CentOS6.x SNMPv2 详细配置与获取SNMP数据

CentOSMonitoring 评论关闭

CentOS6.x SNMPv2 详细配置与获取SNMP数据
简单网络管理协议(SNMP) Simple Network Manage Protocol 使用UDP协议,端口号161、162
snmpd 占用161号端口
snmptrapd 占用162号端口

SNMP共有三个版本
SNMPv1
SNMPv2c ,community (SNMPv2u ,user)
SNMPv3

MIB数据库http://a.hiphotos.baidu.com/baike/c0%3Dbaike116%2C5%2C5%2C116%2C38/sign=e53d3b44f1deb48fef64a98c9176514c/810a19d8bc3eb1352b3d169ea41ea8d3fd1f4418.jpg
SNMP协议使用MIB数据库保存数据信息
MIB使用树状结构组织管理数据
MIB使用OID定位数据

OID:.1.3.6.1.2.1.1 #从上到下,.0代表所包含的元素


GET 获取数据
GET NEXT 获取下一个
GET BULK 获取大量数据
SET 设置数据信息,可以修改主机名等待

监控设备 被监控设备

TRAPS 反馈给监控设备
INFORM 反馈给监控设备,监控设备会发送接收完毕的反馈信息
RESPONSE

安装 net-snmp
yum -y install net-snmp net-snmp-devel net-snmp-libs net-snmp-utils
或者
yum install -y net-snmp*

cd /etc/snmp/
[root@vultr snmp]# ls
snmpd.conf snmptrapd.conf snmptt.conf snmptt.ini
161端口 162端口

service snmpd restart #启动net-snmp
netstat -tulpn TCP、UDP、programs、listenin、numeric #查看snmpd运行状态已经占有的端口号

udp 0 0 0.0.0.0:161 0.0.0.0:* 30021/snmpd

添加开机启动
chkconfig --list | grep snmp
snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
chkconfig snmpd on

/etc/snmp/snmpd.conf #配置文件
community = password

cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bck
vi /etc/snmp/snmpd.conf

# sec.name source community
com2sec yonghuming default mima

# groupName securityModel securityName
group yonghuzu v2c yonghuming

# Finally, grant the group read-only access to the systemview view.

# group context sec.model sec.level prefix read write notif 指定组的权限到一个权限视图
access yonghuzu "" any noauth exact systemview none none

# Make at least snmpwalk -v 1 localhost -c public system fast again. 设置systemview能访问那些权限
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1 #所有都能访问

service snmpd restart #重启snmp服务

-----------

如果需要获取更多的数据,可以把系统视图权限修改为所有权限

access yonghuzu "" any noauth exact systemview none none
修改为
access yonghuzu "" any noauth exact all none none

修改对all的定义
## incl/excl subtree mask
view all included .1 80

service snmpd restart #重启snmp服务

snmpget获取一个指定OID的数据
snmpget -v 2c -c mima 108.61.247.227 1.3.6.1.2.1.1.1.0

snmpwalk获取从一个OID开始后所有的数值
snmpwalk -v 2c -c mima 108.61.247.227 .1

SNMP错误提示
Timeout: No Response from 108.61.247.227.
解决办法:
1 查看密码是否设置正确
2 配置防火墙允许SNMP数据通过
iptables -I INPUT -p udp --dport 161 -j ACCEPT
service iptables save;service iptables restart;

CentOS6.x 更新系统默认Python版本带来的yum异常:File “/usr/bin/yum”, line 30

CentOS 评论关闭

CentOS6.x 更新系统默认Python版本带来的yum异常:File "/usr/bin/yum", line 30

CentOS6.x 升级Python到 Python3.4.3,并更新系统默认Python版本,当使用yum安装或升级软件的时候提示下列错误

#yum update -y
File "/usr/bin/yum", line 30
except KeyboardInterrupt, e:
^
SyntaxError: invalid syntax

错误原因:

这是因为yum采用python作为命令解释器,这可以从/usr/bin/yum文件中第一行#!/usr/bin/python发现。而python版本之间兼容性不太好,使得2.6版本与3.4版本之间存在语法不一致问题。而CentOS 6自带的yum采用的是

