CENTOSのデフォルト設定内容-その2

Posted By: みなまち運営者 On:


4.resolv、 sysctl 、nsswitch 、 sshd_config のデフォルト設定内容について

solv.confの設定内容

# Generated by NetworkManager
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx

/etc/sysctl.confの設定内容

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).

/etc/nsswitch.confの設定内容

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry ‘[NOTFOUND=return]’ means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# sss Use sssd (System Security Services Daemon)
# [NOTFOUND=return] Stop searching if not found so far
#
# WARNING: Running nscd with a secondary caching service like sssd may lead to
# unexpected behaviour, especially with how long entries are cached.

# To use db, put the “db” in front of “files” for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files sss
shadow: files sss
group: files sss
#initgroups: files sss

#hosts: db files nisplus nis dns
hosts: files dns myhostname

# Example – obey only what nisplus tells us…
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss

netgroup: nisplus sss

publickey: nisplus

automount: files nisplus sss
aliases: files nisplus

/etc/ssh/sshd_configの設定内容

# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don’t trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don’t read the user’s ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
#PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to ‘yes’ to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of “PermitRootLogin without-password”.
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to ‘no’.
# WARNING: ‘UsePAM no’ is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

5.net-snmp、 net-snmp-utils のインストールについて

net-snmpのインストール

#yum -y install net-snmp
読み込んだプラグイン:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 2.9 kB 00:00
* base: ty1.mirror.newmediaexpress.com
* epel: nrt.edge.kernel.org
* extras: ty1.mirror.newmediaexpress.com
* remi: ftp.riken.jp
* remi-php74: ftp.riken.jp
* remi-safe: ftp.riken.jp
* updates: ty1.mirror.newmediaexpress.com
base | 3.6 kB 00:00
epel | 4.7 kB 00:00
extras | 2.9 kB 00:00
mysql-connectors-community | 2.5 kB 00:00
mysql-tools-community | 2.5 kB 00:00
mysql80-community | 2.5 kB 00:00
remi | 3.0 kB 00:00
remi-php74 | 3.0 kB 00:00
remi-safe | 3.0 kB 00:00
updates | 2.9 kB 00:00
(1/5): epel/x86_64/updateinfo | 1.0 MB 00:00
(3/5): remi/primary_db 36% [=====- ] 0.0 B/s | 4.6 MB –:– ETA (2/5): remi-php74/primary_db | 217 kB 00:00
(3/5): remi-safe/primary_db | 1.8 MB 00:00
(4/5): remi/primary_db | 2.7 MB 00:00
(5/5): epel/x86_64/primary 90% [============== ] 8.8 MB/s | 11 MB 00:00 ETA (5/5): epel/x86_64/primary_db | 6.9 MB 00:00
依存性の解決をしています
–> トランザクションの確認を実行しています。
—> パッケージ net-snmp.x86_64 1:5.7.2-48.el7_8.1 を インストール
–> 依存性の処理をしています: net-snmp-libs = 1:5.7.2-48.el7_8.1 のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> 依存性の処理をしています: net-snmp-agent-libs = 1:5.7.2-48.el7_8.1 のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> 依存性の処理をしています: libnetsnmptrapd.so.31()(64bit) のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> 依存性の処理をしています: libnetsnmpmibs.so.31()(64bit) のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> 依存性の処理をしています: libnetsnmpagent.so.31()(64bit) のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> 依存性の処理をしています: libnetsnmp.so.31()(64bit) のパッケージ: 1:net-snmp-5.7.2-48.el7_8.1.x86_64
–> トランザクションの確認を実行しています。
—> パッケージ net-snmp-agent-libs.x86_64 1:5.7.2-48.el7_8.1 を インストール
—> パッケージ net-snmp-libs.x86_64 1:5.7.2-48.el7_8.1 を インストール
–> 依存性解決を終了しました。

