SNMP

提供: Wikinote
2011年2月26日 (土) 14:54時点におけるHagio (トーク | 投稿記録)による版 (新しいページ: '== 設定 == === アクセス制御の基本設定 === # com2sec # ソース (SOURCE) とコミュニティ (COMMUNITY) のペアから # セキュリティ名 (SECURITY) ...')

(差分) ←前の版 | 最新版 (差分) | 次の版→ (差分)
移動: 案内検索

設定

アクセス制御の基本設定

# com2sec
# ソース (SOURCE) とコミュニティ (COMMUNITY) のペアから
# セキュリティ名 (SECURITY) へのマッピングを指定する。
#        SECURITY     SOURCE           COMMUNITY
com2sec  publicUser   default          public
com2sec  privateUser  192.168.1.10/32  private
com2sec  localUser    localhost        private

# group
# セキュリティモデル (MODEL) とセキュリティ名 (SECURITY) のペアから
# グループ名 (GROUP) へのマッピングを指定する。
#        GROUP         MODEL           SECURITY
group    publicGroup   v1              publicUser
group    privateGroup  v1              privateUser
group    privateGroup  v2c             privateUser
group    privateGroup  v1              localUser
group    privateGroup  v2c             localUser

# view
# ビューの定義
#        VIEW          TYPE            SUBTREE              [MASK]
view     systemView    included        .1.3.6.1.2.1.1
view     systemView    included        .1.3.6.1.2.1.25.1.1
view     allView       included        .1

# access
# グループセキュリティとモデルセキュリティをビュー (VIEW) にマップする。
#        GROUP         CONTEXT  SEC.MODEL  SEC.LEVEL  PREFIX  READ        WRITE  NOTIF
access   publicGroup   ""       any        noauth     exact   systemView  none   none
access   privateGroup  ""       any        noauth     exact   allView     none   none

実行例

snmpwalk コマンドを使用する。-On オプションは、MIB を数字で出力する (SUBTREE チェックのため)。

public でのアクセス例 <toggledisplay>

$ snmpwalk -On -v 1 -c public localhost
.1.3.6.1.2.1.1.1.0 = STRING: Linux lab.hagio.org 2.6.18-194.el5PAE #1 SMP Tue Mar 16 22:00:21 EDT 2010 i686
.1.3.6.1.2.1.1.2.0 = OID: .1.3.6.1.4.1.8072.3.2.10
.1.3.6.1.2.1.1.3.0 = Timeticks: (39553) 0:06:35.53
.1.3.6.1.2.1.1.4.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
.1.3.6.1.2.1.1.5.0 = STRING: lab.hagio.org
.1.3.6.1.2.1.1.6.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)
.1.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01
.1.3.6.1.2.1.1.9.1.2.1 = OID: .1.3.6.1.6.3.1
.1.3.6.1.2.1.1.9.1.2.2 = OID: .1.3.6.1.2.1.49
.1.3.6.1.2.1.1.9.1.2.3 = OID: .1.3.6.1.2.1.4
.1.3.6.1.2.1.1.9.1.2.4 = OID: .1.3.6.1.2.1.50
.1.3.6.1.2.1.1.9.1.2.5 = OID: .1.3.6.1.6.3.16.2.2.1
.1.3.6.1.2.1.1.9.1.2.6 = OID: .1.3.6.1.6.3.10.3.1.1
.1.3.6.1.2.1.1.9.1.2.7 = OID: .1.3.6.1.6.3.11.3.1.1
.1.3.6.1.2.1.1.9.1.2.8 = OID: .1.3.6.1.6.3.15.2.1.1
.1.3.6.1.2.1.1.9.1.3.1 = STRING: The MIB module for SNMPv2 entities
.1.3.6.1.2.1.1.9.1.3.2 = STRING: The MIB module for managing TCP implementations
.1.3.6.1.2.1.1.9.1.3.3 = STRING: The MIB module for managing IP and ICMP implementations
.1.3.6.1.2.1.1.9.1.3.4 = STRING: The MIB module for managing UDP implementations
.1.3.6.1.2.1.1.9.1.3.5 = STRING: View-based Access Control Model for SNMP.
.1.3.6.1.2.1.1.9.1.3.6 = STRING: The SNMP Management Architecture MIB.
.1.3.6.1.2.1.1.9.1.3.7 = STRING: The MIB for Message Processing and Dispatching.
.1.3.6.1.2.1.1.9.1.3.8 = STRING: The management information definitions for the SNMP User-based Security Model.
.1.3.6.1.2.1.1.9.1.4.1 = Timeticks: (0) 0:00:00.00
.1.3.6.1.2.1.1.9.1.4.2 = Timeticks: (0) 0:00:00.00
.1.3.6.1.2.1.1.9.1.4.3 = Timeticks: (0) 0:00:00.00
.1.3.6.1.2.1.1.9.1.4.4 = Timeticks: (0) 0:00:00.00
.1.3.6.1.2.1.1.9.1.4.5 = Timeticks: (0) 0:00:00.00
.1.3.6.1.2.1.1.9.1.4.6 = Timeticks: (1) 0:00:00.01
.1.3.6.1.2.1.1.9.1.4.7 = Timeticks: (1) 0:00:00.01
.1.3.6.1.2.1.1.9.1.4.8 = Timeticks: (1) 0:00:00.01
.1.3.6.1.2.1.25.1.1.0 = Timeticks: (294883722) 34 days, 3:07:17.22
End of MIB

