11/09/2020
CENTOSのデフォルト設定内容-その2
4.resolv、 sysctl 、nsswitch 、 sshd_config のデフォルト設定内容について
solv.confの設定内容
# Generated by NetworkManager
nameserver ###.###.###.###
nameserver ###.###.###.###
/etc/sysctl.confの設定内容
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
/etc/nsswitch.confの設定内容
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry ‘[NOTFOUND=return]’ means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# sss Use sssd (System Security Services Daemon)
# [NOTFOUND=return] Stop searching if not found so far
#
# WARNING: Running nscd with a secondary caching service like sssd may lead to
# unexpected behaviour, especially with how long entries are cached.
# To use db, put the “db” in front of “files” for entries you want to be
# looked up first in the databases
#
# Example:
: db files nisplus nis
: db files nisplus nis
: db files nisplus nis
passwd: files sss
shadow: files sss
group: files sss
: files sss
: db files nisplus nis dns
hosts: files dns myhostname
# Example – obey only what nisplus tells us…
: nisplus [NOTFOUND=return] files
: nisplus [NOTFOUND=return] files
: nisplus [NOTFOUND=return] files
: nisplus [NOTFOUND=return] files
: nisplus [NOTFOUND=return] files
: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: nisplus sss
publickey: nisplus
automount: files nisplus sss
aliases: files nisplus
/etc/ssh/sshd_configの設定内容
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp
#
Port 22
any
0.0.0.0
::
HostKey /etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
default none
# Logging
AUTH
SyslogFacility AUTHPRIV
INFO
# Authentication:
2m
PermitRootLogin yes
yes
6
10
yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
none
none
nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
no
# Change to yes if you don’t trust ~/.ssh/known_hosts for
# HostbasedAuthentication
no
# Don’t read the user’s ~/.rhosts and ~/.shosts files
yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
no
yes
# Change to no to disable s/key passwords
yes
ChallengeResponseAuthentication no
# Kerberos options
no
yes
yes
no
yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
yes
no
no
# Set this to ‘yes’ to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of “PermitRootLogin without-password”.
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to ‘no’.
# WARNING: ‘UsePAM no’ is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes
yes
yes
no
X11Forwarding yes
10
yes
yes
yes
yes
yes
no
sandbox
no
delayed
0
3
no
yes
/var/run/sshd.pid
10:30:100
no
none
none
# no default banner path
none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
5.net-snmp、 net-snmp-utils のインストールについて
net-snmpのインストール
-y install net-snmp
読み込んだプラグイン:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 2.9 kB 00:00
* base: ty1.mirror.newmediaexpress.com
* epel: nrt.edge.kernel.org
* extras: ty1.mirror.newmediaexpress.com
* remi: ftp.riken.jp
* remi-php74: ftp.riken.jp
* remi-safe: ftp.riken.jp
* updates: ty1.mirror.newmediaexpress.com
base | 3.6 kB 00:00
epel | 4.7 kB 00:00
extras | 2.9 kB 00:00
mysql-connectors-community | 2.5 kB 00:00
mysql-tools-community | 2.5 kB 00:00
mysql80-community | 2.5 kB 00:00
remi | 3.0 kB 00:00
remi-php74 | 3.0 kB 00:00
remi-safe | 3.0 kB 00:00
updates | 2.9 kB 00:00
(1/5): epel/x86_64/updateinfo | 1.0 MB 00:00
(3/5): remi/primary_db 36% [=====- ] 0.0 B/s | 4.6 MB –:– ETA (2/5): remi-php74/primary_db | 217 kB 00:00
(3/5): remi-safe/primary_db | 1.8 MB 00:00
(4/5): remi/primary_db | 2.7 MB 00:00
(5/5): epel/x86_64/primary 90% [============== ] 8.8 MB/s | 11 MB 00:00 ETA (5/5): epel/x86_64/primary_db | 6.9 MB 00:00
依存性の解決をしています
–> トランザクションの確認を実行しています。
—> パッケージ net-snmp.x86_64 1:5.7.2-48.el7_8.1 を インストール
–> 依存性の処理をしています: net-snmp-libs = 1:5.7.2-48.el7_8.1 のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> 依存性の処理をしています: net-snmp-agent-libs = 1:5.7.2-48.el7_8.1 のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> 依存性の処理をしています: libnetsnmptrapd.so.31()(64bit) のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> 依存性の処理をしています: libnetsnmpmibs.so.31()(64bit) のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> 依存性の処理をしています: libnetsnmpagent.so.31()(64bit) のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> 依存性の処理をしています: libnetsnmp.so.31()(64bit) のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> トランザクションの確認を実行しています。
