mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-28 23:20:10 +08:00
joeren
commit
f8b59e98a3
@ -1,14 +1,16 @@
|
||||
8 Options to Trace/Debug Programs using Linux strace Command
|
||||
使用 Linux 的 strace 命令跟踪/调试程序的常用选项
|
||||
================================================================================
|
||||
|
||||
在调试的时候,strace能帮助你追踪到一个程序所执行的系统调用。当你想知道程序和操作系统如何交互的时候,这是极其方便的,比如你想知道执行了哪些系统调用,并且以何种顺序执行。
|
||||
|
||||
这个简单而又强大的工具几乎在所有的Linux操作系统上可用,并且可被用来调试大量的程序。
|
||||
|
||||
### 1. 命令用法 ###
|
||||
### 命令用法 ###
|
||||
|
||||
让我们看看strace命令如何追踪一个程序的执行情况。
|
||||
|
||||
最简单的形式,strace后面可以跟任何命令。它将列出许许多多的系统调用。一开始,我们并不能理解所有的输出,但是如果你正在寻找一些特殊的东西,那么你应该能从输出中发现它。
|
||||
|
||||
让我们来看看简单命令ls的系统调用跟踪情况。
|
||||
|
||||
raghu@raghu-Linoxide ~ $ strace ls
|
||||
@ -20,21 +22,22 @@
|
||||
|
||||
|
||||
上面的输出部分展示了write系统调用,它把当前目录的列表输出到标准输出。
|
||||
|
||||
下面的图片展示了使用ls命令列出的目录内容(没有使用strace)。
|
||||
|
||||
raghu@raghu-Linoxide ~ $ ls
|
||||
|
||||
|
||||
|
||||
#### 1.1 寻找被程序读取的配置文件 ####
|
||||
#### 选项1 寻找被程序读取的配置文件 ####
|
||||
|
||||
一个有用的跟踪(除了调试某些问题以外)是你能找到被一个程序读取的配置文件。例如,
|
||||
Strace 的用法之一(除了调试某些问题以外)是你能找到被一个程序读取的配置文件。例如,
|
||||
|
||||
raghu@raghu-Linoxide ~ $ strace php 2>&1 | grep php.ini
|
||||
|
||||
|
||||
|
||||
#### 1.2 跟踪指定的系统调用 ####
|
||||
#### 选项2 跟踪指定的系统调用 ####
|
||||
|
||||
strace命令的-e选项仅仅被用来展示特定的系统调用(例如,open,write等等)
|
||||
|
||||
@ -44,7 +47,7 @@ strace命令的-e选项仅仅被用来展示特定的系统调用(例如,ope
|
||||
|
||||
|
||||
|
||||
#### 1.3 用于进程 ####
|
||||
#### 选项3 跟踪进程 ####
|
||||
|
||||
strace不但能用在命令上,而且通过使用-p选项能用在运行的进程上。
|
||||
|
||||
@ -52,15 +55,15 @@ strace不但能用在命令上,而且通过使用-p选项能用在运行的进
|
||||
|
||||
|
||||
|
||||
#### 1.4 strace的统计概要 ####
|
||||
#### 选项4 strace的统计概要 ####
|
||||
|
||||
包括系统调用的概要,执行时间,错误等等。使用-c选项能够以一种整洁的方式展示:
|
||||
它包括系统调用的概要,执行时间,错误等等。使用-c选项能够以一种整洁的方式展示:
|
||||
|
||||
raghu@raghu-Linoxide ~ $ strace -c ls
|
||||
|
||||
|
||||
|
||||
#### 1.5 保存输出结果 ####
|
||||
#### 选项5 保存输出结果 ####
|
||||
|
||||
通过使用-o选项可以把strace命令的输出结果保存到一个文件中。
|
||||
|
||||
@ -70,7 +73,7 @@ strace不但能用在命令上,而且通过使用-p选项能用在运行的进
|
||||
|
||||
之所以以sudo来运行上面的命令,是为了防止用户ID与所查看进程的所有者ID不匹配的情况。
|
||||
|
||||
### 1.6 显示时间戳 ###
|
||||
### 选项6 显示时间戳 ###
|
||||
|
||||
使用-t选项,可以在每行的输出之前添加时间戳。
|
||||
|
||||
@ -78,7 +81,7 @@ strace不但能用在命令上,而且通过使用-p选项能用在运行的进
|
||||
|
||||
|
||||
|
||||
#### 1.7 更好的时间戳 ####
|
||||
#### 选项7 更精细的时间戳 ####
|
||||
|
||||
-tt选项可以展示微秒级别的时间戳。
|
||||
|
||||
@ -92,7 +95,7 @@ strace不但能用在命令上,而且通过使用-p选项能用在运行的进
|
||||
|
||||
|
||||
|
||||
#### 1.8 Relative Time ####
|
||||
#### 选项8 相对时间 ####
|
||||
|
||||
-r选项展示系统调用之间的相对时间戳。
|
||||
|
||||
@ -106,7 +109,7 @@ via: http://linoxide.com/linux-command/linux-strace-command-examples/
|
||||
|
||||
作者:[Raghu][a]
|
||||
译者:[guodongxiaren](https://github.com/guodongxiaren)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
