因为我只使用 snmp v3 并且想在 snmpd 中禁用版本 1 和版本 2c。
我怎样才能做到这一点?
答案1
注释掉snmpd.conf 中以com2sec、group、 和开头的行,例如:access
[root@sandbox snmp]# cat snmpd.conf
#com2sec notConfigUser default public
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
#access notConfigGroup "" any noauth exact systemview none none
#com2sec local 0.0.0.0/0 publicrw
#com2sec mynetwork 0.0.0.0/0 publicro
#group MyRWGroup any local
#group MyROGroup any mynetwork
view all included .1 80
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
#access MyROGroup "" any noauth 0 all none none
#access MyRWGroup "" any noauth 0 all all all
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
rwuser readonly
[root@sandbox snmp]# snmpwalk -v1 -c public localhost
Timeout: No Response from localhost
[root@sandbox snmp]# snmpwalk -v2c -c public localhost
Timeout: No Response from localhost
[root@sandbox snmp]# snmpwalk -v 3 -n '' -l authPriv -u "readonly" -A "readonly" -X "readonly" localhost IF-MIB::ifName
IF-MIB::ifName.1 = STRING: lo
IF-MIB::ifName.2 = STRING: eth0
IF-MIB::ifName.3 = STRING: eth1
答案2
最好
snmpwalk从乔克里普尔禁用 v1、v2 之前和之后的答案https://serverfault.com/a/376693/460967
A简单的解决方案:
- 停止 SNMP 守护进程
- 重命名(移动)snmpd.conf(默认配置已启用 v1、v2)
- 创建一个 SNMPv3 用户,例如 ar/o 用户(它将创建一个仅使用 SNMPv3 的新 snmpd.conf)
- 启用并启动 SNMP 守护程序
systemctl stop snmpd
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
net-snmp-create-v3-user -ro -a SHA -x AES <myv3user>
systemctl enable snmpd
systemctl start snmpd
systemctl status snmpd
- (可选)运行
snmpwalk测试以确保 v1、v2 已关闭且 v3 正常工作。