snmp V3的方式设置简单,而且安全性更高。
配置方法:
1.停止snmpd服务
#service snmpd stop
2.增加snmpv3用户,并设置认证以及加密方式
# net-snmp-create-v3-user
Enter a SNMPv3 user name to create:
enocsnmpv3
Enter authentication pass-phrase:
enocsnmpv3pw
Enter encryption pass-phrase:
[press return to reuse the authentication pass-phrase]
enocsnmpv3pk
adding the following line to /var/lib/net-snmp/snmpd.conf:
createUser enocsnmpv3 MD5 "enocsnmpv3pw" DES enocsnmpv3pk
adding the following line to /etc/snmp/snmpd.conf:
rwuser enocsnmpv3
3.启动snmpd服务
# service snmpd restart
现通过snmpwalk测试一下:
# snmpwalk -v3 -uenocsnmpv3 -lauth -aMD5 -A"enocsnmpv3pw" -X"enocsnmpv3pk" localhost | more
SNMPv2-MIB::sysDescr.0 = STRING: Linux CentOS60A 2.6.32-71.el6.i686 #1 SMP Fri Nov 12 04:17:17 GMT 2010 i686
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::org
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (9443) 0:01:34.43
或:
# snmpwalk -v3 -uenocsnmpv3 -lauth -aMD5 -A"enocsnmpv3pw" localhost .1 | more
或:
# snmpwalk -v3 -lauth -uenocsnmpv3 -aMD5 -xDES -A"enocsnmpv3pw" -X"enocsnmpv3pk" localhost .1 | more
补充:
SNMP Version 3 specific
-a PROTOCOL set authentication protocol (MD5|SHA)
-A PASSPHRASE set authentication protocol pass phrase
-e ENGINE-ID set security engine ID (e.g. 800000020109840301)
-E ENGINE-ID set context engine ID (e.g. 800000020109840301)
-l LEVEL set security level (noAuthNoPriv|authNoPriv|authPriv)
-n CONTEXT set context name (e.g. bridge1)
-u USER-NAME set security name (e.g. bert)
-x PROTOCOL set privacy protocol (DES|AES)
-X PASSPHRASE set privacy protocol pass phrase
-Z BOOTS,TIME set destination engine boots/time
阅读(12883) | 评论(1) | 转发(0) |