校对:[wxy](https://github.com/wxy)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
@ -1,100 +0,0 @@
|
||||
Translating by SPccman
|
||||
How to configure SNMPv3 on ubuntu 14.04 server
|
||||
================================================================================
|
||||
Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP networks". Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.[2]
|
||||
|
||||
SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.
|
||||
|
||||
### Why you want to use SNMPv3 ###
|
||||
|
||||
Although SNMPv3 makes no changes to the protocol aside from the addition of cryptographic security, it looks much different due to new textual conventions, concepts, and terminology.
|
||||
|
||||
SNMPv3 primarily added security and remote configuration enhancements to SNMP.
|
||||
|
||||
Security has been the biggest weakness of SNMP since the beginning. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent.[1] Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used.
|
||||
|
||||
SNMPv3 provides important security features:
|
||||
|
||||
Confidentiality -- Encryption of packets to prevent snooping by an unauthorized source.
|
||||
|
||||
Integrity -- Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism.
|
||||
|
||||
Authentication -- to verify that the message is from a valid source.
|
||||
|
||||
### Install SNMP server and client in ubuntu ###
|
||||
|
||||
Open the terminal and run the following command
|
||||
|
||||
sudo apt-get install snmpd snmp
|
||||
|
||||
After installation you need to do the following changes.
|
||||
|
||||
### Configuring SNMPv3 in Ubuntu ###
|
||||
|
||||
Get access to the daemon from the outside.
|
||||
|
||||
The default installation only provides access to the daemon for localhost. In order to get access from the outside open the file /etc/default/snmpd in your favorite editor
|
||||
|
||||
sudo vi /etc/default/snmpd
|
||||
|
||||
Change the following line
|
||||
|
||||
From
|
||||
|
||||
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /var/run/snmpd.pid'
|
||||
|
||||
to
|
||||
|
||||
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
|
||||
|
||||
and restart snmpd
|
||||
|
||||
sudo /etc/init.d/snmpd restart
|
||||
|
||||
### Define SNMPv3 users, authentication and encryption parameters ###
|
||||
|
||||
SNMPv3 can be used in a number of ways depending on the “securityLevel” configuration parameter:
|
||||
|
||||
noAuthNoPriv -- No authorisation and no encryption, basically no security at all!
|
||||
authNoPriv -- Authorisation is required but collected data sent over the network is not encrypted.
|
||||
authPriv -- The strongest form. Authorisation required and everything sent over the network is encrypted.