—> パッケージ net-snmp-agent-libs.x86_64 1:5.7.2-48.el7_8.1 を インストール
—> パッケージ net-snmp-libs.x86_64 1:5.7.2-48.el7_8.1 を インストール
–> 依存性解決を終了しました。
依存性を解決しました
================================================================================
Package アーキテクチャー
バージョン リポジトリー
容量
================================================================================
インストール中:
net-snmp x86_64 1:5.7.2-48.el7_8.1 updates 332 k
依存性関連でのインストールをします:
net-snmp-agent-libs x86_64 1:5.7.2-48.el7_8.1 updates 707 k
net-snmp-libs x86_64 1:5.7.2-48.el7_8.1 updates 751 k
トランザクションの要約
================================================================================
インストール 1 パッケージ (+2 個の依存関係のパッケージ)
総ダウンロード容量: 1.7 M
インストール容量: 5.8 M
Downloading packages:
(1/3): net-snmp-5.7.2-48.el7_8.1.x86_64.rpm | 332 kB 00:00
(2/3): net-snmp-agent-libs-5.7.2-48.el7_8.1.x86_64.rpm | 707 kB 00:00
(3/3): net-snmp-libs-5.7.2-48.el7_8.1.x86_64.rpm | 751 kB 00:00
——————————————————————————–
合計 5.7 MB/s | 1.7 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
インストール中 : 1:net-snmp-libs-5.7.2- [ ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [ # # # # # # # # # # # # # # # # # # # # # ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2-48.el7_8.1.x86_64 1/3
インストール中 : 1:net-snmp-agent-libs- [ ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs- [ # # # # # # # # # # # # # # # # # # # # # ] 2/3 インストール中 : 1:net-snmp-agent-libs-5.7.2-48.el7_8.1.x86_64 2/3
インストール中 : 1:net-snmp-5.7.2-48.el [ ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # # # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # # # # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # # # # # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # # # # # # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # # # # # # # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # # # # # # # # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [ # # # # # # # # # # # # # # # # # # # # # ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el7_8.1.x86_64 3/3
検証中 : 1:net-snmp-agent-libs-5.7.2-48.el7_8.1.x86_64 1/3
検証中 : 1:net-snmp-5.7.2-48.el7_8.1.x86_64 2/3
検証中 : 1:net-snmp-libs-5.7.2-48.el7_8.1.x86_64 3/3
インストール:
net-snmp.x86_64 1:5.7.2-48.el7_8.1
依存性関連をインストールしました:
net-snmp-agent-libs.x86_64 1:5.7.2-48.el7_8.1
net-snmp-libs.x86_64 1:5.7.2-48.el7_8.1
完了しました!
net-snmp-utils のインストール
# yum -y install net-snmp-utils
読み込んだプラグイン:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: ty1.mirror.newmediaexpress.com
* epel: nrt.edge.kernel.org
* extras: ty1.mirror.newmediaexpress.com
* remi: ftp.riken.jp
* remi-php74: ftp.riken.jp
* remi-safe: ftp.riken.jp
* updates: ty1.mirror.newmediaexpress.com
依存性の解決をしています
–> トランザクションの確認を実行しています。
—> パッケージ net-snmp-utils.x86_64 1:5.7.2-48.el7_8.1 を インストール
–> 依存性解決を終了しました。
依存性を解決しました
================================================================================
Package アーキテクチャー
バージョン リポジトリー 容量
================================================================================
インストール中:
net-snmp-utils x86_64 1:5.7.2-48.el7_8.1 updates 200 k
トランザクションの要約
================================================================================
インストール 1 パッケージ
総ダウンロード容量: 200 k
インストール容量: 408 k
Downloading packages:
net-snmp-utils-5.7.2-48.el7_8.1.x86_64.rpm | 200 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
インストール中 : 1:net-snmp-utils-5.7.2 [ ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # # # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # # # # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [ # # # # # # # # # # # # # # # # # # # # # ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2-48.el7_8.1.x86_64 1/1
検証中 : 1:net-snmp-utils-5.7.2-48.el7_8.1.x86_64 1/1
インストール:
net-snmp-utils.x86_64 1:5.7.2-48.el7_8.1
完了しました!