依存性を解決しました

================================================================================
Package アーキテクチャー
バージョン リポジトリー
容量
================================================================================
インストール中:
net-snmp x86_64 1:5.7.2-48.el7_8.1 updates 332 k
依存性関連でのインストールをします:
net-snmp-agent-libs x86_64 1:5.7.2-48.el7_8.1 updates 707 k
net-snmp-libs x86_64 1:5.7.2-48.el7_8.1 updates 751 k

トランザクションの要約
================================================================================
インストール 1 パッケージ (+2 個の依存関係のパッケージ)

総ダウンロード容量: 1.7 M
インストール容量: 5.8 M
Downloading packages:
(1/3): net-snmp-5.7.2-48.el7_8.1.x86_64.rpm | 332 kB 00:00
(2/3): net-snmp-agent-libs-5.7.2-48.el7_8.1.x86_64.rpm | 707 kB 00:00
(3/3): net-snmp-libs-5.7.2-48.el7_8.1.x86_64.rpm | 751 kB 00:00
——————————————————————————–
合計 5.7 MB/s | 1.7 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
インストール中 : 1:net-snmp-libs-5.7.2- [ ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [# ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [## ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [### ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [#### ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [##### ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [###### ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [####### ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [######## ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [######### ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [########## ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [########### ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [############ ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [############# ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [############## ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [############### ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [################ ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [################# ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [################## ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [################### ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [#################### ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2- [##################### ] 1/3 インストール中 : 1:net-snmp-libs-5.7.2-48.el7_8.1.x86_64 1/3
インストール中 : 1:net-snmp-agent-libs- [ ] 2/3 インストール中 : 1:net-snmp-agent-libs- [# ] 2/3 インストール中 : 1:net-snmp-agent-libs- [## ] 2/3 インストール中 : 1:net-snmp-agent-libs- [### ] 2/3 インストール中 : 1:net-snmp-agent-libs- [#### ] 2/3 インストール中 : 1:net-snmp-agent-libs- [##### ] 2/3 インストール中 : 1:net-snmp-agent-libs- [###### ] 2/3 インストール中 : 1:net-snmp-agent-libs- [####### ] 2/3 インストール中 : 1:net-snmp-agent-libs- [######## ] 2/3 インストール中 : 1:net-snmp-agent-libs- [######### ] 2/3 インストール中 : 1:net-snmp-agent-libs- [########## ] 2/3 インストール中 : 1:net-snmp-agent-libs- [########### ] 2/3 インストール中 : 1:net-snmp-agent-libs- [############ ] 2/3 インストール中 : 1:net-snmp-agent-libs- [############# ] 2/3 インストール中 : 1:net-snmp-agent-libs- [############## ] 2/3 インストール中 : 1:net-snmp-agent-libs- [############### ] 2/3 インストール中 : 1:net-snmp-agent-libs- [################ ] 2/3 インストール中 : 1:net-snmp-agent-libs- [################# ] 2/3 インストール中 : 1:net-snmp-agent-libs- [################## ] 2/3 インストール中 : 1:net-snmp-agent-libs- [################### ] 2/3 インストール中 : 1:net-snmp-agent-libs- [#################### ] 2/3 インストール中 : 1:net-snmp-agent-libs- [##################### ] 2/3 インストール中 : 1:net-snmp-agent-libs-5.7.2-48.el7_8.1.x86_64 2/3
インストール中 : 1:net-snmp-5.7.2-48.el [ ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [# ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [## ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [### ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [##### ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [####### ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [######## ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [########## ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [########### ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [############# ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [############### ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [################ ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [################# ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [################## ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [################### ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [#################### ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el [##################### ] 3/3 インストール中 : 1:net-snmp-5.7.2-48.el7_8.1.x86_64 3/3
検証中 : 1:net-snmp-agent-libs-5.7.2-48.el7_8.1.x86_64 1/3
検証中 : 1:net-snmp-5.7.2-48.el7_8.1.x86_64 2/3
検証中 : 1:net-snmp-libs-5.7.2-48.el7_8.1.x86_64 3/3

