Install SNMP and open its port on iptables firewall

-
In order to get your system monitored by a centralized monitoring system, most probably you need to enable snmp in your Linux,

Here is the way snmpd daemon can be installed and enabled:


1. Installation via yum or rpm:

# yum install net-snmp

or:
# rpm -ivh net-snmp-libs-5.5-44.0.1.el6.x86_64.rpm net-snmp-5.5-44.0.1.el6.x86_64.rpm lnet-snmp-utils-5.5-44.0.1.el6.x86_64.rpm


2. SNMP configuration can be edited in snmpd.conf.


# cat /etc/snmp/snmpd.conf |grep -i public
# By default, the agent responds to the "public" community for read
# First, map the community name "public" into a "security name"
com2sec notConfigUser  default       public


3. Start the snmpd service:

# /etc/init.d/snmpd start
Starting snmpd:                                                         [OK]

# /etc/init.d/snmpd status
snmpd (pid  19508) is running...

# ps -ef|grep snmp
root     19508     1  0 Jul08 ?        00:00:18 /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid

# netstat -an|grep 161
udp        0      0 0.0.0.0:161                 0.0.0.0:*


4. Enable snmpd to start at boot:

# chkconfig snmpd on

 # chkconfig --list snmpd
snmpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off


5. Open the SNMP ports on the firewall: 

# iptables -I INPUT -p udp -m udp --dport 161 -j ACCEPT 

 # iptables-save > /etc/sysconfig/iptables


6. Now you should be able to walk through your snmp MIBs via snmpwalk from a local or remote server:

# snmpwalk -mALL -v1 -c public <IP> system

 RFC1213-MIB::sysDescr.0 = STRING: "Linux hostname 2.6.32-431.el6.x86_64 #1 SMP Sun Nov 10 22:19:54 EST 2013 x86_64"
RFC1213-MIB::sysObjectID.0 = OID: NET-SNMP-TC::linux
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (7152525) 19:52:05.25
RFC1213-MIB::sysContact.0 = STRING: "Root <root@localhost> (configure /etc/snmp/snmp.local.conf)"
RFC1213-MIB::sysName.0 = STRING: "hostname"
RFC1213-MIB::sysLocation.0 = STRING: "Unknown (edit /etc/snmp/snmpd.conf)"
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDMIBObjects.3.1.1
SNMPv2-MIB::sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORID.3 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.6 = OID: RFC1213-MIB::ip
SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORDescr.1 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.3 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementations
SNMPv2-MIB::sysORDescr.8 = STRING: View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (1) 0:00:00.01





Comments

Post a comment

Popular posts from this blog

Running Docker Wildfly/JBoss Application Server in Debug mode via Eclipse

-
I have recently built the whole Development Environment of Java Enterprise Edition (J2EE) project on multiple Docker containers. It has saved the hassle of setting up a dev env for new developers. All it takes to setup the environment is to clone our github repositories and run the Docker images.

I will explain the setup in a future post.

Build Wildfly Docker Image with Debugging Enabled
So basically in order to run the Wildfly in debug mode, we need to add --debug flag to the Wildfly standalone.sh startup script.

Also we need to expose port 8787 in our image as it's the default port for Wildfly JVM debug mode.

1. Create or change your Wildfly Dockerfile as follows:
$ cat Dockerfile FROM jboss/wildfly:10.0.0.Final EXPOSE8787CMD["/opt/jboss/wildfly/bin/standalone.sh", "-b", "0.0.0.0", "-bmanagement", "0.0.0.0", "--debug"] 2. Build and tag the image:
$ docker build -t wildfly-debug . 3. Run the image either via  docker run:
$ …
Read more

Building RPM OpenSSH 7.1p1 on RHEL/CentOS 6.5

-
After I've implemented the OpenVAS vulnerability assessment system, I've made a complete vulnerability testing on the environment for both Linux and Wintel servers.

The result for the all Linux servers were Red :) Severity 10.0(High). The reason was the OpenSSH version 5.

Test result:

High (CVSS: 8.5)
NVT: OpenSSH Multiple Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.806052) Product detection result: cpe:/a:openbsd:openssh:5.3 by SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267) SummaryThis host is running OpenSSH and is prone to multiple vulnerabilities. Vulnerability Detection Result
Installed version: 5.3 Fixed version: 7.0 ImpactSuccessful exploitation will allow an attacker to gain privileges, to conduct impersonation attacks, to conduct brute-force attacks or cause a denial of service.
Impact Level: Application SolutionUpgrade to OpenSSH 7.0 or later. For updates refer to http://www.openssh.com Affected Software/OSOpenSSH versions before 7.0 Vulnerability InsightMu…
Read more