/etc/snmp/snmpd.conf の設定内容
# cat /etc/snmp/snmpd.conf
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# snmpd.conf:
# An example configuration file for configuring the ucd-snmp snmpd agent.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# This file is intended to only be as a starting point. Many more
# configuration directives exist than are mentioned in this file. For
# full details, see the snmpd.conf(5) manual page.
#
# All lines beginning with a ‘ #’ are comments and are intended for you
# to read. All other lines are configuration commands for the agent.
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Access Control
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes. Examples are shown below about how to increase the
# level of access.
# By far, the most common question I get about the agent is “why won’t
# it work?”, when really it should be “how do I configure the agent to
# allow me to access it?”
#
# By default, the agent responds to the “public” community for read
# only access, if run out of the box without any configuration file in
# place. The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access to the mib tree as well.
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.
# # # #
# First, map the community name “public” into a “security name”
# sec.name source community
com2sec notConfigUser default public
# # # #
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
# # # #
# Third, create a view for us to let the group have rights to:
# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
# # # #
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
access notConfigGroup “” any noauth exact systemview none none
# —————————————————————————–
# Here is a commented out example configuration that allows less
# restrictive access.
# YOU SHOULD CHANGE THE “COMMUNITY” TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
# # sec.name source community
local localhost COMMUNITY
mynetwork NETWORK/24 COMMUNITY
# # group.name sec.model sec.name
MyRWGroup any local
MyROGroup any mynetwork
#
MyRWGroup any otherv3user
#…
# # incl/excl subtree mask
all included .1 80
# # -or just the mib2 tree-
mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
# # context sec.model sec.level prefix read write notif
MyROGroup “” any noauth 0 all none none
MyRWGroup “” any noauth 0 all all all
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Sample configuration to make net-snmpd RFC 1213.
# Unfortunately v1 and v2c don’t allow any user based authentification, so
# opening up the default config is not an option from a security point.
#
# WARNING: If you uncomment the following lines you allow write access to your
# snmpd daemon from any source! To avoid this use different names for your
# community or split out the write access to a different community and
# restrict it to your local network.
# Also remember to comment the syslocation and syscontact parameters later as
# otherwise they are still read only (see FAQ for net-snmp).
#
# First, map the community name “public” into a “security name”
# sec.name source community
notConfigUser default public
# Second, map the security name into a group name:
# groupName securityModel securityName
notConfigGroup v1 notConfigUser
notConfigGroup v2c notConfigUser
# Third, create a view for us to let the group have rights to:
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
# name incl/excl subtree mask(optional)
roview included .1
rwview included system.sysContact
rwview included system.sysName
rwview included system.sysLocation
rwview included interfaces.ifTable.ifEntry.ifAdminStatus
rwview included at.atTable.atEntry.atPhysAddress
rwview included at.atTable.atEntry.atNetAddress
rwview included ip.ipForwarding
rwview included ip.ipDefaultTTL
rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest
rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType
rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge
rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask
rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState
rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
rwview included snmp.snmpEnableAuthenTraps
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
notConfigGroup “” any noauth exact roview rwview none
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# System contact information
#
# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file:
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root (configure /etc/snmp/snmp.local.conf)
# Example output of snmpwalk:
# % snmpwalk -v 1 localhost -c public system
# system.sysDescr.0 = “SunOS name sun4c”
# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
# system.sysContact.0 = “Me “
# system.sysName.0 = “name”
# system.sysLocation.0 = “Right here, right now.”
# system.sysServices.0 = 72
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Logging
#
# We do not want annoying “Connection from UDP: ” messages in syslog.
# If the following option is commented out, snmpd will print each incoming
# connection, which can be useful for debugging.
dontLogTCPWrappersConnects yes
# —————————————————————————–
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Process checks.
#
# The following are examples of how to use the agent to check for
# processes running on the host. The syntax looks something like:
#
# proc NAME [MAX=0] [MIN=0] #
# NAME: the name of the process to check for. It must match
# exactly (ie, http will not find httpd processes).
# MAX: the maximum number allowed to be running. Defaults to 0.
# MIN: the minimum number to be running. Defaults to 0.
#
# Examples (commented out by default):
#
# Make sure mountd is running
mountd
# Make sure there are no more than 4 ntalkds running, but 0 is ok too.
ntalkd 4
# Make sure at least one sendmail, but less than or equal to 10 are running.
sendmail 10 1
# A snmpwalk of the process mib tree would look something like this:
#
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
# enterprises.ucdavis.procTable.prEntry.prNames.1 = “mountd”
# enterprises.ucdavis.procTable.prEntry.prNames.2 = “ntalkd”
# enterprises.ucdavis.procTable.prEntry.prNames.3 = “sendmail”
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = “No mountd process running.”
