cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2200 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --src 监控机IP --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --src 监控机IP --dport 3401 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
cat /etc/snmp/snmpd.conf
有些自定义Oid,用于常用监控
com2sec notConfigUser 监控机IP public
com2sec notConfigUser 监控机IP public
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access notConfigGroup "" any noauth exact all none none
view all included .1 80
syslocation Earth
syscontact admin ()
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
disk /
exec .1.3.6.1.4.1.15.6.12 iowait /bin/cat /tmp/iowait.txt
exec .1.3.6.1.4.1.15.6.13 speed /bin/cat /tmp/speed.txt
exec .1.3.6.1.4.1.15.6.14 conn /bin/cat /tmp/conn.txt
exec .1.3.6.1.4.1.15.6.15 block /bin/cat /tmp/block.txt
阅读(993) | 评论(0) | 转发(0) |
