読者です 読者をやめる 読者になる 読者になる

labunix's blog

labunixのラボUnix

RHEL7のオプショナルを有効にしてnet-snmp-perlを導入する。ついでにEPEL有効化。

■RHEL7のオプショナルを有効にしてnet-snmp-perlを導入する。ついでにEPEL有効化。

$ cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.2 (Maipo)

■リポジトリーリストの確認方法いろいろ。

$ subscription-manager repos --list 2>&1 | tee repolist.log
スーパーユーザー権限を必要とする"subscription-manager"を実行しようとしていますが、
 実行するには追加情報が必要です。
"root" として認証しています
パスワード:
...

$ grep -B 3 "有効.*1" repolist.log | awk '/ID/{print $3}'
rhel-rs-for-rhel-7-server-eus-rpms
rhel-ha-for-rhel-7-server-eus-rpms
rhel-7-server-eus-rpms
rhel-7-server-rt-beta-rpms
rhel-rs-for-rhel-7-server-rpms
rhel-7-server-rpms
rhel-ha-for-rhel-7-server-rpms
rhel-7-server-rt-rpms

$ yum repolist 2>&1 | awk '/^rhel/{print $1}'
rhel-7-server-eus-rpms/7Server/x86_64
rhel-7-server-rpms/7Server/x86_64
rhel-7-server-rt-beta-rpms/x86_64
rhel-7-server-rt-rpms/7Server/x86_64
rhel-ha-for-rhel-7-server-eus-rpms/7Server/x86_64
rhel-ha-for-rhel-7-server-rpms/7Server/x86_64
rhel-rs-for-rhel-7-server-eus-rpms/7Server/x86_64
rhel-rs-for-rhel-7-server-rpms/7Server/x86_64

■wgetにプロキシを必要とする場合は以下のように。

$ awk '/proxy/&&!/^#/{print}' /etc/wgetrc 
https_proxy = http://172.31.31.254:8080/
http_proxy = http://172.31.31.254:8080/
ftp_proxy = http://172.31.31.254:8080/
use_proxy = on

■これはyumのプロキシと同じ。

$ sudo awk '/Proxy=/' /etc/sysconfig/rhn/up2date 
enableProxy=1
httpProxy=172.31.31.254:8080

■オプショナルを有効化

$ grep -B 3 "有効.*0" repolist.log | awk '/ID/&&/optional/{print $3}'
rhel-7-server-optional-beta-debug-rpms
rhel-7-server-optional-fastrack-debug-rpms
rhel-7-server-optional-debug-rpms
rhel-7-server-optional-fastrack-rpms
rhel-7-server-optional-source-rpms
rhel-7-server-eus-optional-rpms
rhel-7-server-eus-optional-source-rpms
rhel-7-server-optional-beta-source-rpms
rhel-7-server-eus-optional-debug-rpms
rhel-7-server-optional-rpms
rhel-7-server-optional-fastrack-source-rpms
rhel-7-server-optional-beta-rpms

$ subscription-manager repos --enable rhel-7-server-optional-rpms
スーパーユーザー権限を必要とする"subscription-manager"を実行しようとしていますが、
 実行するには追加情報が必要です。
"root" として認証しています
パスワード:

■[net-snmp-perl][rhel-7-server-optional-rpms]から提供されている。

$ sudo yum info net-snmp-perl
読み込んだプラグイン:langpacks, product-id, search-disabled-repos, subscription-manager
インストール済みパッケージ
名前                : net-snmp-perl
アーキテクチャー    : x86_64
エポック            : 1
バージョン          : 5.7.2
リリース            : 24.el7
容量                : 1.1 M
リポジトリー        : installed
提供元リポジトリー  : rhel-7-server-optional-rpms
要約                : The perl NET-SNMP module and the mib2c tool
URL                 : http://net-snmp.sourceforge.net/
ライセンス          : BSD
説明                : The net-snmp-perl package contains the perl files to use
                    : SNMP from within Perl.
                    : 
                    : Install the net-snmp-perl package, if you want to use
                    : mib2c or SNMP with perl.