</toggledisplay>

private でのアクセス例 (ローカルか 192.168.1.10 からのみ) <toggledisplay>

$ snmpwalk -On -v 1 -c private localhost
.1.3.6.1.2.1.1.1.0 = STRING: Linux lab.hagio.org 2.6.18-194.el5PAE #1 SMP Tue Mar 16 22:00:21 EDT 2010 i686
.1.3.6.1.2.1.1.2.0 = OID: .1.3.6.1.4.1.8072.3.2.10
.1.3.6.1.2.1.1.3.0 = Timeticks: (7061) 0:01:10.61
.1.3.6.1.2.1.1.4.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
.1.3.6.1.2.1.1.5.0 = STRING: lab.hagio.org
.1.3.6.1.2.1.1.6.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)
.1.3.6.1.2.1.1.8.0 = Timeticks: (0) 0:00:00.00
.1.3.6.1.2.1.1.9.1.2.1 = OID: .1.3.6.1.6.3.1
.1.3.6.1.2.1.1.9.1.2.2 = OID: .1.3.6.1.2.1.49
.1.3.6.1.2.1.1.9.1.2.3 = OID: .1.3.6.1.2.1.4
.1.3.6.1.2.1.1.9.1.2.4 = OID: .1.3.6.1.2.1.50
 ...
.1.3.6.1.2.1.88.1.4.3.1.3.6.95.115.110.109.112.100.95.108.105.110.107.68.111.119.110 = STRING: _linkUpDown
.1.3.6.1.2.1.88.1.4.3.1.3.6.95.115.110.109.112.100.95.108.105.110.107.85.112 = STRING: _linkUpDown
.1.3.6.1.2.1.88.1.4.3.1.3.6.95.115.110.109.112.100.95.109.116.101.84.114.105.103.103.101.114.70.97.105.108.117.114.101 = STRING: _triggerFail
.1.3.6.1.2.1.88.1.4.3.1.3.6.95.115.110.109.112.100.95.109.116.101.84.114.105.103.103.101.114.70.97.108.108.105.110.103 = STRING: _triggerFire
.1.3.6.1.2.1.88.1.4.3.1.3.6.95.115.110.109.112.100.95.109.116.101.84.114.105.103.103.101.114.70.105.114.101.100 = STRING: _triggerFire
.1.3.6.1.2.1.88.1.4.3.1.3.6.95.115.110.109.112.100.95.109.116.101.84.114.105.103.103.101.114.82.105.115.105.110.103 = STRING: _triggerFire
.1.3.6.1.2.1.92.1.1.1.0 = Gauge32: 1000
.1.3.6.1.2.1.92.1.1.2.0 = Gauge32: 1440 minutes
.1.3.6.1.2.1.92.1.2.1.0 = Counter32: 0 notifications
.1.3.6.1.2.1.92.1.2.2.0 = Counter32: 0 notifications

</toggledisplay>