インストール:
net-snmp.x86_64 1:5.7.2-48.el7_8.1

依存性関連をインストールしました:
net-snmp-agent-libs.x86_64 1:5.7.2-48.el7_8.1
net-snmp-libs.x86_64 1:5.7.2-48.el7_8.1

完了しました!

net-snmp-utils のインストール

# yum -y install net-snmp-utils
読み込んだプラグイン:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: ty1.mirror.newmediaexpress.com
* epel: nrt.edge.kernel.org
* extras: ty1.mirror.newmediaexpress.com
* remi: ftp.riken.jp
* remi-php74: ftp.riken.jp
* remi-safe: ftp.riken.jp
* updates: ty1.mirror.newmediaexpress.com
依存性の解決をしています
–> トランザクションの確認を実行しています。
—> パッケージ net-snmp-utils.x86_64 1:5.7.2-48.el7_8.1 を インストール
–> 依存性解決を終了しました。

依存性を解決しました

================================================================================
Package アーキテクチャー
バージョン リポジトリー 容量
================================================================================
インストール中:
net-snmp-utils x86_64 1:5.7.2-48.el7_8.1 updates 200 k

トランザクションの要約
================================================================================
インストール 1 パッケージ

総ダウンロード容量: 200 k
インストール容量: 408 k
Downloading packages:
net-snmp-utils-5.7.2-48.el7_8.1.x86_64.rpm | 200 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
インストール中 : 1:net-snmp-utils-5.7.2 [ ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [# ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [## ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [### ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [#### ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [##### ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [####### ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [######## ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [######### ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [########## ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [########### ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [############ ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [############# ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [############## ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [################ ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [################# ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [################## ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [################### ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [#################### ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2 [##################### ] 1/1 インストール中 : 1:net-snmp-utils-5.7.2-48.el7_8.1.x86_64 1/1
検証中 : 1:net-snmp-utils-5.7.2-48.el7_8.1.x86_64 1/1

インストール:
net-snmp-utils.x86_64 1:5.7.2-48.el7_8.1

完了しました!

/etc/snmp/snmpd.conf の設定内容

# cat /etc/snmp/snmpd.conf
###############################################################################
#
# snmpd.conf:
# An example configuration file for configuring the ucd-snmp snmpd agent.
#
###############################################################################
#
# This file is intended to only be as a starting point. Many more
# configuration directives exist than are mentioned in this file. For
# full details, see the snmpd.conf(5) manual page.
#
# All lines beginning with a ‘#’ are comments and are intended for you
# to read. All other lines are configuration commands for the agent.

###############################################################################
# Access Control
###############################################################################

# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes. Examples are shown below about how to increase the
# level of access.

# By far, the most common question I get about the agent is “why won’t
# it work?”, when really it should be “how do I configure the agent to
# allow me to access it?”
#
# By default, the agent responds to the “public” community for read
# only access, if run out of the box without any configuration file in
# place. The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access to the mib tree as well.
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

####
# First, map the community name “public” into a “security name”

# sec.name source community
com2sec notConfigUser default public

####
# Second, map the security name into a group name:

# groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser

####
# Third, create a view for us to let the group have rights to:

# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
####
# Finally, grant the group read-only access to the systemview view.

# group context sec.model sec.level prefix read write notif
access notConfigGroup “” any noauth exact systemview none none

# —————————————————————————–

# Here is a commented out example configuration that allows less
# restrictive access.

# YOU SHOULD CHANGE THE “COMMUNITY” TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

## sec.name source community
#com2sec local localhost COMMUNITY
#com2sec mynetwork NETWORK/24 COMMUNITY

## group.name sec.model sec.name
#group MyRWGroup any local
#group MyROGroup any mynetwork
#
#group MyRWGroup any otherv3user
#…

