snmp移植
阿新 • • 發佈:2018-11-05
1.原始碼安裝包
http://www.net-snmp.org/download.html
或者https://download.csdn.net/download/y7u8t6/10707891
2.交叉編譯
[email protected]:/home/user1/hong/smdd/arm_for_snmp/net-snmp-5.7.2.1# ./configure --prefix=/home/user1/hong/smdd/arm_for_snmp/hi3536 --build=i386-linux --host=arm-linux --with-ndianness=little --disable-manuals --with-mib-modules='ucd-snmp/diskio ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable' --enable-as-needed --disable-embedded-perl --without-perl-modules --disable-snmptrapd-subagent --disable-applications --disable-scripts --with-default-snmp-version="3" --with-sys-contact="
[email protected]" --with-sys-location="china" --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp" --with-cc=arm-hisiv300-linux-gcc --with-ar=arm-hisiv300-linux-ar --enable-ipv6 make clean make LDFLAGS="-static" && make install arm-hisiv300-linux-strip /home/user1/hong/smdd/arm_for_snmp/hi3536/sbin/snmpd
3.修改net-snmp-create-v3-user指令碼
snmp v3 協議下選擇no Auth,no Priv只需要輸入Read/Write Security Name
生成的指令碼預設都需要輸入Authentication Password和Private Key Password
#!/bin/sh # # $Id$ # # this shell script is designed to add new SNMPv3 users # to Net-SNMP config file. prefix=/home/user1/hong/smdd/arm_for_snmp/hi3536 exec_prefix=${prefix} includedir=${prefix}/include libdir=${exec_prefix}/lib datarootdir=${prefix}/share NSC_LDFLAGS="" NSC_INCLUDEDIR=${includedir} NSC_LIBDIR=-L${libdir} NSC_LIBS="-lm " NSC_AGENTLIBS="-lm " NSC_PREFIX=$prefix NSC_EXEC_PREFIX=$exec_prefix NSC_SRCDIR=. NSC_INCDIR=${NSC_PREFIX}/include NSC_BASE_SUBAGENT_LIBS="-lnetsnmpagent -lnetsnmp" NSC_BASE_AGENT_LIBS="-lnetsnmpagent -lnetsnmpmibs -lnetsnmp" NSC_SRC_LIBDIRS="agent/.libs snmplib/.libs" NSC_SRC_LIBDEPS="agent/.libs/libnetsnmpmibs.a agent/.libs/libnetsnmpagent.a snmplib/.libs/libnetsnmp.a" if test "x$NSC_SRCDIR" = "x." ; then NSC_SRCDIR="NET-SNMP-SOURCE-DIR" fi if /bin/ps -e | egrep ' snmpd *$' > /dev/null 2>&1 ; then echo "Apparently at least one snmpd demon is already running." echo "You must stop them in order to use this command." exit 1 fi Aalgorithm="MD5" Xalgorithm="DES" token=rwuser #echo "test 1111111" while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do case "$1" in -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) optarg= ;; esac unset shifted case $1 in --version|--ver*) echo 5.7.2.1 ;; --help) usage="yes" ;; -A|-a) shift if test "x$1" = "x" ; then echo "You must specify an authentication algorithm or pass phrase" exit 1 fi case $1 in MD5|SHA) Aalgorithm=$1 shift ;; md5|sha) Aalgorithm=`echo $1 | tr a-z A-Z` shift ;; *) apassphrase=$1 shift ;; esac ;; -X|-x) shift if test "x$1" = "x" ; then echo "You must specify an encryption algorithm or pass phrase" exit 1 fi case $1 in DES|AES|AES128) Xalgorithm=$1 shift ;; des|aes|aes128) Xalgorithm=`echo $1 | tr a-z A-Z` shift ;; *) xpassphrase=$1 shift ;; esac ;; -ro) token="rouser" shift ;; -*) echo "unknown suboption to $0: $1" usage=yes done=1 ;; *) done=1 ;; esac done if test "x$usage" = "xyes"; then echo "" echo "Usage:" echo " net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]" echo " [-a MD5|SHA] [-x DES|AES] [username]" echo "" exit fi if test "x$1" = "x" ; then prompt=yes echo "Enter a SNMPv3 user name to create: " read user else user=$1 shift fi if test "x$user" = "x" ; then echo "You must specify a user name" exit 1 fi if test "x$apassphrase" = "x" ; then promptamos=halfyes # echo "Enter authentication pass-phrase: " # read apassphrase fi #if test "x$apassphrase" = "x" ; then # echo "You must specify an authentication pass-phrase" # exit 1 #fi if test "x$promptamos" = "xhalfyes" -a "x$xpassphrase" = "x" ; then promptamos=yes # echo "Enter encryption pass-phrase: " # echo " [press return to reuse the authentication pass-phrase]" # read xpassphrase fi outdir="/var/net-snmp" outfile="$outdir/snmpd.conf" line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm $xpassphrase" if test "x$promptamos" = "xyes" ; then line="createUser $user" fi #echo "adding the following line to $outfile:" #echo "adding the following line to test" echo " " $line # in case it hasn't ever been started yet, start it. if test ! -d $outdir ; then mkdir $outdir fi if test ! -d $outfile ; then touch $outfile fi echo $line >> $outfile outfile="/tmp/snmpd.conf" line="$token $user" if test "x$promptamos" = "xyes" ; then line="$token $user noauth" fi #echo "adding the following line to $outfile:" #echo " " $line if test ! -d $outfile ; then touch $outfile fi echo $line >> $outfile
4.配置檔案 snmp.conf
mibs + ALL
###### ----------------------------------------------------------------------------
#IPv4
com2sec readonly default readonly_v12c
com2sec writeread default writeread_v12c
com2sec milesight default public
com2sec v3rdprivusername default
com2sec v3wrprivusername default
com2sec v3rdauthusername default
com2sec v3wrauthusername default
com2sec v3rdnoauthusername default
com2sec v3wrnoauthusername default
com2sec local localhost public
com2sec mynetwork default public
com2sec mynetwork 192.168.5.0/24 public
#IPv6
com2sec6 readonly default readonly_v12c
com2sec6 writeread default writeread_v12c
com2sec6 milesight default public
com2sec6 v3rdprivusername default
com2sec6 v3wrprivusername default
com2sec6 v3rdauthusername default
com2sec6 v3wrauthusername default
com2sec6 v3rdnoauthusername default
com2sec6 v3wrnoauthusername default
com2sec6 local localhost public
com2sec6 mynetwork default public
com2sec6 mynetwork 192.168.5.0/24 public
###### ----------------------------------------------------------------------------
group MyROSystem v1 milesight
group MyROSystem v2c milesight
group v3rdprivsnmp usm v3rdprivusername
group v3wrprivsnmp usm v3wrprivusername
group v3rdauthsnmp usm v3rdauthusername
group v3wrauthsnmp usm v3wrauthusername
group v3noauthrdsnmp usm v3rdnoauthusername
group v3noauthwrsnmp usm v3wrnoauthusername
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
group MyRWGroup v1 writeread
group MyRWGroup v2c writeread
group MyRWGroup usm writeread
group MyRWGroup v1 mynetwork
group MyRWGroup v2c mynetwork
group MyRWGroup usm mynetwork
###### ----------------------------------------------------------------------------
view all included .1 80
view system included .1.3.6.1.2.1.1
view mib2 included .iso.org.dod.internet.mgmt.mib-2
#view system included .iso.org.dod.internet.mgmt.mib-2.system
######
access v3rdprivsnmp "" any priv exact all none none
access v3wrprivsnmp "" any priv exact all all none
access v3rdauthsnmp "" any auth exact all none none
access v3wrauthsnmp "" any auth exact all all none
access v3noauthrdsnmp "" any noauth exact all none none
access v3noauthwrsnmp "" any noauth exact all all none
access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none
###### ----------------------------------------------------------------------------
#syslocation Unknown (configure /etc/snmp/snmpd.local.conf)
syscontact Root <[email protected]> (configure /etc/snmp/snmpd.conf)
syslocation China.