|
||||
|
||||
The snmpd configuration settings are all saved in a file called /etc/snmp/snmpd.conf. Open this file in your editor as in:
|
||||
|
||||
sudo vi /etc/snmp/snmpd.conf
|
||||
|
||||
Add the following lines to the end of the file:
|
||||
|
||||
#
|
||||
createUser user1
|
||||
createUser user2 MD5 user2password
|
||||
createUser user3 MD5 user3password DES user3encryption
|
||||
#
|
||||
rouser user1 noauth 1.3.6.1.2.1.1
|
||||
rouser user2 auth 1.3.6.1.2.1
|
||||
rwuser user3 priv 1.3.6.1.2.1
|
||||
|
||||
Note:- If you want to use your own username/password combinations you need to note that the password and encryption phrases should have a length of at least 8 characters
|
||||
|
||||
Also you need to do the following change so that snmp can listen for connections on all interfaces
|
||||
|
||||
From
|
||||
|
||||
#agentAddress udp:161,udp6:[::1]:161
|
||||
|
||||
to
|
||||
|
||||
agentAddress udp:161,udp6:[::1]:161
|
||||
|
||||
Save your modified snmpd.conf file and restart the daemon with:
|
||||
|
||||
sudo /etc/init.d/snmpd restart
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.ubuntugeek.com/how-to-configure-snmpv3-on-ubuntu-14-04-server.html
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
@ -1,3 +1,5 @@
|
||||
[felixonmars translating...]
|
||||
|
||||
How to create a cloud-based encrypted file system on Linux
|
||||
================================================================================
|
||||
Commercial cloud storage services such as [Amazon S3][1] and [Google Cloud Storage][2] offer highly available, scalable, infinite-capacity object store at affordable costs. To accelerate wide adoption of their cloud offerings, these providers are fostering rich developer ecosystems around their products based on well-defined APIs and SDKs. Cloud-backed file systems are one popular by-product of such active developer communities, for which several open-source implementations exist.
|
||||
@ -153,4 +155,4 @@ via: http://xmodulo.com/2014/09/create-cloud-based-encrypted-file-system-linux.h
|
||||
[4]:http://aws.amazon.com/
|
||||
[5]:http://ask.xmodulo.com/create-amazon-aws-access-key.html
|
||||
[6]:https://aur.archlinux.org/packages/s3ql/
|
||||
[7]:http://www.rath.org/s3ql-docs/
|
||||
[7]:http://www.rath.org/s3ql-docs/
|
||||
|
||||
@ -0,0 +1,94 @@
|
||||
How to Boot Linux ISO Images Directly From Your Hard Drive
|
||||
================================================================================
|
||||
|
||||
|
||||
Linux’s GRUB2 boot loader can boot Linux ISO files directly from your hard drive. Boot Linux live CDs or even install Linux on another hard drive partition without burning it to disc or booting from a USB drive.
|
||||
|
||||
We performed this process on Ubuntu 14.04 — Ubuntu and Ubuntu-based Linux distributions have good support for this. [Other Linux distributions][1] should work similarly.
|
||||
|
||||
### Get a Linux ISO File ###
|
||||
|
||||
This trick requires you have a Linux system installed on your hard drive. Your computer must be using [the GRUB2 boot loader][2], which is a standard boot loader on most Linux systems. Sorry, you can’t boot a Linux ISO file directly from a Windows system using the Windows boot loader.
|
||||
|
||||
Download the ISO files you want to use and store them on your Linux partition. GRUB2 should support most Linux systems. if you want to use them in a live environment without installing them to your hard drive, be sure to download the “[live CD][3]” versions of each Linux ISO. Many Linux-based bootable utility discs should also work.
|
||||
|
||||
### Check the Contents of the ISO File ###
|
||||
|
||||
You may need to look inside the ISO file to determine exactly where specific files are. For example, you can do this by opening the ISO file with the Archive Manager/File Roller graphical application that comes with Ubuntu and other GNOME-based desktop environments. In the Nautilus file manager, right-click the ISO file and select Open with Archive Manager.
|
||||
|
||||
Locate the kernel file and the initrd image. If you’re using a Ubuntu ISO file, you’ll find these files inside the casper folder — the vmlinuz file is the Linux kernel and the initrd file is the initrd image. You’ll need to know their location inside the ISO file later.
|
||||
|
||||
|
||||
|
||||
### Determine the Hard Drive Partition’s Path ###
|
||||
|
||||
GRUB uses a different “device name” scheme than Linux does. On a Linux system, /dev/sda0 is the first partition on the first hard disk — **a** means the first hard disk and **0** means its first partition. In GRUB, (hd0,1) is equivalent to /dev/sda0. The **0** means the first hard disk, while the **1** means the first partition on it. In other words, in a GRUB device name, the disk numbers start counting at 0 and the partition num6ers start counting at 1 — yes, it’s unnecessarily confusing. For example, (hd3,6) refers to the sixth partition on the fourth hard disk.
