Installing Net-SNMP on Solaris OS

By -

Introduction:
Sun OS versions previous to Solaris10 come configured with the Sun SNMP agent. Solaris has started shipping Net-SNMP with Solaris10 as an alternative to the Sun SNMP agent, this guide is designed to offer a road-map for installing Net-SNMP on versions older than Solaris10 so that users can utilize both the inclusion of the HOST-MIB Tree (Disk and CPU monitoring) and the use of SNMPv3 (encryption of SNMP traffic over a network) within these previous OS's (capability unavailable in the Sun SNMP agent).

Check For Sun SNMP Agent:
Before we start we need to check for the existence of the Sun SNMP agent and turn it off if it is running.

To do so run the following command from the command line:

Code:
ps -ef | grep snmp
If the Sun agent is running you will see output similar to the following:

Code:
    root 10765     1  0   Sep 23 ?        0:00 /usr/lib/dmi/snmpXdmid -s builder-solaris
    root 10756     1  0   Sep 23 ?        0:00 /usr/lib/dmi/snmpXdmid -s builder-solaris
    root 10725     1  0   Sep 23 ?       18:41 /usr/lib/snmp/snmpdx -y -c /etc/snmp/conf
If the Net-SNMP agent has already been installed and is running you will alternatively see output similar to this:

Code:
    root  4035     1  0 16:08:12 ?        0:03 /usr/local/sbin/snmpd
If no agent is currently running you receive an empty set output.

Turn Off Sun Agent:

In the event that you do have a running sun Agent, it can be turned off using the following commands:
Code:
/etc/rc3.d/S76snmpdx stop
/etc/rc3.d/S77dmi stop
Once you have stopped the process, make sure that you have nothing else running on UPD ports 161 or 162, this can be checked by running the following commands:
Code:
netstat -an | grep 161
netstat -an | grep 162
Assuming nothing is currently running, both should return an empty set. If connection information is returned you will need to clear these ports before you can proceed.

To disable Sun's SNMP
In the event reboot or restart sun Agent will start running due to service; to avoid so we need to disable the Sun SNMP Agent  
#svcadm disable svc:/application/management/snmpdx:default

Installing Net-SNMP Agent
The Net-SNMP package can be installed from packages or built locally on a system from source.
Installing from packages involves the following steps:

Retrieve the package:
For demo purpose we are going to install Net-SNMP from packages available at: http://www.sunfreeware.com/

To retrieve the package you are going to want to use the linux FTP client to download the archive. This can be achieved using the following set of commands:

Code:
>       cd /tmp
>       ftp ftp.sunfreeware.com
ftp>   anonymous
ftp>   (your email address)
ftp>   bin
ftp>   cd pub/freeware/sparc/9/
ftp>   get netsnmp-5.4.2.1-sol9-sparc-local.gz
ftp>   quit
>       gunzip netsnmp-5.4.2.1-sol9-sparc-local.gz
>       pkgadd -d netsnmp-5.4.2.1-sol9-sparc-local
Keep in mind that this set of instructions is for Solaris 9, different versions of Solaris will require slightly different paths and filenames (IE sol9, sparc/9/), different build numbers will also require slightly different filenames (IE 5.4.2.1).

It should also be mentioned that you can also always alternatively build these packages from source (in fact this is the Net-SNMP preferred way), for detailed instructions regarding building the Net-SNMP package from source please visit: http://www.net-snmp.org/docs/README.solaris.html .

Configuring Net-SNMP

Once Net-SNMP has been successfully installed you are going to need to configure the agent by creating an snmpd.conf file and copying it over to the /usr/local/share/snmp/ directory.

This can be accomplished by completing the snmp configuration wizard:

Code:
> cd /tmp
> snmpconf -g basic_setup
[Complete Questionair]
>cp snmpd.conf /usr/local/share/snmp/
Alternatively for a simple setup you can copy and paste the following into a file located at /usr/local/share/snmp/snmpd.conf (SNMPv1 & v2 with community string 'public'):
Code:
###########################################################################
# SECTION: Access Control Setup
#
#   This section defines who is allowed to talk to your running
#   snmp agent.

# rocommunity: a SNMPv1/SNMPv2c read-only access community name
#   arguments:  community [default|hostname|network/bits] [oid]

rocommunity  public
To test that the configuration has worked you will want to run the following set of commands from the command line:
Code:
/usr/local/sbin/snmpd
snmpwalk -v 2c -c public localhost
If the agent is running correctly you are going to see an snmpwalk output dump to your screen, which should look similar to this:

Code:
SNMPv2-MIB::snmpOutBadValues.0 = Counter32: 0
SNMPv2-MIB::snmpOutGenErrs.0 = Counter32: 0
SNMPv2-MIB::snmpOutGetRequests.0 = Counter32: 0
SNMPv2-MIB::snmpOutGetNexts.0 = Counter32: 0
SNMPv2-MIB::snmpOutSetRequests.0 = Counter32: 0
SNMPv2-MIB::snmpOutGetResponses.0 = Counter32: 2826
SNMPv2-MIB::snmpOutTraps.0 = Counter32: 0
SNMPv2-MIB::snmpEnableAuthenTraps.0 = INTEGER: disabled(2)
SNMPv2-MIB::snmpSilentDrops.0 = Counter32: 0
SNMPv2-MIB::snmpProxyDrops.0 = Counter32: 0
For the Solaris 10 which comes with pre installed Net-SNMP daemon; program locates at /usr/sfw/sbin/snmpd, and configure file of snmpd saved with the name snmpd.conf at /etc/sma/snmp. Use svcadm to start of stop snmpd:
#svcadm enable svc:/application/management/sma:default
#svcadm disable svc:/application/management/sma:default

Log File
if there's any error or warning messages, see the file /var/svc/log/application-management-sma\:default.log. The default log file of snmpd is/var/log/snmpd.log.