python2.6.6,当系统将python升级到3.x后,出现语法解释错误。

解决办法:
修改yum的解释器为旧版本python2.6(如果你没有采用覆盖升级的话)。

#vi /usr/bin/yum
将第一行"#!/usr/bin/python" 改为 "#!/usr/bin/python2.6"即可。

yum_error

yum_error2

CentOS6.x下Python-Pip以及Python-gevent的安装使用

CentOS 评论关闭

CentOS6.x下Python-Pip以及Python gevent的安装使用
CentOS6.5安装 gevent可以提高服务器的性能

Pip是安装Python包的工具,提供了安装、列举已安装包、升级以及卸载包的功能。Pip 是对easy_install的取代,提供了和easy_install相同的查找包的功能,因此可以使用easy_install安装的包也同样可以使用pip进行安装。
目前有很多Python程序都是可以直接通过Pip来一键安装了,比如众所周知的Django、Markdown、Shadowsocks等。
安装Pip之前必须要先安装setuptools,安装setuptools之前,必须要安装了Python,这之间的安装过程存在依赖关系,缺一不可。
1、检查Python版本
#python --version
CentOS6.5默认安装的Python版本是2.6.6,返回值为:Python 2.6.6
2、安装setuptools
#yum install -y python-setuptools
安装完毕后,easy_install命令就可以使用了。
3、安装pip //pip-8.0.2
#easy_install pip
通过easy_install安装pip是最为简单的方法。pip默认安装到/usr/bin目录下。
4、安装shadowsocks
#pip install shadowsocks
5、安装 gevent
安装 gevent可以提高 Shadowsocks 的性能。CentOS下安装gevent依赖libevent和greenlet。
安装libevent:
#yum install -y libevent

安装greenlet:
#yum groupinstall "Development Tools" -y
#pip install greenlet

安装gevent:
pip install gevent 或者easy_install gevent //error: Setup script exited with error: command 'gcc' failed with exit status 1 可能会报错

简要介绍一下Pip的用法(以安装gevent举例):
1、安装package
pip install gevent

2、列出已安装的packages
pip freeze

3、安装特定版本的package
pip install gevent==1.0.2
pip install gevent>=1.0.2,<=1.0.2

4、升级已安装的package到最新版本
pip install -U gevent

5、卸载已安装的package
pip uninstall gevent

6、查询已安装的package
pip search "gevent"

https://teddysun.com/339.html
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6


CentOS6.x 安装升级Python2.7.x Python3.4.x

Nginx1.90 nginx_stream 做TCP代理和协议负载均衡

LNMPNginx 评论关闭

Nginx1.90做TCP代理和协议负载均衡的功能
nginx从1.9.0开始增加了stream模块(ngx_stream_core_module),默认configure不包含该模块,需要在configure的时候加上--with-stream

./configure --prefix=/usr/local/nginx --user=www --group=www \
--add-module=/root/ngx_http_google_filter_module \
--add-module=/root/ngx_http_substitutions_filter_module \
--with-http_stub_status_module \
--with-http_v2_module \
--with-http_ssl_module \
--with-ipv6 \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-http_flv_module \
--with-http_sub_module \
--with-stream

配置文件很简单,最基本的

.....................
events {
use epoll;
worker_connections 51200;
}
stream {
server {
listen 2002;
proxy_pass 123.123.123.123:3389;
}

server {
listen 2003;
proxy_pass 123.123.123.123:22;
}
}

http {
.....................

需要在防火墙允许相应的端口通过。这样可以反代远程桌面3389端口或者其他固定的TCP端口,比iptables转发或者虚拟专用网络连接来管理国外Windows或者Linux服务器要方便不少。

当然,该模块最重要的功能是支持TCP负载均衡,比如远程多台mysql负载均衡。

stream {
upstream mysql {
server 1.1.1.1:3306;
server 2.2.2.2:3306;
server 3.3.3.3:3306;
}
server {
listen 3306;
proxy_pass mysql;
}
}

官方文档http://nginx.org/en/docs/stream/ngx_stream_core_module.html

在Linux上启用SSH登录email通知

Linux 评论关闭

在Linux上启用SSH登录email通知
在CentOS, Ubuntu/Debian 启用SSH登录邮件通知
Linux服务器或LinuxVPS通常需要远程登录访问,尤其是当服务器或VPS还允许root 直接登录时,应该为SSH 登录成功配置一个自动的email提醒。

把下面的YOUR_EMAIL_ADDRES更改为你要接收登录通知的电子邮件地址。sendmail直接发送的话很可能会发送到垃圾邮箱里,如果仅仅是为了接收这样的提醒的话,只需要把地址加入到白名单就行了。

CentOS

vim ~/.bash_profile //添加下面的配置

IP="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
HOSTNAME=$(hostname)
NOW=$(date +"%e %b %Y, %a %r")

echo 'Someone from '$IP' logged into '$HOSTNAME' on '$NOW'.' | mail -s 'SSH Login Notification' YOUR_EMAIL_ADDRESS

Ubuntu/Debian

vim ~/.bashrc //添加下面的配置

IP="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
HOSTNAME=$(hostname)
NOW=$(date +"%e %b %Y, %a %r")

echo 'Someone from '$IP' logged into '$HOSTNAME' on '$NOW'.' | mail -s 'SSH Login Notification' YOUR_EMAIL_ADDRESS

如果不想接收到邮箱,只想重定向到一个文件的话。
IP="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
HOSTNAME=$(hostname)
NOW=$(date +"%e %b %Y, %a %r")

echo 'Someone from '$IP' logged into '$HOSTNAME' on '$NOW'.' >>/root/login.txt

完成

CentOS 6, Debian, Ubuntu, CentOS 7, FreeBSD, CoreOS, 进入单用户模式(重新设置root密码),单用户模式修改密码

Linux 评论关闭

CentOS 6, Debian, Ubuntu, CentOS 7, FreeBSD, CoreOS, 进入单用户模式(重新设置root密码),单用户模式修改密码
CentOS 6, Debian, Ubuntu, CentOS 7, FreeBSD, CoreOS, 进入单用户模式修改密码