## incl/excl subtree mask
#view all included .1 80

## -or just the mib2 tree-

#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc

## context sec.model sec.level prefix read write notif
#access MyROGroup “” any noauth 0 all none none
#access MyRWGroup “” any noauth 0 all all all

###############################################################################
# Sample configuration to make net-snmpd RFC 1213.
# Unfortunately v1 and v2c don’t allow any user based authentification, so
# opening up the default config is not an option from a security point.
#
# WARNING: If you uncomment the following lines you allow write access to your
# snmpd daemon from any source! To avoid this use different names for your
# community or split out the write access to a different community and
# restrict it to your local network.
# Also remember to comment the syslocation and syscontact parameters later as
# otherwise they are still read only (see FAQ for net-snmp).
#

# First, map the community name “public” into a “security name”
# sec.name source community
#com2sec notConfigUser default public

# Second, map the security name into a group name:
# groupName securityModel securityName
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser

# Third, create a view for us to let the group have rights to:
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
# name incl/excl subtree mask(optional)
#view roview included .1
#view rwview included system.sysContact
#view rwview included system.sysName
#view rwview included system.sysLocation
#view rwview included interfaces.ifTable.ifEntry.ifAdminStatus
#view rwview included at.atTable.atEntry.atPhysAddress
#view rwview included at.atTable.atEntry.atNetAddress
#view rwview included ip.ipForwarding
#view rwview included ip.ipDefaultTTL
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
#view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState
#view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
#view rwview included snmp.snmpEnableAuthenTraps

# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
#access notConfigGroup “” any noauth exact roview rwview none

###############################################################################
# System contact information
#

# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file:

syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root (configure /etc/snmp/snmp.local.conf)

# Example output of snmpwalk:
# % snmpwalk -v 1 localhost -c public system
# system.sysDescr.0 = “SunOS name sun4c”
# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
# system.sysContact.0 = “Me “
# system.sysName.0 = “name”
# system.sysLocation.0 = “Right here, right now.”
# system.sysServices.0 = 72

###############################################################################
# Logging
#

# We do not want annoying “Connection from UDP: ” messages in syslog.
# If the following option is commented out, snmpd will print each incoming
# connection, which can be useful for debugging.

dontLogTCPWrappersConnects yes

# —————————————————————————–

###############################################################################
# Process checks.
#
# The following are examples of how to use the agent to check for
# processes running on the host. The syntax looks something like:
#
# proc NAME [MAX=0] [MIN=0]#
# NAME: the name of the process to check for. It must match
# exactly (ie, http will not find httpd processes).
# MAX: the maximum number allowed to be running. Defaults to 0.
# MIN: the minimum number to be running. Defaults to 0.

#
# Examples (commented out by default):
#

# Make sure mountd is running
#proc mountd

# Make sure there are no more than 4 ntalkds running, but 0 is ok too.
#proc ntalkd 4

# Make sure at least one sendmail, but less than or equal to 10 are running.
#proc sendmail 10 1

# A snmpwalk of the process mib tree would look something like this:
#
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
# enterprises.ucdavis.procTable.prEntry.prNames.1 = “mountd”
# enterprises.ucdavis.procTable.prEntry.prNames.2 = “ntalkd”
# enterprises.ucdavis.procTable.prEntry.prNames.3 = “sendmail”
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = “No mountd process running.”
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = “”
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = “”
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
#
# Note that the errorFlag for mountd is set to 1 because one is not
# running (in this case an rpc.mountd is, but thats not good enough),
# and the ErrMessage tells you what’s wrong. The configuration
# imposed in the snmpd.conf file is also shown.
#
# Special Case: When the min and max numbers are both 0, it assumes
# you want a max of infinity and a min of 1.
#

# —————————————————————————–

###############################################################################
# Executables/scripts
#

#
# You can also have programs run by the agent that return a single
# line of output and an exit code. Here are two examples.
#
# exec NAME PROGRAM [ARGS …]#
# NAME: A generic name. The name must be unique for each exec statement.
# PROGRAM: The program to run. Include the path!
# ARGS: optional arguments to be passed to the program

