SNMP(简单网络管理协议)是用于网络管理的协议。
如何在Debian或Ubuntu Linux下安装SNMP服务器以配置各种监视服务？

NET-SNMP项目提供各种SNMP工具：可扩展代理，SNMP库，用于从SNMP代理请求或设置信息的工具，用于生成和处理SNMP陷阱的工具，使用SNMP的netstat命令版本以及Tk/Perl mib浏览器。

snmpd软件包包含snmpd和snmptrapd守护程序，文档等。

安装snmpd

以超级用户身份执行以下命令，输入：

# apt-get update && apt-get install snmpd

Snmpd配置文件

出于安全原因，snmpd的默认配置相当偏执。
编辑/etc/snmp/snmpd.conf或运行snmpconf以允许更大的访问。
您可以通过编辑/etc/default/snmpd来单独控制snmpd和snmpdtrap是否运行。

配置SNMPD

编辑/etc/snmp/snmpd.conf，输入：

# vi /etc/snmp/snmpd.conf

编辑或更新文件，如下所示：

smuxsocket 127.0.0.1
rocommunity setMeHere
com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included  .1                               80
access MyRWGroup ""      any       noauth    exact  all    all    none

com2sec notConfigUser  default       mrtg
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1
view    systemview    included  .1                               80
access  notConfigGroup ""      any       noauth    exact  systemview none none

syslocation Mumbai, IN (VSNL LB3)
syscontact Hyman Gite <[email protected]>

有关详细信息，请参见snmpd.conf(5)手册页。
编辑/etc/default/snmpd，输入：

# /etc/default/snmpd

如下更新：

# This file controls the activity of snmpd and snmptrapd
 
# MIB directories.  /usr/share/snmp/mibs is the default, but
# including it here avoids some strange problems.
export MIBDIRS=/usr/share/snmp/mibs
 
# snmpd control (yes means start daemon).
SNMPDRUN=yes
 
# snmpd options (use syslog, close stdin/out/err).
# replace 204.x.y.z with your public IP 
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1 204.x.y.z'
 
# snmptrapd control (yes means start daemon).  As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run.  See snmpd.conf(5) for how to do this.
TRAPDRUN=no
 
# snmptrapd options (use syslog).
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
 
# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT=yes

重新启动Snmpd服务

执行以下命令：

# /etc/init.d/snmpd restart

输出示例：

Restarting network management services: snmpd.

防火墙配置

这是示例防火墙配置文件：

#!/bin/sh
 
# set shell vars
PUB_IF="eth0"
SNMPD_CLIENT="85.x.y.z"
SNMPD_SERVER="203.a.b.c"
 
IPT="/sbin/iptables"
LO_IF="lo0"
 
# DROP and close everything all incoming traffic
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
 
# Allow Full Outgoing connection but no incoming stuff by default
$IPT -A INPUT -i ${PUB_IF} -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o ${PUB_IF} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
 
# Unlimited lo access
$IPT -A INPUT -i ${LO_IF} -j ACCEPT
$IPT -A OUTPUT -o ${LO_IF} -j ACCEPT
 
 
### Open port 161 ###
$IPT -A INPUT -i ${PUB_IF} -s ${SNMPD_CLIENT} -d ${SNMPD_SERVER} -p udp --dport 161 -j ACCEPT
 
### rest of iptables goes here ###

测试

在本地或远程系统中，执行以下命令：

# snmpwalk -v 1 -c mrtg 204.x.y.z IP-MIB::ipAdEntIfIndex

输出示例：

IP-MIB::ipAdEntIfIndex.10.20.110.2 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.204.xx.yy.zz = INTEGER: 3