■RHEL7のSNMP/SNMPTrapdを設定してみる。
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.1 (Maipo)
■SNMPのデフォルトの設定を確認。
$ sudo awk '!/^#|^$/' /etc/snmp/snmpd.conf
com2sec notConfigUser default public
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access notConfigGroup "" any noauth exact systemview none none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
dontLogTCPWrappersConnects yes
■コミュニティ名myhomeとしてアクセス権を追加。
$ sudo grep myhome /etc/snmp/snmpd.conf || \
echo 'rocommunity myhome 172.31.31.0/24 .1.3.6.1.2.1.1' | \
sudo tee -a /etc/snmp/snmpd.conf; \
sudo systemctl reload snmpd; \
sudo grep $(date '+%H:%M:%S') /var/log/messages
rocommunity myhome 172.31.31.0/24 .1.3.6.1.2.1.1
Apr 23 22:50:53 localhost systemd: Reloading Simple Network Management Protocol (SNMP) Daemon..
Apr 23 22:50:53 localhost snmpd[26139]: Reconfiguring daemon
Apr 23 22:50:53 localhost snmpd[26139]: NET-SNMP version 5.7.2 restarted
Apr 23 22:50:53 localhost systemd: Reloaded Simple Network Management Protocol (SNMP) Daemon..
$ netstat -an | grep :16[12]
udp 0 0 0.0.0.0:161 0.0.0.0:*
$ snmpwalk -c myhome -v1 172.31.31.54 | awk '/SNMP/{sum+=1}END{print sum}'
36
$ snmpwalk -c myhome -v2c 172.31.31.54 | awk '/SNMP/{sum+=1}END{print sum}'
37
■firewall-cmdのデフォルト設定の確認
$ firewall-cmd --get-active-zones
public
interfaces: eno16780032
$ firewall-cmd --list-all --zone=public
public (default, active)
interfaces: eno16780032
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
■[dhcpv6-client]はサービスに登録あり、再起動後も使用しない[--permanent]ので削除。
$ firewall-cmd --get-services | tr ' ' '\n' | awk '/dhcpv6-client/'
dhcpv6-client
$ sudo firewall-cmd --remove-service=dhcpv6-client --zone=public --permanent; \
sudo firewall-cmd --reload;firewall-cmd --list-all --zone=public
success
public (default, active)
interfaces: eno16780032
sources:
services: ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
■SNMPはサービスに登録なし、ポート[161/ufp]として再起動後も使用する[--permanent]ので追加。
$ firewall-cmd --get-services | tr ' ' '\n' | awk '/snmp/'
$ sudo firewall-cmd --list-all-zones | awk '/^[a-z]/'
block
dmz
drop
external
home
internal
public (default, active)
trusted
work
$ sudo firewall-cmd --add-port=161/udp --zone=public --permanent; \
sudo firewall-cmd --reload;firewall-cmd --list-all --zone=public
success
public (default, active)
interfaces: eno16780032
sources:
services: ssh
ports: 161/udp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
■[public]とはいえ、内部からしか使用しないので、[sources]を制限。
$ sudo firewall-cmd --add-source=172.31.31.0/24 --zone=public --permanent; \
sudo firewall-cmd --reload;firewall-cmd --list-all --zone=public
success
public (default, active)
interfaces: eno16780032
sources: 172.31.31.0/24
services: ssh
ports: 161/udp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
■SNMPTrapdを設定
$ systemctl status snmptrapd
snmptrapd.service - Simple Network Management Protocol (SNMP) Trap Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmptrapd.service; disabled)
Active: inactive (dead)
$ sudo systemctl enable snmptrapd.service
$ sudo grep "disableauthorization yes" /etc/snmp/snmptrapd.conf || \
echo "disableauthorization yes" | sudo tee -a /etc/snmp/snmptrapd.conf; \
sudo grep "^auth.*public" /etc/snmp/snmptrapd.conf || \
echo "authCommunity log,execute,net public" | sudo tee -a /etc/snmp/snmptrapd.conf; \
sudo grep "^auth.*myhome" /etc/snmp/snmptrapd.conf || \
echo "authCommunity log,execute,net myhome" | sudo tee -a /etc/snmp/snmptrapd.conf; \
sudo systemctl restart snmptrapd;sudo grep $(date '+%H:%M:%S') /var/log/messages
disableauthorization yes
authCommunity log,execute,net public
authCommunity log,execute,net myhome
Apr 23 23:53:07 localhost systemd: Stopping Simple Network Management Protocol (SNMP) Trap Daemon....
Apr 23 23:53:07 localhost snmptrapd[32630]: 2016-04-23 23:53:07 NET-SNMP version 5.7.2 Stopped.
Apr 23 23:53:07 localhost snmptrapd[32630]: Stopping snmptrapd
Apr 23 23:53:07 localhost systemd: Starting Simple Network Management Protocol (SNMP) Trap Daemon....
Apr 23 23:53:07 localhost snmptrapd[32755]: NET-SNMP version 5.7.2
Apr 23 23:53:07 localhost systemd: Started Simple Network Management Protocol (SNMP) Trap Daemon..
$ sudo snmptrap -v 2c -c public localhost '' .1.3.6.1.4.1.8072.100 .1.3.6.1.4.1.8072.100.1 s "hogehoge"; \
sudo grep snmptrapd /var/log/messages | grep $(date '+%H:%M:%S')
Apr 23 23:36:01 localhost snmptrapd[31762]: 2016-04-23 23:36:01 localhost [UDP: [127.0.0.1]:44171->[127.0.0.1]:162]:
$ sudo snmptrap -v 2c -c myhome localhost '' .1.3.6.1.4.1.8072.100 .1.3.6.1.4.1.8072.100.1 s "hogehoge"; \
sudo grep snmptrapd /var/log/messages | grep $(date '+%H:%M:%S')
Apr 23 23:36:31 localhost snmptrapd[31762]: 2016-04-23 23:36:31 localhost [UDP: [127.0.0.1]:35168->[127.0.0.1]:162]:
■SNMPDTrapdのポート開放
$ sudo firewall-cmd --add-port=162/udp --zone=public --permanent; \
sudo firewall-cmd --reload;firewall-cmd --list-all --zone=public
success
success
public (default, active)
interfaces: eno16780032
sources: 172.31.31.0/24
services: ssh
ports: 162/udp 161/udp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
■firewall-cmdの[sources]範囲からのトラップメッセージが受信出来ることを確認。
$ sudo tail -2 /var/log/messages | sed -e 's/\t/\n /g' -e 's/snmptrapd\[[0-9]*\]:/&\n /g'
Apr 23 23:44:54 localhost snmptrapd[31762]:
2016-04-23 23:54:44 <UNKNOWN> [UDP: [172.31.31.55]:33821->[172.31.31.54]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (24627465) 2 days, 20:24:34.65
SNMPv2-MIB::snmpTrapOID.0 = OID: NET-SNMP-MIB::netSnmp.100
NET-SNMP-MIB::netSnmp.100.1 = STRING: "hogehoge"