SNMP(Simple Network Management Protocol)는 서버 및 디바이스로부터 리소스 및 상태 등 정보를 수집하여 관리할 수 있게 하는 프로토콜입니다.
리눅스에서 SNMP를 설정하는 방법을 알아보겠습니다.
[root@localhost ~]# yum list | grep snmp net-snmp-libs.x86_64 1:5.7.2-48.el7_8.1 @updates 389-ds-base-snmp.x86_64 1.3.10.1-14.el7_8 updates bmc-snmp-proxy.noarch 1.8.18-9.el7_7 updates fence-agents-apc-snmp.x86_64 4.2.1-30.el7_8.1 updates fence-agents-eaton-snmp.x86_64 4.2.1-30.el7_8.1 updates libvirt-snmp.x86_64 0.0.3-6.el7 base net-snmp.x86_64 1:5.7.2-48.el7_8.1 updates net-snmp-agent-libs.i686 1:5.7.2-48.el7_8.1 updates net-snmp-agent-libs.x86_64 1:5.7.2-48.el7_8.1 updates net-snmp-devel.i686 1:5.7.2-48.el7_8.1 updates net-snmp-devel.x86_64 1:5.7.2-48.el7_8.1 updates ~ |
yum list 명령어로 설치 가능한 SNMP 패키지 리스트를 확인합니다.
[root@localhost ~]# yum -y install net-snmp.x86_64 [root@localhost ~]# yum -y install net-snmp-utils.x86_64 |
관련 패키지를 설치합니다.
[root@localhost ~]# vi /etc/snmp/snmpd.conf #### # First, map the community name "public" into a "security name" #User Name, SNMP Access IP, Community Name 순으로 설정 입력 # sec.name source community com2sec notConfigUser default public com2sec ConfigUser 10.10.10.0/24 realforce111 com2sec ConfigUser default realforce111 #### # Second, map the security name into a group name: #Group Name, SNMP Version, User Name 순으로 설정 입력 # groupName securityModel securityName group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser group ConfigGroup v1 ConfigUser group ConfigGroup v2c ConfigUser group ConfigGroup usm ConfigUser #### # Third, create a view for us to let the group have rights to: # Make at least snmpwalk -v 1 localhost -c public system fast again. # name incl/excl subtree mask(optional) view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 view all included .1 80 #### # Finally, grant the group read-only access to the systemview view. # group context sec.model sec.level prefix read write notif access notConfigGroup "" any noauth exact systemview none none access ConfigGroup "" any noauth exact all all all |
/etc/snmp/snmpd.conf 파일을 설정합니다. SNMP를 허용할 IP와 Community Name 등을 설정합니다. 보안 상 Community Name을 public이 아닌 다른 문자로 변경하는 것이 좋습니다.
[root@localhost ~]# systemctl start snmpd [root@localhost ~]# systemctl enable snmpd |
SNMP 서비스를 시작하고, 부팅 시 자동 시작되도록 설정합니다.
[root@localhost ~]# firewall-cmd --permanent --add-service=snmp [root@localhost ~]# firewall-cmd --reload |
방화벽이 활성화되어있을 경우 SNMP 서비스를 허용합니다.
[root@localhost ~]# netstat -na | grep udp udp 0 0 192.168.122.1:53 0.0.0.0:* udp 0 0 0.0.0.0:67 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* udp 0 0 0.0.0.0:161 0.0.0.0:* udp 0 0 0.0.0.0:977 0.0.0.0:* udp 0 0 0.0.0.0:45560 0.0.0.0:* udp 0 0 0.0.0.0:5353 0.0.0.0:* udp6 0 0 :::111 :::* udp6 0 0 :::977 :::* |
netstat 명령으로 SNMP 서비스가 정상적으로 실행 중인지 확인합니다. SNMP 통신에서 사용되는 UDP/161가 확인되면 정상입니다.
[root@localhost ~]# snmpwalk -v 2c -c realforce111 localhost system SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (61677) 0:10:16.77 SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf) SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf) SNMPv2-MIB::sysORLastChange.0 = Timeticks: (4) 0:00:00.04 SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDCompliance SNMPv2-MIB::sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance SNMPv2-MIB::sysORID.3 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup SNMPv2-MIB::sysORID.9 = OID: SNMP-NOTIFICATION ~ |
snmpwalk 등을 이용하여 snmp 정보가 정상적으로 조회되는지 확인합니다.
snmpwalk -v [SNMP Version] -c [Community Name] [대상 IP] [OID]