | awk '/dhcpv6-client/' dhcpv6-client $ sudo firewall-cmd --remove-service=dhcpv6-client --zone=public --permanent; \ sudo firewall-cmd --reload;firewall-cmd --list-all --zone=public success public (default, active) interfaces: eno16780032 sources: services: ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: ■SNMPはサービスに登録なし、ポート[161/ufp]として再起動後も使用する[--permanent]ので追加。 $ firewall-cmd --get-services | tr ' ' '\n' | awk '/snmp/' $ sudo firewall-cmd --list-all-zones | awk '/^[a-z]/' block dmz drop external home internal public (default, active) trusted work $ sudo firewall-cmd --add-port=161/udp --zone=public --permanent; \ sudo firewall-cmd --reload;firewall-cmd --list-all --zone=public success public (default, active) interfaces: eno16780032 sources: services: ssh ports: 161/udp masquerade: no forward-ports: icmp-blocks: rich rules: ■[public]とはいえ、内部からしか使用しないので、[sources]を制限。 $ sudo firewall-cmd --add-source=172.31.31.0/24 --zone=public --permanent; \ sudo firewall-cmd --reload;firewall-cmd --list-all --zone=public success public (default, active) interfaces: eno16780032 sources: 172.31.31.0/24 services: ssh ports: 161/udp masquerade: no forward-ports: icmp-blocks: rich rules: ■SNMPTrapdを設定 $ systemctl status snmptrapd snmptrapd.service - Simple Network Management Protocol (SNMP) Trap Daemon. Loaded: loaded (/usr/lib/systemd/system/snmptrapd.service; disabled) Active: inactive (dead) $ sudo systemctl enable snmptrapd.service $ sudo grep "disableauthorization yes" /etc/snmp/snmptrapd.conf || \ echo "disableauthorization yes" | sudo tee -a /etc/snmp/snmptrapd.conf; \ sudo grep "^auth.*public" /etc/snmp/snmptrapd.conf || \ echo "authCommunity log,execute,net public" | sudo tee -a /etc/snmp/snmptrapd.conf; \ sudo grep "^auth.*myhome" /etc/snmp/snmptrapd.conf || \ echo "authCommunity log,execute,net myhome" | sudo tee -a /etc/snmp/snmptrapd.conf; \ sudo systemctl restart snmptrapd;sudo grep $(date '+%H:%M:%S') /var/log/messages disableauthorization yes authCommunity log,execute,net public authCommunity log,execute,net myhome Apr 23 23:53:07 localhost systemd: Stopping Simple Network Management Protocol (SNMP) Trap Daemon.... Apr 23 23:53:07 localhost snmptrapd[32630]: 2016-04-23 23:53:07 NET-SNMP version 5.7.2 Stopped. Apr 23 23:53:07 localhost snmptrapd[32630]: Stopping snmptrapd Apr 23 23:53:07 localhost systemd: Starting Simple Network Management Protocol (SNMP) Trap Daemon.... Apr 23 23:53:07 localhost snmptrapd[32755]: NET-SNMP version 5.7.2 Apr 23 23:53:07 localhost systemd: Started Simple Network Management Protocol (SNMP) Trap Daemon.. $ sudo snmptrap -v 2c -c public localhost '' .1.3.6.1.4.1.8072.100 .1.3.6.1.4.1.8072.100.1 s "hogehoge"; \ sudo grep snmptrapd /var/log/messages | grep $(date '+%H:%M:%S') Apr 23 23:36:01 localhost snmptrapd[31762]: 2016-04-23 23:36:01 localhost [UDP: [127.0.0.1]:44171->[127.0.0.1]:162]: $ sudo snmptrap -v 2c -c myhome localhost '' .1.3.6.1.4.1.8072.100 .1.3.6.1.4.1.8072.100.1 s "hogehoge"; \ sudo grep snmptrapd /var/log/messages | grep $(date '+%H:%M:%S') Apr 23 23:36:31 localhost snmptrapd[31762]: 2016-04-23 23:36:31 localhost [UDP: [127.0.0.1]:35168->[127.0.0.1]:162]: ■SNMPDTrapdのポート開放 $ sudo firewall-cmd --add-port=162/udp --zone=public --permanent; \ sudo firewall-cmd --reload;firewall-cmd --list-all --zone=public success success public (default, active) interfaces: eno16780032 sources: 172.31.31.0/24 services: ssh ports: 162/udp 161/udp masquerade: no forward-ports: icmp-blocks: rich rules: ■firewall-cmdの[sources]範囲からのトラップメッセージが受信出来ることを確認。 $ sudo tail -2 /var/log/messages | sed -e 's/\t/\n /g' -e 's/snmptrapd\[[0-9]*\]:/&\n /g' Apr 23 23:44:54 localhost snmptrapd[31762]: 2016-04-23 23:54:44 <UNKNOWN> [UDP: [172.31.31.55]:33821->[172.31.31.54]:162]: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (24627465) 2 days, 20:24:34.65 SNMPv2-MIB::snmpTrapOID.0 = OID: NET-SNMP-MIB::netSnmp.100 NET-SNMP-MIB::netSnmp.100.1 = STRING: "hogehoge"