filmov
tv
Quick setup of SNMP v3 DTLS/TLS access in CentOS/RHEL 7 Linux - net-snmp
Показать описание
The video gives basic overview how to setup SNMP v3 access using DTLS/TLS method.
There are used commands:
_____________
Hello,
in CentOS/RHEL 7 we're going to setup SNMP v3 access
using secure TLS/DTLS access method. We will depend
on self-signed certificates.
For simplicity of this demo there is disabled firewalld and SELinux is in permissive mode.
We will use 2 nodes:
1) Where are we?
cat /etc/centos-release
2) On both nodes install net-snmp RPMs
yum -y install net-snmp net-snmp-libs net-snmp-utils \
net-snmp-agent-libs net-snmp-perl net-snmp-devel
3) Generate self-signed certificate on the agent
net-snmp-cert gencert -I -t snmpd \
4) Generate self-signed certificate on the manager
net-snmp-cert gencert -I -t manager-second \
5) Certificates have been generated in the
/etc/snmp/tls subtree
ls -lR /etc/snmp/tls
It is because we used root users on both nodes. If it was ordinary user, certificates would be in ~/.snmp/tls subtree.
8) On both nodes display available certificates
net-snmp-cert showcerts --fingerprint
Fingerprints are the ultimate keys and we will need
them
10) Add following lines. We will have to insert real SHA1 fingerprints as retrieved in step 9
[snmp] localCert {agent certificate}
certSecName 20 {manager certificate} --sn rwadmin
rwuser -s tsm "rwadmin"
11) Ensure the snmpd listens for TLS/DTLS requests.
Open /etc/sysconfig/snmpd
vim /etc/sysconfig/snmpd
12) Add following content
13) Enable snmpd and start it
systemctl enable snmpd
systemctl start snmpd
14) Fetch with following SNMP v3 DTLS request. Again
insert real SHA1 fingerprints as retrieved in step 9
snmpget -v 3 --defSecurityModel=tsm -u manager \
-l authPriv \
-T our_identity={manager certificate} \
-T their_identity={agent certificate} \
dtlsudp:first:10161 sysUpTime.0
It works. Perfect!
15) And finally try let's try TLS variant as well
snmpget -v 3 --defSecurityModel=tsm -u manager \
-l authPriv \
-T our_identity={manager certificate} \
-T their_identity={agent certificate} \
tlstcp:first:10161 sysUpTime.0
Works too. Great!
We've established TLS/DTLS SNMP v3 access to our server.
This is the END. Thank you for watching!
There are used commands:
_____________
Hello,
in CentOS/RHEL 7 we're going to setup SNMP v3 access
using secure TLS/DTLS access method. We will depend
on self-signed certificates.
For simplicity of this demo there is disabled firewalld and SELinux is in permissive mode.
We will use 2 nodes:
1) Where are we?
cat /etc/centos-release
2) On both nodes install net-snmp RPMs
yum -y install net-snmp net-snmp-libs net-snmp-utils \
net-snmp-agent-libs net-snmp-perl net-snmp-devel
3) Generate self-signed certificate on the agent
net-snmp-cert gencert -I -t snmpd \
4) Generate self-signed certificate on the manager
net-snmp-cert gencert -I -t manager-second \
5) Certificates have been generated in the
/etc/snmp/tls subtree
ls -lR /etc/snmp/tls
It is because we used root users on both nodes. If it was ordinary user, certificates would be in ~/.snmp/tls subtree.
8) On both nodes display available certificates
net-snmp-cert showcerts --fingerprint
Fingerprints are the ultimate keys and we will need
them
10) Add following lines. We will have to insert real SHA1 fingerprints as retrieved in step 9
[snmp] localCert {agent certificate}
certSecName 20 {manager certificate} --sn rwadmin
rwuser -s tsm "rwadmin"
11) Ensure the snmpd listens for TLS/DTLS requests.
Open /etc/sysconfig/snmpd
vim /etc/sysconfig/snmpd
12) Add following content
13) Enable snmpd and start it
systemctl enable snmpd
systemctl start snmpd
14) Fetch with following SNMP v3 DTLS request. Again
insert real SHA1 fingerprints as retrieved in step 9
snmpget -v 3 --defSecurityModel=tsm -u manager \
-l authPriv \
-T our_identity={manager certificate} \
-T their_identity={agent certificate} \
dtlsudp:first:10161 sysUpTime.0
It works. Perfect!
15) And finally try let's try TLS variant as well
snmpget -v 3 --defSecurityModel=tsm -u manager \
-l authPriv \
-T our_identity={manager certificate} \
-T their_identity={agent certificate} \
tlstcp:first:10161 sysUpTime.0
Works too. Great!
We've established TLS/DTLS SNMP v3 access to our server.
This is the END. Thank you for watching!
0:04:14
Quick setup of SNMP v3 USM access on CentOS/RHEL 7 Linux - net-snmp
0:11:33
Understanding and Configuring SNMPv3
0:08:54
Quick setup of SNMP v3 DTLS/TLS access in CentOS/RHEL 7 Linux - net-snmp
0:06:56
How SNMPv3 Works - a simple security breakdown
0:14:15
How to Configure SNMPv3 on Cisco Switch
0:10:19
Cisco SNMP v3 Configuration
0:05:50
Quick Configs Ubiquiti - SNMPv3
0:04:49
NetCrunch - Add SNMPv3 Agent
0:18:39
Quick Configs - SNMP (v1, v2, v3, EngineID, users, groups, communities)
0:11:44
MicroNugget: SNMPv3 Cisco Configuration Explained | CBT Nuggets
0:05:44
Install SNMP and configure SNMP v3 Ubuntu [No Talking]
0:05:45
Setting SNMP v3 passwords on Raritan iPDU
0:05:57
SNMP 3 TUTORIAL
0:06:46
275 SNMPv3 Configuration and Verification
0:11:03
CCNA 200-125: SNMPv3 Traps
0:14:25
CCNA 200-125: SNMPv3 Configuration
0:04:24
QIT2020_22 SNMP V3 Part 1 of 3, SNMP configure and install on Windows Server 2019
0:10:38
Convert SNMP to SNMPv3 (Tutorial)
0:28:11
Configure SNMP Traps (v1, v2, v3) in Zabbix Server / Proxy
0:30:40
SNMP v3 Breakdown - Cisco and Juniper Configuration
0:01:22
Dell_PowerEdge_14Gen_SNMP-Agent-SNMPV3
0:32:27
Configuration SNMP v3 cisco systems
0:03:40
How to Configure SNMP v3 on Cisco ASA Firewall
0:30:38
6.2 b SNMP v3 - Configuring SNMPv3
Комментарии