# a simple hello world

#exec echotest /bin/echo hello world

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note: this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do. Uncomment to use it.
#
#exec shelltest /bin/sh /tmp/shtest

# Then,
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
# enterprises.ucdavis.extTable.extEntry.extNames.1 = “echotest”
# enterprises.ucdavis.extTable.extEntry.extNames.2 = “shelltest”
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = “/bin/echo hello world”
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = “/bin/sh /tmp/shtest”
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = “hello world.”
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = “hello world.”
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0

# Note that the second line of the /tmp/shtest shell script is cut
# off. Also note that the exit status of 35 was returned.

# —————————————————————————–

###############################################################################
# disk checks
#

# The agent can check the amount of available disk space, and make
# sure it is above a set limit.

# disk PATH [MIN=100000]#
# PATH: mount path to the disk in question.
# MIN: Disks with space below this value will have the Mib’s errorFlag set.
# Default value = 100000.

# Check the / partition and make sure it contains at least 10 megs.

#disk / 10000

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = “/” Hex: 2F
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = “/dev/dsk/c201d6s0”
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = “”

# —————————————————————————–

###############################################################################
# load average checks
#

# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]#
# 1MAX: If the 1 minute load average is above this limit at query
# time, the errorFlag will be set.
# 5MAX: Similar, but for 5 min average.
# 15MAX: Similar, but for 15 min average.

# Check for loads:
#load 12 14 14

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = “Load-1”
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = “Load-5”
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = “Load-15”
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = “0.49” Hex: 30 2E 34 39
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = “0.31” Hex: 30 2E 33 31
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = “0.26” Hex: 30 2E 32 36
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = “12.00”
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = “14.00”
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = “14.00”
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = “”
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = “”
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = “”

# —————————————————————————–

###############################################################################
# Extensible sections.
#

# This alleviates the multiple line output problem found in the
# previous executable mib by placing each mib in its own mib table:

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note: this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do. Uncomment to use it.
#
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
# enterprises.ucdavis.50.1.1 = 1
# enterprises.ucdavis.50.2.1 = “shelltest”
# enterprises.ucdavis.50.3.1 = “/bin/sh /tmp/shtest”
# enterprises.ucdavis.50.100.1 = 35
# enterprises.ucdavis.50.101.1 = “hello world.”
# enterprises.ucdavis.50.101.2 = “hi there.”
# enterprises.ucdavis.50.102.1 = 0

# Now the Output has grown to two lines, and we can see the ‘hi
# there.’ output as the second line from our shell script.
#
# Note that you must alter the mib.txt file to be correct if you want
# the .50.* outputs above to change to reasonable text descriptions.

# Other ideas:
#
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq

# —————————————————————————–

###############################################################################
# Pass through control.
#

# Usage:
# pass MIBOID EXEC-COMMAND
#
# This will pass total control of the mib underneath the MIBOID
# portion of the mib to the EXEC-COMMAND.
#
# Note: You’ll have to change the path of the passtest script to your
# source directory or install it in the given location.
#
# Example: (see the script for details)
# (commented out here since it requires that you place the
# script in the right location. (its not installed by default))

# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
# enterprises.ucdavis.255.1 = “life the universe and everything”
# enterprises.ucdavis.255.2.1 = 42
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
# enterprises.ucdavis.255.5 = 42
# enterprises.ucdavis.255.6 = Gauge: 42
#
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
# enterprises.ucdavis.255.5 = 42
#
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s “New string”
# enterprises.ucdavis.255.1 = “New string”
#

# For specific usage information, see the man/snmpd.conf.5 manual page
# as well as the local/passtest script used in the above example.

###############################################################################
# Further Information
#
# See the snmpd.conf manual page, and the output of “snmpd -H”.


Play Cover Track Title
Track Authors