syscontact Amos <[email protected]>
###### ----------------------------------------------------------------------------
proc sendmail 10 1
extend echotest /bin/echo hello world
disk / 10000
###### ----------------------------------------------------------------------------
load 12 14 14
###### ----------------------------------------------------------------------------
extend .1.3.6.1.2.1.1.1.0 ps /bin/ps
extend .1.3.6.1.4.1.2021.51 echo 123
extend .1.3.6.1.2.1.39165.1.6.2 /bin/echoMac
extend .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
#exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
4.執行命令
killall -9 snmpd
rm -f /tmp/snmpd.conf
cp -f /etc/snmpd.conf /tmp/snmpd.conf
snmpd -c /tmp/snmpd.conf
killall -2 snmpd
rm -f /var/net-snmp/snmpd.conf
sed -i 's/v3rdnoauthusername/uread1/' /tmp/snmpd.conf
sed -i 's/v3wrnoauthusername/uwrite1/' /tmp/snmpd.conf
net-snmp-create-v3-user -ro uread1
net-snmp-create-v3-user uwrite1
snmpd udp:161,udp6:161 -c /tmp/snmpd.conf
5.介面示例
#define SNMP_CREATE_PREFIX "/opt/app/snmp/"
struct snmp
{
int v1_enable;
int v2c_enable;
char write_community[MAX_LEN_64];
char read_community[MAX_LEN_64];
int v3_enable;
char read_security_name[MAX_LEN_64];
int read_level_security;//0=auth,priv 1=auth,no priv 2=no auth,no priv
int read_auth_algorithm;//0=MD5 1=SHA
char read_auth_password[MAX_LEN_64];
int read_pri_algorithm;//0=DES 1=AES
char read_pri_password[MAX_LEN_64];
char write_security_name[MAX_LEN_64];
int write_level_security;//0=auth,priv 1=auth,no priv 2=no auth,no priv
int write_auth_algorithm;//0=MD5 1=SHA
char write_auth_password[MAX_LEN_64];
int write_pri_algorithm;//0=DES 1=AES
char write_pri_password[MAX_LEN_64];
int port;
};
static void snmp_set_conf(struct snmp *snmp, char flag)
{
if (!snmp) return;
char cmd[256] = {0};
if (flag == 0)
{
//read_conf_v1/v2
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "readonly_v12c", snmp->read_community);
ms_system(cmd);
//wr_conf_v1/v2
memset(cmd, 0x0, sizeof(cmd));
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "writeread_v12c", snmp->write_community);
ms_system(cmd);
}
else if (flag == 1)
{
char read_auth_algo[4] = "MD5";
char read_priv_algo[4] = "DES";
char write_auth_algo[4] = "MD5";
char write_priv_algo[4] = "DES";
char create_read_usr[256] = {0};
char create_write_usr[256] = {0};
//ms_system("snmpd -c /tmp/snmpd.conf");
//ms_system("killall -2 snmpd");
//ms_system("rm -f /var/net-snmp/snmpd.conf");
if (snmp->read_auth_algorithm == 1)
snprintf(read_auth_algo, sizeof(read_auth_algo), "%s", "SHA");
if (snmp->read_pri_algorithm == 1)
snprintf(read_priv_algo, sizeof(read_auth_algo), "%s", "AES");
if (snmp->write_auth_algorithm == 1)
snprintf(write_auth_algo, sizeof(write_auth_algo), "%s", "SHA");
if (snmp->write_pri_algorithm == 1)
snprintf(write_priv_algo, sizeof(write_priv_algo), "%s", "AES");
if (snmp->read_level_security == 0)
{
//net-snmp-create-v3-user -ro -a ms345678 -A MD5 -x ms345678 -X DES root
snprintf(create_read_usr, sizeof(create_read_usr), "%snet-snmp-create-v3-user -ro -a %s -A %s -x %s -X %s %s", \
SNMP_CREATE_PREFIX, snmp->read_auth_password, read_auth_algo, snmp->read_pri_password, read_priv_algo, snmp->read_security_name);
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3rdprivusername", snmp->read_security_name);
ms_system(cmd);
}
else if (snmp->read_level_security == 1)
{
snprintf(create_read_usr, sizeof(create_read_usr), "%snet-snmp-create-v3-user -ro -a %s -A %s %s", \
SNMP_CREATE_PREFIX, snmp->read_auth_password, read_auth_algo, snmp->read_security_name);
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3rdauthusername", snmp->read_security_name);
ms_system(cmd);
}
else if (snmp->read_level_security == 2)
{
snprintf(create_read_usr, sizeof(create_read_usr), "%snet-snmp-create-v3-user -ro %s", SNMP_CREATE_PREFIX, snmp->read_security_name);
