Created on 12-02-2009 08:21 AM Edited on 06-09-2022 09:06 PM By Anonymous
Description
This article describes how to modify the community strings on the Shelf Manager for SNMP polling
Follow the steps below
1 Connect to the SM via console.
2 Edit the snmpd.conf file by using the « vi » command.
3 Replace the public private communities with your own communities.
3 Save and quit the snmpd.conf.
4 Using the command « ps » identify the process id of the snmpd.
5 Kill this process.
6 Restart this process.
This is an example
Step 1
entry login: xxxxxxxxxxxx
Password: xxxxxxxxxxxx
# cd /etc
Step 2
# vi snmpd.conf
###############################################################################
#
# snmpd.conf: configuration file for the NET-SNMP agent.
#
###############################################################################
#
# All lines beginning with a '#' are comments and are intended for you to read.
# All other lines are configuration commands for the agent.
# See snmpd.conf(5) manual page for further details.
#
###############################################################################
# Access Control
###############################################################################
#
# By default, the agent responds to the "public" community for read-only access
# if run out of the box without any configuration file in place. The following
# user configuration is needed for SNMP v3 access. Also AgentX support in SNMP
# master agent is enabled in this section.
#
rwuser overlord
createUser overlord MD5 possessor DES
engineID "PPS_ShMM_NetSNMPd"
master agentx
# The following lines change the access permissions of the agent so that the
# COMMUNITY string provides read-only access to your entire NETWORK (default),
# and read/write access only to localhost (127.0.0.1, not its real ipaddress).
# Note that it is needed for SNMP versions 1 and 2.
####
# First, map "public" community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming from):
#
# sec.name source community
com2sec local localhost yourwritecommunity ------------------> change this (step C)
com2sec mynetwork default yourreadcommunity ------------------> change this (step C)
####
# Second, map the security names into group names:
#
# sec.model sec.name
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyRWGroup v1 mynetwork
group MyRWGroup v2c mynetwork
group MyRWGroup usm mynetwork
####
# Third, create a view for us to let the groups have rights to:
#
# incl/excl subtree mask
view all included .1 80
####
# Finally, grant the 2 groups access to the 1 view with different write
# permissions:
#
# context sec.model sec.level match read write notif
access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none
###############################################################################
# System contact information
###############################################################################
#
# It is possible to set the sysContact and sysLocation system variables through
# the snmpd.conf file:
#
syslocation PPS Shelf Manager Mezzanine Module
syscontact PPS <support@pigeonpoint.com>
:wq --------------------> to save and quit (Step 4)
Step 5
Identify the process id for snmpd.
# ps
PID Uid VmSize Stat Command
1 root 660 S init
2 root SW [keventd]
3 root RWN [ksoftirqd_CPU0]
4 root SW [kswapd]
5 root SW [bdflush]
6 root SW [kupdated]
9 root SW [mtdblockd]
10 root SW [khubd]
59 root SWN [jffs2_gcd_mtd0]
63 root SWN [jffs2_gcd_mtd10]
87 root 680 S syslogd -s 250000
92 root 660 S klogd
97 root SWN [jffs2_gcd_mtd1]
144 root 732 S /bin/inetd
180 root 620 S /bin/httpd -h /usr/httpd/html
185 root 3300 S shelfman -sf
192 root 608 S /bin/getty 0 ttyS0 vt100
193 root 612 S /bin/getty 115200 ttyS1 vt100
194 root 3300 S shelfman -sf
195 root 3300 S shelfman -sf
196 root 3300 S shelfman -sf
197 root 3300 S shelfman -sf
198 root 3300 S shelfman -sf
199 root 3300 S N shelfman -sf
200 root 3300 S shelfman -sf
201 root 3300 S shelfman -sf
202 root 3300 S shelfman -sf
203 root 3300 S shelfman -sf
204 root 3300 S shelfman -sf
205 root 3300 S shelfman -sf
206 root 3300 S shelfman -sf
207 root 3300 S shelfman -sf
208 root 3300 S shelfman -sf
209 root 3300 S shelfman -sf
210 root 3300 S shelfman -sf
213 root 3300 S shelfman -sf
214 root 3300 S shelfman -sf
216 root 3300 S shelfman -sf
217 root 3300 S shelfman -sf
230 root 3300 S shelfman -sf
293 root 496 S telnetd
294 root 796 S -sh
301 root 496 S telnetd
302 root 828 S -sh
307 root 696 S clia
848 root 688 S clia
930 root 2264 S snmpd -c /etc/snmpd.conf
933 root 676 R vi snmpd.conf
935 root 496 S telnetd
936 root 796 S -sh
941 root 740 R ps
# kill -9 930
The pid must be the number you noticed above for your snmpd -c /etc/snmpd.conf (step 6)
Then restart the process by doing (step 7)
# daemon -f snmpd -c /etc/snmpd.conf
You can additionally verify that the process has restarted by using the command # ps.
Make sure that a new pid as been assigned to snmpd meaning process as properly restarted.
How to verify that the new communities are working on the Shelf Manager
Verification can be made with any tool sending SNMP queries (iReasoning) and a sniffer (Wireshark).
Scope
Solution
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.