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = “”
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = “”
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
#
# Note that the errorFlag for mountd is set to 1 because one is not
# running (in this case an rpc.mountd is, but thats not good enough),
# and the ErrMessage tells you what’s wrong. The configuration
# imposed in the snmpd.conf file is also shown.
#
# Special Case: When the min and max numbers are both 0, it assumes
# you want a max of infinity and a min of 1.
#
# —————————————————————————–
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Executables/scripts
#
#
# You can also have programs run by the agent that return a single
# line of output and an exit code. Here are two examples.
#
# exec NAME PROGRAM [ARGS …] #
# NAME: A generic name. The name must be unique for each exec statement.
# PROGRAM: The program to run. Include the path!
# ARGS: optional arguments to be passed to the program
# a simple hello world
echotest /bin/echo hello world
# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note: this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do. Uncomment to use it.
#
shelltest /bin/sh /tmp/shtest
# Then,
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
# enterprises.ucdavis.extTable.extEntry.extNames.1 = “echotest”
# enterprises.ucdavis.extTable.extEntry.extNames.2 = “shelltest”
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = “/bin/echo hello world”
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = “/bin/sh /tmp/shtest”
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = “hello world.”
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = “hello world.”
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
# Note that the second line of the /tmp/shtest shell script is cut
# off. Also note that the exit status of 35 was returned.
# —————————————————————————–
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# disk checks
#
# The agent can check the amount of available disk space, and make
# sure it is above a set limit.
# disk PATH [MIN=100000] #
# PATH: mount path to the disk in question.
# MIN: Disks with space below this value will have the Mib’s errorFlag set.
# Default value = 100000.
# Check the / partition and make sure it contains at least 10 megs.
/ 10000
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = “/” Hex: 2F
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = “/dev/dsk/c201d6s0”
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = “”
# —————————————————————————–
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# load average checks
#
# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0] #
# 1MAX: If the 1 minute load average is above this limit at query
# time, the errorFlag will be set.
# 5MAX: Similar, but for 5 min average.
# 15MAX: Similar, but for 15 min average.
# Check for loads:
12 14 14
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = “Load-1”
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = “Load-5”
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = “Load-15”
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = “0.49” Hex: 30 2E 34 39
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = “0.31” Hex: 30 2E 33 31
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = “0.26” Hex: 30 2E 32 36
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = “12.00”
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = “14.00”
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = “14.00”
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = “”
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = “”
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = “”
# —————————————————————————–
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Extensible sections.
#
# This alleviates the multiple line output problem found in the
# previous executable mib by placing each mib in its own mib table:
# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note: this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do. Uncomment to use it.
#
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
# enterprises.ucdavis.50.1.1 = 1
# enterprises.ucdavis.50.2.1 = “shelltest”
# enterprises.ucdavis.50.3.1 = “/bin/sh /tmp/shtest”
# enterprises.ucdavis.50.100.1 = 35
# enterprises.ucdavis.50.101.1 = “hello world.”
# enterprises.ucdavis.50.101.2 = “hi there.”
# enterprises.ucdavis.50.102.1 = 0
# Now the Output has grown to two lines, and we can see the ‘hi
# there.’ output as the second line from our shell script.
#
# Note that you must alter the mib.txt file to be correct if you want
# the .50.* outputs above to change to reasonable text descriptions.
# Other ideas:
#
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
# —————————————————————————–
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Pass through control.
#
# Usage:
# pass MIBOID EXEC-COMMAND
#
# This will pass total control of the mib underneath the MIBOID
# portion of the mib to the EXEC-COMMAND.
#
# Note: You’ll have to change the path of the passtest script to your
# source directory or install it in the given location.
#
# Example: (see the script for details)
# (commented out here since it requires that you place the
# script in the right location. (its not installed by default))
# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
# enterprises.ucdavis.255.1 = “life the universe and everything”
# enterprises.ucdavis.255.2.1 = 42
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
# enterprises.ucdavis.255.5 = 42
# enterprises.ucdavis.255.6 = Gauge: 42
#
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
# enterprises.ucdavis.255.5 = 42
#
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s “New string”
# enterprises.ucdavis.255.1 = “New string”
#
# For specific usage information, see the man/snmpd.conf.5 manual page
# as well as the local/passtest script used in the above example.
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Further Information
#
# See the snmpd.conf manual page, and the output of “snmpd -H”.
4.resolv、 sysctl 、nsswitch 、 sshd_config のデフォルト設定内容について solv.confの設定内容 # Generated by NetworkManagernameserver ###.###.###.###nameserver ###.###.###