google一下snmp的漏洞,避免下载到未打补丁的版本
Net-SNMP远程绕过认证漏洞
受影响系统:
Net-SNMP net-snmp 5.4.x
Net-SNMP net-snmp 5.3.x
Net-SNMP net-snmp 5.2.x
不受影响系统:
Net-SNMP net-snmp 5.4.1.1
Net-SNMP net-snmp 5.3.2.1
Net-SNMP net-snmp 5.2.4.1
检查有无安装snmp
rpm -qa|grep snmp
下载net-snmp
http://www.net-snmp.org/download.html
http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-5.4.2.1-1.f9.i386.rpm
http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-devel-5.4.2.1-1.f9.i386.rpm
http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-perlmods-5.4.2.1-1.f9.i386.rpm
安装snmp
rpm -ivh net-snmp-*.rpm
error: Failed dependencies:
libc.so.6(GLIBC_2.4) is needed by net-snmp-5.4.2.1-1.i386
libc.so.6(GLIBC_2.7) is needed by net-snmp-5.4.2.1-1.i386
librpm-4.4.so is needed by net-snmp-5.4.2.1-1.i386
librpmio-4.4.so is needed by net-snmp-5.4.2.1-1.i386
检查glib版本
rpm -qa | grep glibc
glibc-2.3.4-2
glibc-common-2.3.4-2
glibc-kernheaders-2.4-9.1.87
glibc-devel-2.3.4-2
glibc-headers-2.3.4-2
glibc升级风险比较大,改用soure编译
先安装beecrypt
wget http://downloads.sourceforge.net/beecrypt/beecrypt-4.1.2.tar.gz
tar zxvf beecrypt-4.1.2.tar.gz
cd beecrypt-4.1.2
./configure –prefix=/usr
make
_bc-py.c:8:20: Python.h: No such file or directory
rpm -qa|grep python
rpm-python-4.3.3-18_nonptl
gnome-python2-bonobo-2.6.0-3
python-2.3.4-14.2
libxml2-python-2.6.16-6
python-elementtree-1.2.6-4.2.1
python-sqlite-1.1.7-1.2
gnome-python2-2.6.0-3
gnome-python2-canvas-2.6.0-3
mod_python-3.1.3-5.1
dbus-python-0.22-12.EL.7
MySQL-python-1.0.0-1.RHEL4.1
python-urlgrabber-2.9.8-2
没有python-devel,升级下python
http://blog.c1gstudio.com/archives/588
重新make
make
make install
更新动态库
ldconfig -v
ln -s /lib/libelf.so.1 /usr/lib/libelf.so
安装net-snmp
wget http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-5.4.2.1.tar.gz
tar zxvf net-snmp-5.4.2.1.tar.gz
cd net-snmp-5.4.2.1
./configure -enable-mfd-rewrites -with-default-snmp-version=”2″ -with-sys-contact=”admin” -with-sys-location=”China” -with-logfile=”/var/log/snmpd.log” -with-persistent-directory=”/var/net-snmp”
编译的输出
SNMP Versions Supported: 1 2c 3
Net-SNMP Version: 5.4.2.1
Building for: linux
Network transport support: Callback Unix TCP UDP
SNMPv3 Security Modules: usm
Agent MIB code: default_modules => snmpv3mibs mibII ucd_snmp notification notification-log-mib target agent_mibs agentx disman/event disman/schedule utilities host
Embedded Perl support: enabled
SNMP Perl modules: building — embeddable
SNMP Python modules: disabled
Authentication support: MD5 SHA1
Encryption support: DES AES
make
安装出错
grep: /usr/lib/libbeecrypt.la: No such file or directory
/bin/sed: can’t read /usr/lib/libbeecrypt.la: No such file or directory
libtool: link: `/usr/lib/libbeecrypt.la’ is not a valid libtool archive
#请安装beecrypt
/usr/bin/ld: cannot find -lelf
collect2: ld returned 1 exit status
#ln -s libelf.so.1 /usr/lib/libelf.so
make install
ldconfig -v
community string
网络设备在使用SNMP中都设有community string,它类似于简单的口令验证机制,用来确认是否具有可读或读写的权限。许多用户在购买设备以来,从未修改系统缺省的community string,因此非授权用户使用缺省口令就可以对重要的系统信息、设备的状态等进行修改。
将”COMMUNITY”字段改为你要设置的密码.比如”public”或privatepass.