■[net-snmp-perl]の導入

$ sudo yum install -y net-snmp-perl
$ env LANG=C yum info net-snmp-perl.x86_64 2>&1 | awk '/repo/'
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-
From repo   : rhel-7-server-optional-rpms

$ sudo grep "^traphandle" /etc/snmp/snmptrapd.conf || \
    echo "traphandle default /usr/bin/traptoemail -s localhost root@localhost" | \
    sudo tee -a /etc/snmp/snmptrapd.conf
  sudo systemctl restart snmptrapd;sudo grep $(date '+%H:%M:%S') /var/log/messages
Apr 24 02:31:44 localhost systemd: Stopping Simple Network Management Protocol (SNMP) Trap Daemon....
Apr 24 02:31:44 localhost snmptrapd[31170]: 2016-04-24 02:31:44 NET-SNMP version 5.7.2 Stopped.
Apr 24 02:31:44 localhost snmptrapd[31170]: Stopping snmptrapd
Apr 24 02:31:44 localhost systemd: Starting Simple Network Management Protocol (SNMP) Trap Daemon....
Apr 24 02:31:44 localhost snmptrapd[30450]: NET-SNMP version 5.7.2
Apr 24 02:31:44 localhost systemd: Started Simple Network Management Protocol (SNMP) Trap Daemon..

$ head -4 /usr/bin/traptoemail 
#!/usr/bin/perl

# This is a snmptrapd handler script to convert snmp traps into email
# messages.

■postfixの設定
 デフォルトでインストールされているlocalhost専用のメールサーバ。

$ awk '!/^#|^$/&&/^my/'  /etc/postfix/main.cf
mydestination = $myhostname, localhost.$mydomain, localhost

$ sudo postconf -e 'myhostname = '$(hostname -s); \
  sudo postconf -e 'mydomain = localdomain'; \
  sudo postconf -e 'myorigin = $myhostname'; \
  sudo postconf myhostname mydomain myorigin
myhostname = rhel71
mydomain = localdomain
myorigin = $myhostname

$ sudo postconf alias_database alias_maps;tail -1 /etc/aliases;sudo newaliases
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
root:		labunix1@localhost

$ sudo postfix check && sudo systemctl reload postfix; \
  sudo grep $(date '+%H:%M:%S') /var/log/{messages,maillog}
/var/log/messages:Apr 24 03:21:14 localhost systemd: Reloaded Postfix Mail Transport Agent.
/var/log/maillog:Apr 24 03:21:14 localhost postfix/postfix-script[11127]: refreshing the Postfix mail system
/var/log/maillog:Apr 24 03:21:14 localhost postfix/master[2389]: reload -- version 2.10.1, configuration /etc/postfix

$ echo "Test" | mail -s "Test" -s localhost root@localhost; \
  sudo grep "status=sent" /var/log/maillog | \
    grep $(date '+%H:%M:') | sed -e 's/, /&\n/g'
Apr 24 04:18:21 localhost postfix/local[5165]: E76612C0F47: to=<labunix1@localhost.localdomain>, 
orig_to=<root@localhost>, 
relay=local, 
delay=0.1, 
delays=0.07/0.02/0/0.01, 
dsn=2.0.0, 
status=sent (delivered to mailbox)



$ echo "q" | sudo mail -u root
No mail for root
$ echo "q" | sudo mail -u labunix1
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/mail/labunix1": 2 messages 1 new 2 unread
 U  1 labunix1              Sun Apr 24 03:20  19/606   "localhost"
>N  2 labunix1              Sun Apr 24 03:21  18/596   "localhost"
Held 2 messages in /var/mail/labunix1

$ mailq
Mail queue is empty

■mailコマンドでの送信は出来るが、traptoemailでの送信が出来ないのは、
 SELinuxがperlを止めてたから。(traptoemailはperlで書かれている)

$ sudo awk '/perl/{a=$0}END{print a}' /var/log/messages | cut -c -240 | sed -e 's/./\n/80' -e 's/./\n/160' 
Apr 24 03:33:59 localhost python: SELinux is preventing /usr/bin/perl from name
connect access on the tcp_socket port 25.#012#012*****  Plugin catchall_boolean
(89.3 confidence) suggests   ******************#012#012If you want to allow nis 

$ sudo getenforce
Enforcing
$ sudo setenforce Permissive
$ sudo getenforce 
Permissive
$ sudo sed -i -e 's/enforcing/permissive/' /etc/selinux/config 
$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
$ sudo shutdown -r now && exit