Configuration file
We may use /etc/sma/snmp/snmpd.conf.save as the working configure file to test wheather our snmpd daemon is ok.
#cp /etc/sma/snmp/snmpd.conf.save /etc/sma/snmp/snmpd.conf
#svcadm restart sma

P.S. There's another file also named as snmpd.conf stored in /var/sma_snmp directory, and which is called persistent storage file. The persistent storage file, /var/sma_snmp/snmpd.conf, contains USM security information and any MIB components that are set for persistent storage. This file also contains the engineID and the engineID boots. This persistent storage file is automatically updated when the System Management Agent starts. When the System Management Agent stops, the snmpusm and snmpvacm utilities write user security information to this storage file.

Using the AgentX Protocol
The AgentX protocol is supported in the System Management Agent. By default, the System Management Agent ships with a secure profile, that is, read–only access. AgentX allows interaction with third party subagents, provided that these subagents support AgentX over Unix Domain Sockets. For security reasons, AgentX is not supported over TCP/UDP. For more information on the AgentX protocol, see http://www.ietf.org/rfc/rfc2741.txt Edit the main /etc/sma/snmp/snmpd.conf configuration file to configure the System Management Agent to use the AgentX protocol. By default, the AgentX protocol is disabled. The following procedure describes how to enable the AgentX protocol. To enable the AgentX protocol add the following to /etc/sma/snmp/snmpd.conf file:

master agentx

restart the sma (system management agent).
# svcadm restart svc:/application/management/sma:default

Using the SMA
To view the status of the agent
# svcs svc:/application/management/sma:default

To See Which MIBs Are Initialized
# /usr/sfw/sbin/snmpd -Dregister_mib -Dmib_init -L

To Check the Disk Space and Network on a Local or Remote Machine
# /usr/sfw/bin/snmpwalk -v1 -c public localhost HOST-RESOURCES-MIB::hrStorageIndex

# /usr/sfw/bin/snmpget -v1 -c public localhost HOST-RESOURCES-MIB::hrStorageSize.1

# /usr/sfw/bin/snmpwalk -v1 -c public localhost HOST-RESOURCES-MIB::hrStorageUsed

# /usr/sfw/bin/snmpnetstat -v 2c -c public -a localhost

if all these works, the sma is configured and brought on properly.
Conclusion:

You should now be able to provision the Solaris device within Traverse and receive all of the HOST-MIB applicable metrics (CPU, Disk). If an appropriate SNMPv3 account was created while completing the snmpconf wizard you will also have encrypted SNMP queries available to you at this point.

Comments

Post a Comment

Popular posts from this blog

Linux File and Directory Permissions

By -
Image
file & directory protection is a essential of any OS and Linux OS is no exception for it! These authorizations allow you to choose exactly who can access your files & directory, providing an overall improved system security. There was one of the major flaws in the older Windows operating-system where, by standard, all users can see each other people's information (Windows 95, 98, Me). For overcoming it, editions of the Windows based computer system such as NT, 2000, XP and 2003 lot more security features added. They fully support file & directory permissions, just as Linux system has since the beginning. Together, we'll now assess a directory listing from our Lab Linux system hosting server, to help us understand the information provided. a simple 'ls' command will give you the file and directory listing within a given directory, including the option  '-l' will display number of new areas that we are going to discuss here:
Read more

How to Disable SSL for Webmin

By -
Webmin is a Web application that enables administrators to manage Linux servers. Webmin runs on a Web server at port 10000. Miniserv is the name of the Web server application that handles the Webmin Web application. By default, Miniserv uses SSL. However, you can disable SSL for Webmin Miniserv by editing the configuration file for the Web application. With SSL disabled, you can access the Webmin application over a standard HTTP connection. Step 1 Open a terminal window on the Linux server. You can also SSH into the server if you do not have physical access to the machine. Step 2 Type the following command at the command prompt and press the “Enter” key: nano /etc/webmin/miniserv.conf This command opens the Miniserv configuration file in the Nano text editor.
Read more

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442

By -
Image
This article shows how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘ This app can’t run on this PC ’ installation error , plus fix the Reason 442: Failed to enable Virtual Adapter error message . The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511 .  To simplify the article, we’ve broken it into the following two sections: How to Install Cisco VPN client on Windows 10 (clean installation or upgrade from previous Windows), including Windows 10 build prior or after build 1511 . How to Fix Reason 442: Failed to enable Virtual Adapter on Windows 10 Figure 1. The Cisco VPN Client Reason 442: Failed to enable Virtual Adapter error on Windows 10 HOW TO INSTALL CISCO VPN CLIENT ON WINDOWS 10 (NEW INSTALLATIONS OR O/S UPGRADES) The instructions below are for new or clean Windows 10 inst...
Read more