将“localhost”改为你想哪台机器可以看到你的snmp信息,如localhost或10.10.10.10。
SNMP的版本
在SNMP协议得益于重大升级,因为在1988年推出。
不幸的是,很大比例的网络内容供应商,甚至一些网络管理系统厂商都没有利用这些改进。
许多网络元素只支持SNMPv1和SNMPv2c 。 支持SNMPv3的是最小的。
版本 描述
SNMPv1 SNMPv1 ,其中实施以社区为基础的安全
SNMPv2c SNMPv2以社区为基础的安全
SNMPv2u SNMPv2与基于用户的安全
SNMPv2 SNMPv2党为基础的安全
SNMPv3安全机制 SNMPv3安全机制,而实现基于用户的安全
配置snmp
mkdir /usr/local/etc/snmp
cp EXAMPLE.conf /usr/local/etc/snmp/snmpd.conf
vi usr/local/etc/snmp/snmpd.conf
# sec.name source community
com2sec local localhost privatepass
#com2sec mynetwork NETWORK/24 public
####
# Second, map the security names into group names:
# sec.model sec.name
#group MyRWGroup v1 local
#group MyRWGroup v2c local
#group MyRWGroup usm local
#group MyROGroup v1 mynetwork
#group MyROGroup v2c mynetwork
#group MyROGroup usm mynetwork
group MyROGroup v1 local
group MyROGroup v2c local
####
# Third, create a view for us to let the groups have rights to:
# incl/excl subtree mask
#view all included .1 80
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:
# context sec.model sec.level match read write notif
access MyROGroup “” any noauth exact mib2 none none
#access MyRWGroup “” any noauth exact all all none
#启动
/usr/local/sbin/snmpd
#加入启动
echo ‘/usr/local/sbin/snmpd’ >> /etc/rc.local
#查看161端口是否开启
netstat -ano|grep 161
#测试
snmpwalk -v 1 -c privatepass localhost system
SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2612) 0:00:26.12
SNMPv2-MIB::sysContact.0 = STRING: Me
SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain
SNMPv2-MIB::sysLocation.0 = STRING: Right here, right now.
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORDescr.1 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.3 = STRING: The management information definitions for the SNMP User-based Security Model.
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementations
SNMPv2-MIB::sysORDescr.8 = STRING: View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (0) 0:00:00.00
snmp安装完毕
安装check_traffic脚本
下载check_traffic_v1.1.6.zip脚本
http://www.itnms.net/discuz/viewthread.php?tid=767&extra=pageD1&page=1
上传./check_traffic.sh 至/usr/local/nagios/libexec
cd /usr/local/nagios/libexec/
chown nagios:nagios ./check_traffic.sh
chmod 755 ./check_traffic.sh
用 -L选项列出对应主机所有的interface,来确定你要监控的网络接口(如果能你确认接口的index值,这一步可以省略)。
通过输出,我们确认要监控的网络接口为4,对应为”Macronix MX98715-Based Ethernet Adapter (Generic) – 数据包计划程序微型端口”
./check_traffic.sh -V 2c -C privatepass -H localhost -L
List Interface for host localhost.
Interface index 1 orresponding to lo
Interface index 2 orresponding to eth0
Interface index 3 orresponding to eth1
Interface index 4 orresponding to sit0
按照说明,选择版本为2c(一般选择1或者2c),community为privatepass,interface为2,单位为KB/s,in流量对应warning/critical值为200/400,out流量对应warning/critical值为300/500.
sudo -u nagios ./check_traffic.sh -V 2c -C privatepass -H localhost -I 2 -w12,30 -c15,50 -K -b
Can not found data in the history data file.
If it’s the first time for this plugins, that’s OK.
Otherwise,please use debug mode and check the debug file.
第一次执行,因为history data file不存在,因此会由此提示,可以忽略。
如果每次执行都忽略,则要检查/var/tmp下是否有/var/tmp/check_traffic_${Host}_${Interface}.hist_dat文件生成。
文件的内容是系统当前的时间,in及out当前的数值。
nagios监控本机的配置
修改/usr/local/nagios/etc/objects/commands.cfg,增下以下内容
define command{
command_name check_traffic_nv
command_line $USER1$/check_traffic.sh -V 2c -C privatepass -H localhost -I $ARG1$ -w $ARG2$ -c $ARG3$ -M -b
}
修改/usr/local/nagios/etc/objects/localhost.cfg,增下以下内容
define service{
use local-service,srv-pnp ; Name of service template to use
host_name nagios
service_description check_nv_traffic_eth0
check_command check_traffic_nv!2!12,30!15,35
notifications_enabled 0
normal_check_interval 5 ;5分钟
retry_interval 1 ;1分钟
}
nagios监控远程机的配置
修改/usr/local/nagios/etc/objects/remotehost.cfg,增下以下内容
define service{
use local-service,srv-pnp ; Name of service template to use
host_name nagios
service_description check_nv_traffic_eth0
check_command check_nrpe!check_traffic_nv
notifications_enabled 0
normal_check_interval 5 ;5分钟
retry_interval 1 ;1分钟
}
修改/usr/local/nagios/etc/nrpe.cfg增加以下内容
command[check_traffic_nv]=/usr/local/nagios/libexec/check_traffic_nv.sh -V 2c -C privatepass -H localhost -I 2 -w 12,30 -c 15,35 -M -b
访问http://localhost/nagios
点击Service Detail
点击check_nv_traffic_eth0服务旁的小太阳
等5分钟后就可以看到图表
which: no snmpwalk in (/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin)
如果check_nv_traffic_eth0服务报找不到snmpwalk.
ln -s /usr/local/bin/snmpwalk /usr/bin/snmpwalk
有时我作的软链接会丢失,挺奇怪的。。。
=====================
2014-09-24更新
固定网卡顺序
http://blog.c1gstudio.com/archives/1703
呵呵,写的不错!
石头兄过奖了,多谢你的脚本,呵呵
点击check_nv_traffic_eth0服务旁的小太阳
为什么我看不到什么小太阳??
之前需要安装pnp
哦 明白了,谢谢