|
||||
|
||||
You can use the **fdisk -l** command to view this information. On Ubuntu, open a Terminal and run the following command:
|
||||
|
||||
sudo fdisk -l
|
||||
|
||||
You’ll see a list of Linux device paths, which you can convert to GRUB device names on your own. For example, below we can see the system partition is /dev/sda1 — so that’s (hd0,1) for GRUB.
|
||||
|
||||
|
||||
|
||||
### Create the GRUB2 Boot Entry ###
|
||||
|
||||
The easiest way to add a custom boot entry is to edit the /etc/grub.d/40_custom script. This file is designed for user-added custom boot entries. After editing the file, the contents of your /etc/defaults/grub file and the /etc/grub.d/ scripts will be combined to create a /boot/grub/grub.cfg file — you shouldn’t edit this file by hand. It’s designed to be automatically generated from settings you specify in other files.
|
||||
|
||||
You’ll need to open the /etc/grub.d/40_custom file for editing with root privileges. On Ubuntu, you can do this by opening a Terminal window and running the following command:
|
||||
|
||||
sudo gedit /etc/grub.d/40_custom
|
||||
|
||||
Feel free to open the file in your favorite text editor. For example, you could replace “gedit” with “nano” in the command to open the file in [the Nano text editor][4].
|
||||
|
||||
Unless you’ve added other custom boot entries, you should see a mostly empty file. You’ll need to add one or more ISO-booting sections to the file below the [commented][5] lines.
|
||||
|
||||
|
||||
|
||||
Here’s how you can boot an Ubuntu or Ubuntu-based distribution from an ISO file. We tested this with Ubuntu 14.04:
|
||||
|
||||
menuentry “Ubuntu 14.04 ISO” {
|
||||
set isofile=”/home/name/Downloads/ubuntu-14.04.1-desktop-amd64.iso”
|
||||
loopback loop (hd0,1)$isofile
|
||||
linux (loop)/casper/vmlinuz.efi boot=casper iso-scan/filename=${isofile} quiet splash
|
||||
initrd (loop)/casper/initrd.lz
|
||||
}
|
||||
|
||||
Customize the boot entry to contain your desiredmenu entry name, the correct path to the ISO file on your computer, and the device name of the hard disk and partition containing the ISO file. If the vmlinuz and initrd files have different names or paths, be sure to specify the correct path to those files, too.
|
||||
|
||||
(If you have a separate /home/ partition, omit the /home bit, like so: **set isofile=”/name/Downloads/${isoname}”**).
|
||||
|
||||
**Important Note**: Different Linux distributions require different boot entries with different boot options. The GRUB Live ISO Multiboot project offers a variety of [menu entries for different Linux distributions][6]. You should be able to adapt these example menu entries for the ISO file you want to boot. You can also just perform a web search for the name and release number of the Linux distribution you want to boot along with “boot from ISO in GRUB” to find more information.
|
||||
|
||||
|
||||
|
||||
If you want to add more ISO boot options, add additional sections to the file.
|
||||
|
||||
Save the file when you’re done. Return to a Terminal window and run the following command:
|
||||
|
||||
sudo update-grub
|
||||
|
||||
|
||||
|
||||
The next time you boot your computer, you’ll see the ISO boot entry and you can choose it to boot the ISO file. You may have to hold Shift while booting to see the GRUB menu.
