Merge pull request #1758 from SPccman/master

How to configure SNMPv3 on ubuntu 14.04 server

sources/tech/20140826 How to configure SNMPv3 on ubuntu 14.04 server.md

@@ -1,100 +0,0 @@
-Translating by SPccman
-How to configure SNMPv3 on ubuntu 14.04 server
-================================================================================
-Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP networks". Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.[2]
-
-SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.
-
-### Why you want to use SNMPv3 ###
-
-Although SNMPv3 makes no changes to the protocol aside from the addition of cryptographic security, it looks much different due to new textual conventions, concepts, and terminology.
-
-SNMPv3 primarily added security and remote configuration enhancements to SNMP.
-
-Security has been the biggest weakness of SNMP since the beginning. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent.[1] Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used.
-
-SNMPv3 provides important security features:
-
-Confidentiality -- Encryption of packets to prevent snooping by an unauthorized source.
-
-Integrity -- Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism.
-
-Authentication -- to verify that the message is from a valid source.
-
-### Install SNMP server and client in ubuntu ###
-
-Open the terminal and run the following command
-
-    sudo apt-get install snmpd snmp
-
-After installation you need to do the following changes.
-
-### Configuring SNMPv3 in Ubuntu ###
-
-Get access to the daemon from the outside.
-
-The default installation only provides access to the daemon for localhost. In order to get access from the outside open the file /etc/default/snmpd in your favorite editor 
-
-    sudo vi /etc/default/snmpd
-
-Change the following line
-
-From
-
-    SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /var/run/snmpd.pid'
-
-to
-
-    SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
-
-and restart snmpd
-
-    sudo /etc/init.d/snmpd restart
-
-### Define SNMPv3 users, authentication and encryption parameters ###
-
-SNMPv3 can be used in a number of ways depending on the “securityLevel” configuration parameter:
-
-noAuthNoPriv -- No authorisation and no encryption, basically no security at all!
-authNoPriv -- Authorisation is required but collected data sent over the network is not encrypted.
-authPriv -- The strongest form. Authorisation required and everything sent over the network is encrypted.
-
-The snmpd configuration settings are all saved in a file called /etc/snmp/snmpd.conf. Open this file in your editor as in:
-
-    sudo vi /etc/snmp/snmpd.conf
-
-Add the following lines to the end of the file:
-
-    #
-    createUser user1
-    createUser user2 MD5 user2password
-    createUser user3 MD5 user3password DES user3encryption
-    #
-    rouser user1 noauth 1.3.6.1.2.1.1
-    rouser user2 auth 1.3.6.1.2.1
-    rwuser user3 priv 1.3.6.1.2.1
-
-Note:- If you want to use your own username/password combinations you need to note that the password and encryption phrases should have a length of at least 8 characters
-
-Also you need to do the following change so that snmp can listen for connections on all interfaces
-
-From
-
-    #agentAddress udp:161,udp6:[::1]:161
-
-to
-
-    agentAddress udp:161,udp6:[::1]:161
-
-Save your modified snmpd.conf file and restart the daemon with:
-
-    sudo /etc/init.d/snmpd restart
-
---------------------------------------------------------------------------------
-
-via: http://www.ubuntugeek.com/how-to-configure-snmpv3-on-ubuntu-14-04-server.html
-
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出

translated/tech/How to configure SNMPv3 on ubuntu 14.04 server.md

@@ -0,0 +1,97 @@
+在ubuntu14.04上配置SNMPv3
+============================================
+简单网络管理协议（SNMP）是用于IP网络设备管理的标准协议。典型的支持SNMP协议的设备有路由器、交换机、服务器、工作站、打印机及数据机柜等等。SNMP一般被网络管理系统用于监视网络附加设备，令行政注意（译者注：这个不太明白...按字面意思翻了，麻烦校对更正）。SNMP是因特网协议套件中的一个组成部分，它由IETF机构定义。它包含一系列的网络管理标准，其中有一个应用层协议，一个数据库架构以及一组数据对象。[2]
+
+SNMP将管理数据以变量的形式暴露出来，这些变量描述了系统配置。同时这些变量可以被管理应用查询（或者被设置）。
+
+### 为什么需要使用SNMPv3 ###
+
+尽管SNMPv3所增加的加密功能并不影响协议层面，但是新的文本惯例、概念及术语使得它看起来很不一样。
+
+SNMPv3在SNMP的基础之上增强了安全性以及远程配置功能。
+
+最初，SNMP最大的缺点就是安全性弱。SNMP的第一与第二个版本中，身份验证仅仅是在管理员与代理间传送一个明文的密码而已。[1]目前每一个SNMPv3的信息都包含了被编码成8进制的安全参数。这些安全参数的具体意义由所选用的安全模型决定。
+
+SNMPv3提供了重要的安全特征：
+
+保密性 -- 加密数据包以防止未经授权的源监听。
+
+完整性 -- 数据完整性特性确保数据在传输的时候没有被干扰，并且包含了课选的数据响应保护机制。
+
+身份验证 -- 检查数据是否来自一个合法的源
+
+### 在ubuntu中安装SNMP服务器及客户端 ###
+
+打开终端运行下列命令
+
+    sudo apt-get install snmpd snmp
+
+安装完成后需要做如下改变。
+
+###配置SNMPv3###
+
+获得守护进程的权限
+
+默认的安装仅提供本地的访问权限，如果想要获得外部访问权限的话编辑文件 /etc/default/snmpd。
+
+    sudo vi /etc/default/snmpd
+
+改变下列内容
+
+将
+
+    SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /var/run/snmpd.pid'
+
+改为
+    
+    SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
+
+最后重启 snmpd
+
+    sudo /etc/init.d/snmpd restart
+
+###定义 SNMPv3 用户，身份验证以及加密参数 ###
+
+“securityLevel”参数使得SNMPv3有多种不同的用途。
+
+noAuthNoPriv -- 没有授权，加密以及任何安全保护！authNoPriv -- 需要身份认证，但是不对数据进行加密。 autoPriv -- 最健壮的模式。需要身份认证以及数据会被加密。
+
+snmpd 的配置以及设置都保存在文件 /etc/snmp/snmpd.conf。使用编辑器编辑文件：
+
+    sudo vi /etc/snmp/snmpd.conf
+
+在文件末尾添加以下内容：
+
+    #
+    createUser user1
+    createUser user2 MD5 user2password
+    createUser user3 MD5 user3password DES user3encryption
+    #
+    rouser user1 noauth 1.3.6.1.2.1.1
+    rouser user2 auth 1.3.6.1.2.1
+    rwuser user3 priv 1.3.6.1.2.1
+
+注：如果你需要使用自己的用户名/密码对的话，请注意密码及加密短语的最小长度是8个字符。
+
+同时，你需要做如下的配置以便snmp可以监听来自任何接口的连接请求。
+
+将
+
+    #agentAddress udp:161,udp6:[::1]:161
+
+改为
+
+    agentAddress udp:161,udp6:[::1]:161
+
+保存改变后的snmpd.conf文件并且重启守护进程：
+
+    sudo /etc/init.d/snmpd restart
+    
+--------------------------------------------------------------------------------
+
+via: http://www.ubuntugeek.com/how-to-configure-snmpv3-on-ubuntu-14-04-server.html
+
+译者：[SPccman](https://github.com/SPccman)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出