Configuring Linux prerequisites

Objective

To describe SNMP configuration on Linux platforms.

Debian, Ubuntu

Install SNMP

root@localhost # apt-get install snmp snmpd

Configuration

Edit the SNMP configuration file

root@localhost # nano /etc/snmp/snmpd.conf

To allow read access to SNMP data.
By default, the line is uncommented. Between the part “First,” and “Second” of the configuration file, comment out the line “com2sec paranoid public default” by adding a “#” then delete the “#” on the line “com2sec public readonly default”.

###############################################################################
# Access Control
###############################################################################
# YOU SHOULD CHANGE THE « COMMUNITY » TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
# By far, the most common question I get about the agent is « why won’t
# it work? », when really it should be « how do I configure the agent to
# allow me to access it? »
#
# By default, the agent responds to the « public » community for read
# only access, if run out of the box without any configuration file in
# place. The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).

#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.
####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

# sec.name source community

#com2sec paranoid default public com2sec readonly <IP BOITIER> <COMMUNAUTE>

#com2sec readwrite default private ####
# Second, map the security names into group names:
# sec.model sec.name
group MyROSystem v1 paranoid
group MyROSystem v2c paranoid
group MyROSystem usm paranoid
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
group MyRWGroup v1 readwrite
group MyRWGroup v2c readwrite
group MyRWGroup usm readwrite
####
# Third, create a view for us to let the groups have rights to:
# incl/excl subtree mask
view all included .1 80
view system included .iso.org.dod.internet.mgmt.mib-2.system
####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:
# context sec.model sec.level match read write notif
#access MyROSystem «  » any noauth exact system none none
access MyROGroup «  » any noauth exact all none none
#access MyRWGroup «  » any noauth exact all all none
# ————————————————————————-

Save the configuration file.
Then edit /etc/default/snmpd:

SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′

and replace 127.0.0.1 with the IP address of the primary  network interface used to contact the machine. If you do not wish to restrict the IP address for communication simply remove the IP address.

Save the configuration file and restart the service:

root@localhost # /etc/init.d/snmpd restart

Red Hat Enterprise Linux

Enabling SNMP access and trap forwarding for Red Hat Enterprise Linux versions 3 and 4

The OpenIPMI driver supported on Red Hat Enterprise Linux® versions 3 and 4 has a dependency on the version of Net-SNMP that is included with those Linux distributions. IBM® Director Core Services requires a different Net-SNMP version, 5.2.1. Installation of Net-SNMP 5.2.1 without removing the existing Net-SNMP version is required for IBM Director SNMP access and trap forwarding without compromising OpenIPMI services.

Complete the following steps to enable SNMP access and trap forwarding for managed systems running Red Hat Enterprise Linux versions 3 and 4:

1. Download the net-snmp-5.2.1.tar.gz file from the Net-SNMP Web site at www.net-snmp.org/download.html.

2. Build and install the Net-SNMP libraries using the following steps.

Notes:

  • This procedure does not perform a full installation of Net-SNMP, but installs only the Net-SNMP libraries, which are required for IBM Director Core Services SNMP functions.
  • Refer to the INSTALL and README files included in the net-snmp-5.2.1.tar.gz package for additional installation information.

Untar the source files. Type the following command and press Enter.

tar -xvzf net-snmp-5.2.1.tar.gz

Change to the source directory. Type the following command and press Enter.

cd net-snmp-5.2.1

Build the Net-SNMP libraries with default options. Type the following commands (press Enter after each).

./configure --with-defaults
make

Install the Net-SNMP libraries only to /usr/local/lib. Type the following command and press Enter.

make installlibs

To enable trap forwarding, edit the /etc/init.d/dacimlist file and uncomment the following two lines two lines in the SNMP End Consumer section.

LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH

Note: The configuration changes will not take effect until you restart the cimlistener daemon in step 7.

To enable SNMP access, edit the /etc/init.d/dasnmp file and uncomment the following two lines in the section regarding the location of the net-snmp libraries.

LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH

Configure the SNMP daemon that ships with Red Hat Enterprise Linux to support AgentX agents. For details, see the documentation on the Net-SNMP Web Site.

Create the file /usr/local/share/snmp/snmpd.conf to specify trapsink and trapcommunity settings. You might have to create the directory. This file should contain only settings for trapcommunity and trapsink.

a) Specify a trap community value by adding a line containing the word trapcommunity followed by a space and the trapcommunity value, as in the following example.

trapcommunity public

b) Specify a trapsink value for each destination to which IBM Director will send SNMP traps. Add a line containing the word trapsink followed by a space and the trapsink value, as in the following example.

trapsink 192.168.1.1

Restart the cimlistener daemon by typing the following commands and pressing Enter after each:

/etc/init.d/dacimlist stop/etc/init.d/dacimlist start

Restart the IBM Director AgentX subagent by typing the following commands and pressing Enterafter each:

/etc/init.d/dasnmp stop
/etc/init.d/dasnmp start

 

Facebook
Google+
Google+
http://servicenav.coservit.com/documentation/configuring-linux-prerequisites/
Youtube
Youtube
LinkedIn