|
||||
|
||||
If you see an error message or a black screen when you attempt to boot the ISO file, you misconfigured the boot entry somehow. Even if you got the ISO file path and device name right, the paths to the vmlinuz and intird files on the ISO file may not be correct or the Linux system you’re booting may require different options.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.howtogeek.com/196933/how-to-boot-linux-iso-images-directly-from-your-hard-drive/
|
||||
|
||||
作者:[Chris Hoffman][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://www.howtogeek.com/author/chrishoffman/
|
||||
[1]:http://www.howtogeek.com/191207/10-of-the-most-popular-linux-distributions-compared/
|
||||
[2]:http://www.howtogeek.com/196655/how-to-configure-the-grub2-boot-loaders-settings/
|
||||
[3]:http://www.howtogeek.com/172810/take-a-secure-desktop-everywhere-everything-you-need-to-know-about-linux-live-cds-and-usb-drives/
|
||||
[4]:http://www.howtogeek.com/howto/42980/the-beginners-guide-to-nano-the-linux-command-line-text-editor/
|
||||
[5]:http://www.howtogeek.com/118389/how-to-comment-out-and-uncomment-lines-in-a-configuration-file/
|
||||
[6]:http://git.marmotte.net/git/glim/tree/grub2
|
||||
@ -0,0 +1,65 @@
|
||||
检查你的系统系统是否有“Shellshock”漏洞并修复它
|
||||
================================================================================
|
||||
|
||||
|
||||
快速地向你展示**如何检查你的系统是否受到Shellshock的影响**如果有,**怎样修复你的系统免于被Bash漏洞利用**。
|
||||
|
||||
如果你正跟踪新闻,你可能已经听说过在[Bash][1]中发现了一个漏洞,这被称为**Bash Bug**或者** Shellshock**。 [红帽][2]是第一个发现这个漏洞的机构。Shellshock错误允许攻击者注入自己的代码,从而使系统开放各给种恶意软件和远程攻击。事实上,[黑客已经利用它来启动DDoS攻击][3]。
|
||||
|
||||
由于Bash在所有的类Unix系统中都有,如果这些都运行bash的特定版本,它会让所有的Linux系统都容易受到这种Shellshock错误的影响。
|
||||
|
||||
想知道如果你的Linux系统是否已经受到Shellshock影响?有一个简单的方法来检查它,这就是我们要看到的。
|
||||
|
||||
### 检查Linux系统的Shellshock漏洞 ###
|
||||
|
||||
打开一个终端,在它运行以下命令:
|
||||
|
||||
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
|
||||
|
||||
如果你的系统没有漏洞,你会看到这样的输出:
|
||||
|
||||
bash: warning: x: ignoring function definition attempt
|
||||
bash: error importing function definition for `x’
|
||||
hello
|
||||
|
||||
如果你的系统有Shellshock漏洞,你会看到一个像这样的输出:
|
||||
|
||||
vulnerable
|
||||
hello
|
||||
|
||||
我尝试在我的Ubuntu14.10上运行,我得到了这个:
|
||||
|
||||
|
||||
|
||||
您还可以通过使用下面的命令查看bash的版本:
|
||||
|
||||
bash --version
|
||||
|
||||
如果bash的版本是3.2.51(1),你就应该更新了。
|
||||
|
||||
#### 为有Shellshock漏洞的Linux系统打补丁 ####
|
||||
|
||||
如果你运行的是基于Debian的Linux操作系统,如Ubuntu、Linux Mint的等,请使用以下命令升级Bash:
|
||||
|
||||
sudo apt-get update && sudo apt-get install --only-upgrade bash
|
||||
|
||||
对于如Fedora,Red Hat,Cent OS等操作系统,请使用以下命令
|
||||
|
||||
yum -y update bash
|
||||
|
||||
我希望这个小技巧可以帮助你,看看你是否受到Shellshock漏洞的影响并解决它。有任何问题和建议,欢迎来提。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://itsfoss.com/linux-shellshock-check-fix/
|
||||
|
||||
作者:[Abhishek][a]
|
||||
译者:[geekpi](https://github.com/geekpi)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://itsfoss.com/author/Abhishek/