snprintf(cmd,sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3rdnoauthusername", snmp->read_security_name);
ms_system(cmd);
}
memset(cmd, 0x0, sizeof(cmd));
if (snmp->write_level_security == 0)
{
snprintf(create_write_usr, sizeof(create_write_usr), "%snet-snmp-create-v3-user -a %s -A %s -x %s -X %s %s", \
SNMP_CREATE_PREFIX, snmp->write_auth_password, write_auth_algo, snmp->write_pri_password, write_priv_algo, snmp->write_security_name);
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3wrprivusername", snmp->write_security_name);
ms_system(cmd);
}
else if (snmp->write_level_security == 1)
{
snprintf(create_write_usr, sizeof(create_write_usr), "%snet-snmp-create-v3-user -a %s -A %s %s", \
SNMP_CREATE_PREFIX, snmp->write_auth_password, write_auth_algo, snmp->write_security_name);
snprintf(cmd, sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3wrauthusername", snmp->write_security_name);
ms_system(cmd);
}
else if (snmp->write_level_security == 2)
{
snprintf(create_write_usr, sizeof(create_write_usr), "%snet-snmp-create-v3-user %s", SNMP_CREATE_PREFIX, snmp->write_security_name);
snprintf(cmd,sizeof(cmd), "sed -i 's/%s/%s/' /tmp/snmpd.conf", "v3wrnoauthusername", snmp->write_security_name);
ms_system(cmd);
}
ms_system(create_read_usr);
ms_system(create_write_usr);
}
return;
}
int ms_set_net_snmp(struct snmp *snmp)
{
if (!snmp) return -1;
int flag = 0;
char cmd[256] = {0};
ms_system("killall -9 snmpd");
ms_system("rm -rf /tmp/snmpd.conf");
if (snmp->v3_enable == 1)
{
//v3
ms_system("cp -f /opt/app/snmp/snmpd.conf /tmp/snmpd.conf");
flag = 1;
snmp_set_conf(snmp, 1);
}
if (snmp->v1_enable == 1 || snmp->v2c_enable == 1)
{
//v1 v2c
if (!flag)
{
ms_system("cp -f /opt/app/snmp/snmpd.conf /tmp/snmpd.conf");
}
flag = 1;
snmp_set_conf(snmp, 0);
}
if (flag == 1)
{
//snmpd udp:161,udp6:161 -c /tmp/snmpd.conf
int port = snmp->port;
if (port == 0)
port = 161;
snprintf(cmd, sizeof(cmd), "snmpd udp:%d,udp6:%d -c /tmp/snmpd.conf", port, port);
ms_system(cmd);
//printf("cmd:%s\n", cmd);
}
else
{
//has already stop
}
return 0;
}
5.測試命令
snmp v1 v2c: 主機地址:192.168.9.51 2001:f80:754::152 讀共同體名稱:public 埠:161
獲取系統基本資訊.1.3.6.1.2.1.1.1.0 snmpget -v 2c -c public 192.168.9.51:161 .1.3.6.1.2.1.1.1.0
snmpget -v 2c -c public udp6:[2001:f80:754::152]:161 .1.3.6.1.2.1.1.1.0
如果是預設埠161,則:161可以不寫。
系統執行的程序列表.1.3.6.1.2.1.25.4.2.1.2 snmpwalk -v 2c -c public 192.168.9.51 .1.3.6.1.2.1.25.4.2.1.2
snmpwalk -v 2c -c public udp6:[2001:f80:754::152] .1.3.6.1.2.1.25.4.2.1.2
snmp v3 主機地址:192.168.9.51 2001:f80:754::152 讀安全名稱:uread 安全級別:auth,priv 認證演算法:MD5 認證密碼:11111111 私鑰演算法:DES 私鑰密碼:22222222
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 192.168.9.51 .1.3.6.1.2.1.1.1.0
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.1.0
snmp v3 主機地址:192.168.9.51 2001:f80:754::152 讀安全名稱:uread 安全級別:auth,no priv 認證演算法:MD5 認證密碼:11111111
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authNoPriv 192.168.9.51 .1.3.6.1.2.1.1.1.0
snmpget -v 3 -u uread -a MD5 -A 11111111 -l authNoPriv udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.1.0
snmp v3 主機地址:192.168.9.51 2001:f80:754::152 讀安全名稱:uread 安全級別:no auth,no priv
snmpget -v 3 -u uread -l noAuthNoPriv 192.168.9.51 .1.3.6.1.2.1.1.1.0
snmpget -v 3 -u uread -l noAuthNoPriv udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.1.0
set命令:
設定機器名:.1.3.6.1.2.1.1.5.0
snmp v1 v2c:主機地址:192.168.9.51 2001:f80:754::152 寫共同體名稱:private 埠:161
snmpset -v 2c -c private 192.168.9.51:161 .1.3.6.1.2.1.1.5.0 s NVR
snmpset -v 2c -c private udp6:[2001:f80:754::152]:161 .1.3.6.1.2.1.1.5.0 s NVR
snmp v3 主機地址:192.168.9.51 2001:f80:754::152 寫安全名稱:uwrite 安全級別:auth,priv 認證演算法:MD5 認證密碼:11111111 私鑰演算法:DES 私鑰密碼:22222222
snmpset -v 3 -u uwrite -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 192.168.9.51 .1.3.6.1.2.1.1.5.0 s NVR
snmpset -v 3 -u uwrite -a MD5 -A 11111111 -l authPriv -x DES -X 22222222 udp6:[2001:f80:754::152] .1.3.6.1.2.1.1.5.0 s NVR