Hello! Following
this series of articles on SNMP ( Introduction , MIBs and messages), today we will see how to configure an SNMP agent on Debian Squeeze 6. To install the service pack must be installed snmpd :
# aptitude install snmpd
The configuration file we should edit to set the agent to our requirements is / etc / snmp / snmpd.conf . However, the syntax of the file is not very comfortable and documentation can be found on the Internet is aimed at older versions of the package. After throw me a while fiddling with the file, my friend Alberto Molina me advised him to take a look at file / usr / share / doc / snmpd / README.Debian , which contains the following:
The default configuration for snmpd is paranoid for security RatherAnd the truth is that the service configuration using snmpconf is much simpler. To use the package to install snmp , which contains several utilities:
Reasons. Edit / etc / snmp / snmpd.conf to allow or run snmpconf
Greater access. The
snmpconf Provider to program simple, menu driven way of configuring the snmp
Applications and daemons.
The default configuration of snmpd
quite paranoid about security reasons.
Edit the file / etc / snmp / snmpd.conf or run the script to allow snmpconf
greater access.
THE snmpconf ofrce program a simple, menu-driven, set
applications and daemons snmp.
# aptitude install snmp
And we can throw:
# snmpconf
The program is going by asking questions to help us create the configuration file according to our needs. The first question is whether we want to reuse content from the existing configuration files. We can reuse and snmp.conf snmptrapd.conf .
Then we ask for the file you want to create, in our case snmpd.conf. And shows us the sections that make up the file so that we will be shaping. We start with the access control section:
If we are working with SNMP version 2 (the most common, but much more uncertain than SNMPv3), we must configure the options 3 and / or 4, to create a community of reading and other reading and writing.
If you choose option 3 will ask the name of the community, the addresses of the machines from which requests can be made snmpd agent and objects on which requests can be made.
And the same questions for option 4:
This would be a very basic configuration (very insecure), but we had better to check the operation of the protocol on a Linux machine. And could go out of the menus to exit the program:
Finally, we would que reiniciar el servicio:
#/etc/init.d/snmpd restart
Podemos comprobar el correcto funcionamiento de nuestro agente con cualquier NMS o MIB Browser, como BlackOwl MIB Browser:
En las próximas entradas seguiremos estudiando el protocolo SNMP, centrándonos en los aspectos relacionados con su seguridad.
¡Un saludo!
0 comments:
Post a Comment