|
||||
[1]:http://en.wikipedia.org/wiki/Bash_(Unix_shell)
|
||||
[2]:https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
|
||||
[3]:http://www.wired.com/2014/09/hackers-already-using-shellshock-bug-create-botnets-ddos-attacks/
|
||||
@ -0,0 +1,97 @@
|
||||
在ubuntu14.04上配置SNMPv3
|
||||
============================================
|
||||
简单网络管理协议(SNMP)是用于IP网络设备管理的标准协议。典型的支持SNMP协议的设备有路由器、交换机、服务器、工作站、打印机及数据机柜等等。SNMP一般被网络管理系统用于监视网络附加设备,令行政注意(译者注:这个不太明白...按字面意思翻了,麻烦校对更正)。SNMP是因特网协议套件中的一个组成部分,它由IETF机构定义。它包含一系列的网络管理标准,其中有一个应用层协议,一个数据库架构以及一组数据对象。[2]
|
||||
|
||||
SNMP将管理数据以变量的形式暴露出来,这些变量描述了系统配置。同时这些变量可以被管理应用查询(或者被设置)。
|
||||
|
||||
### 为什么需要使用SNMPv3 ###
|
||||
|
||||
尽管SNMPv3所增加的加密功能并不影响协议层面,但是新的文本惯例、概念及术语使得它看起来很不一样。
|
||||
|
||||
SNMPv3在SNMP的基础之上增强了安全性以及远程配置功能。
|
||||
|
||||
最初,SNMP最大的缺点就是安全性弱。SNMP的第一与第二个版本中,身份验证仅仅是在管理员与代理间传送一个明文的密码而已。[1]目前每一个SNMPv3的信息都包含了被编码成8进制的安全参数。这些安全参数的具体意义由所选用的安全模型决定。
|
||||
|
||||
SNMPv3提供了重要的安全特征:
|
||||
|
||||
保密性 -- 加密数据包以防止未经授权的源监听。
|
||||
|
||||
完整性 -- 数据完整性特性确保数据在传输的时候没有被干扰,并且包含了课选的数据响应保护机制。
|
||||
|
||||
身份验证 -- 检查数据是否来自一个合法的源
|
||||
|
||||
### 在ubuntu中安装SNMP服务器及客户端 ###
|
||||
|
||||
打开终端运行下列命令
|
||||
|
||||
sudo apt-get install snmpd snmp
|
||||
|
||||
安装完成后需要做如下改变。
|
||||
|
||||
###配置SNMPv3###
|
||||
|
||||
获得守护进程的权限
|
||||
|
||||
默认的安装仅提供本地的访问权限,如果想要获得外部访问权限的话编辑文件 /etc/default/snmpd。
|
||||
|
||||
sudo vi /etc/default/snmpd
|
||||
|
||||
改变下列内容
|
||||
|
||||
将
|
||||
|
||||
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /var/run/snmpd.pid'
|
||||
|
||||
改为
|
||||
|
||||
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
|
||||
|
||||
最后重启 snmpd
|
||||
|
||||
sudo /etc/init.d/snmpd restart
|
||||
|
||||
###定义 SNMPv3 用户,身份验证以及加密参数 ###
|
||||
|
||||
“securityLevel”参数使得SNMPv3有多种不同的用途。
|
||||
|
||||
noAuthNoPriv -- 没有授权,加密以及任何安全保护!authNoPriv -- 需要身份认证,但是不对数据进行加密。 autoPriv -- 最健壮的模式。需要身份认证以及数据会被加密。
|
||||
|
||||
snmpd 的配置以及设置都保存在文件 /etc/snmp/snmpd.conf。使用编辑器编辑文件:
|
||||
|
||||
sudo vi /etc/snmp/snmpd.conf
|
||||
|
||||
在文件末尾添加以下内容:
|
||||
|
||||
#
|
||||
createUser user1
|
||||
createUser user2 MD5 user2password
|
||||
createUser user3 MD5 user3password DES user3encryption
|
||||
#
|
||||
rouser user1 noauth 1.3.6.1.2.1.1
|
||||
rouser user2 auth 1.3.6.1.2.1
|
||||
rwuser user3 priv 1.3.6.1.2.1
|
||||
|
||||
注:如果你需要使用自己的用户名/密码对的话,请注意密码及加密短语的最小长度是8个字符。
|
||||
|
||||
同时,你需要做如下的配置以便snmp可以监听来自任何接口的连接请求。
|
||||
|
||||
将
|
||||
|
||||
#agentAddress udp:161,udp6:[::1]:161
|
||||
|
||||
改为
|
||||
|
||||
agentAddress udp:161,udp6:[::1]:161
|
||||
|
||||
保存改变后的snmpd.conf文件并且重启守护进程:
|
||||
|
||||
sudo /etc/init.d/snmpd restart
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.ubuntugeek.com/how-to-configure-snmpv3-on-ubuntu-14-04-server.html
|
||||
|
||||
译者:[SPccman](https://github.com/SPccman)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
Loading…
Reference in New Issue
Block a user