■トラップメールを確認

$ sudo snmptrap -v 2c -c public localhost '' .1.3.6.1.4.1.8072.100 .1.3.6.1.4.1.8072.100.1 s "hogehoge";\
  mailq;echo q | mail ;sudo tail /var/log/messages | cut -c -80
Mail queue is empty
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/labunix1": 6 messages 1 new 6 unread
 U  1 labunix1              Sun Apr 24 03:34  19/602   "hello"
 U  2 root@rhel71.localdom  Sun Apr 24 03:59  19/786   "trap received from lo"
 U  3 root@rhel71.localdom  Sun Apr 24 03:59  19/786   "trap received from lo"
 U  4 root@rhel71.localdom  Sun Apr 24 03:59  19/786   "trap received from lo"
 U  5 root@rhel71.localdom  Sun Apr 24 03:59  19/786   "trap received from lo"
>N  6 root@rhel71.localdom  Sun Apr 24 04:00  18/776   "trap received from lo"
Held 6 messages in /var/spool/mail/labunix1
Apr 24 04:00:11 localhost python: SELinux is preventing /usr/bin/perl from read 
Apr 24 04:00:11 localhost setroubleshoot: SELinux is preventing /usr/bin/perl fr
Apr 24 04:00:11 localhost python: SELinux is preventing /usr/bin/perl from read 
Apr 24 04:00:11 localhost setroubleshoot: SELinux is preventing /usr/bin/perl fr
Apr 24 04:00:11 localhost python: SELinux is preventing /usr/bin/perl from getat
Apr 24 04:00:11 localhost setroubleshoot: SELinux is preventing /usr/bin/perl fr
Apr 24 04:00:11 localhost python: SELinux is preventing /usr/bin/perl from name_
Apr 24 04:00:21 localhost snmptrapd[1222]: 2016-04-24 04:00:21 localhost [UDP: [

$ echo 2 | mail | tail -10
Date: 日, 24  42016 035912秒 +0900
Subject: trap received from localhost: NET-SNMP-MIB::netSnmp.100
Status: RO

Host: localhost (UDP: [127.0.0.1]:46961->[127.0.0.1]:162)
DISMAN-EVENT-MIB::sysUpTimeInstance  0:0:01:28.80
          SNMPv2-MIB::snmpTrapOID.0  NET-SNMP-MIB::netSnmp.100
        NET-SNMP-MIB::netSnmp.100.1  "hogehoge"

Held 7 messages in /var/spool/mail/labunix1

■ついでにEPELリポジトリーが使えるようにする。
 オプショナルが前提条件。

$ cd /tmp ; \
    wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm; \
  sudo yum install -y epel-release-latest-7.noarch.rpm

$ sudo yum-config-manager --add-repo=epel

$ sudo yum-config-manager --save --setopt="epel.skip_if_unavailable=true"

■proxyの行が無ければ追加。baseurlがコメントアウトされていれば外す。

$ cat /etc/yum.repos.d/epel.repo 
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
proxy = https://172.31.31.254:8080
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
skip_if_unavailable = 1
keepcache = 0

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
proxy = https://172.31.31.254:8080
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
proxy = https://172.31.31.254:8080
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1[epel/x86_64]のリポジトリーが読み込めるか確認。

$ sudo yum search xrdp
読み込んだプラグイン:langpacks, product-id, search-disabled-repos, subscription-manager
============================== N/S matched: xrdp ===============================
xrdp.x86_64 : Open source remote desktop protocol (RDP) server

  Name and summary matches only, use "search all" for everything.

$ sudo yum --enablerepo=epel info xrdp
読み込んだプラグイン:langpacks, product-id, search-disabled-repos, subscription-manager
epel/x86_64/metalink                                     | 4.8 kB     00:00     
epel                                                     | 4.3 kB     00:00     
rhel-7-server-eus-rpms                                   | 3.2 kB     00:00     
rhel-7-server-optional-rpms                              | 3.5 kB     00:00     
rhel-7-server-rpms                                       | 3.7 kB     00:00     
rhel-7-server-rt-beta-rpms                               | 3.8 kB     00:00     
rhel-7-server-rt-rpms                                    | 4.0 kB     00:00     
rhel-ha-for-rhel-7-server-eus-rpms                       | 3.1 kB     00:00     
rhel-ha-for-rhel-7-server-rpms                           | 3.7 kB     00:00     
rhel-rs-for-rhel-7-server-eus-rpms                       | 3.1 kB     00:00     
rhel-rs-for-rhel-7-server-rpms                           | 3.7 kB     00:00     
(1/3): epel/x86_64/updateinfo                              | 539 kB   00:00     
(2/3): epel/x86_64/group_gz                                | 169 kB   00:01     
(3/3): epel/x86_64/primary_db                              | 4.1 MB   00:01     
利用可能なパッケージ
名前                : xrdp
アーキテクチャー    : x86_64
エポック            : 1
バージョン          : 0.9.0
リリース            : 4.el7
容量                : 390 k
リポジトリー        : epel/x86_64
要約                : Open source remote desktop protocol (RDP) server
URL                 : http://xrdp.sourceforge.net/
ライセンス          : GPLv2+ with exceptions
説明                : The goal of this project is to provide a fully functional
                    : Linux terminal server, capable of accepting connections
                    : from rdesktop and Microsoft's own terminal server / remote
                    : desktop clients.