To reset the root password of your server, you will need to boot into single user mode.要重置您的服务器的root密码,您将需要引导进入单用户模式。

Access the Manage section of your server in the customer portal and follow these steps. The option depends on the bootloader version on the machine:

CentOS 6 进入单用户模式修改密码

  1. Click [View Console] to access the console and click the send CTRL+ALT+DEL button on the top right. Alternatively, you can also click [RESTART] to restart the server.
  2. You will see a GRUB boot prompt telling you to press any key - you have only a few seconds to press a key to stop the automated booting process. (If you miss this prompt you will need to restart the VM again)
  3. At the GRUB prompt, type "a" to append to the boot command.
  4. Add the text "single" and press enter.
  5. System will boot and you will see the root prompt. Type "passwd" to change the root-password and then reboot again.

Debian, Ubuntu, CentOS 7 进入单用户模式修改密码

  1. Click [View Console] to access the console and click the send CTRL+ALT+DEL button on the top right. Alternatively, you can also click [RESTART] to restart the server.
  2. As soon as the boot process starts, press ESC to bring up the GRUB boot prompt. You may need to turn the system off from the control panel and then back on to reach the GRUB boot prompt.
  3. You will see a GRUB boot prompt - press "e" to edit the first boot option. (If you do not see the GRUB prompt, you may need to press any key to bring it up before the machine boots)
  4. Find the kernel line (starts with "linux /boot/") and add init="/bin/bash" at the end of the line
  5. Press CTRL-X or F10 to boot.
  6. System will boot and you will see the root prompt. Type "mount -rw -o remount /" and then "passwd" to change the root password and then reboot again.

FreeBSD 进入单用户模式修改密码

The boot menu has an option to boot into single-user mode. Press the key for single user mode (2). At the root prompt, type "passwd" to change the root password and then reboot again.

CoreOS 进入单用户模式修改密码

CoreOS by default uses SSH key authentication. On Vultr, a root user and password are created. If an SSH key is selected when creating the VPS, this SSH key can be used to login as user "core".

It is possible to reset the standard root login by executing "sudo passwd" as user "core". Login as "core" using the SSH key first.

If you lost your SSH key, then you can login as the "core" user by editing the grub loader. Follow these steps:

  1. Click [View Console] to access the console and click the send CTRL+ALT+DEL button on the top right. Alternatively, you can also click [RESTART] to restart the server.
  2. You will see a GRUB boot prompt - press "e" to edit the first boot option. (If you do not see the GRUB prompt, you may need to press any key to bring it up before the machine boots)
  3. At the end of the line that begins with "linux$" add " coreos.autologin=tty1" (no quotes).
  4. Press CTRL-X or F10 to boot. You will be logged in as "core" when the system boots.
  5. Remember to reboot your server after you have reset your login.

完成

多用户,多(种\个)密钥,SSH 密钥登录linux服务器

Linux 评论关闭

接上文 Linux服务器采用密钥认证登录
多用户,多(种\个)密钥,SSH 密钥登录linux服务器
多用户,多种密钥算法(rsa\dsa),SSH 私钥登录linux(Red Hat \ CentOS \ Fedora \ Debian \ Ubuntu) 服务器
multi-user, multi-key (rsa \ dsa), private key ssh login linux server (Red Hat \ CentOS \ Fedora \ Debian \ Ubuntu)
使用密钥验证登录
基于密钥的安全验证必须为用户自己创建一对密钥,但是一台服务器上不可能只有一个用户,算法和强度也不会只有一种。

1:用户,假如一台服务器上有有两个用户root和demo
root //提前生成了两对rsa算法密钥
#ssh-keygen -t rsa -b 2048
#ssh-keygen -t rsa -b 16384 //rsa 最大位数16384

demo //demo 先使用dsa算法密钥,然后在使用rsa算法密钥,然后放到一起authorized_keys
$ssh-keygen -t dsa -b 1024 //dsa 位数必须是1024

2:dsa算法密钥SSH登录
ssh-keygen -t dsa -b 1024 //DSA keys must be 1024 bits
Generating public/private dsa key pair.
Enter file in which to save the key (/home/demo/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/demo/.ssh/id_dsa.
Your public key has been saved in /home/demo/.ssh/id_dsa.pub.
The key fingerprint is:

demo
$cat ~/.ssh/id_dsa.pub>>~/.ssh/authorized_keys
#chmod 700 .ssh
#chmod 600 ~/.ssh/authorized_keys //不然Xshell 会提示 所选的用户密钥未在远程主机上注册。请再试一次。
//or willnotice The selected user key is not registered in the remote host.Try again.

3:rsa算法密钥SSH登录
$ssh-keygen -t rsa -b 2048 //最大值16384
Generating public/private rsa key pair.
Enter file in which to save the key (/home/demo/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/demo/.ssh/id_rsa.
Your public key has been saved in /home/demo/.ssh/id_rsa.pub.

demo
$cat ~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys
#chmod 700 .ssh
#chmod 600 ~/.ssh/authorized_keys //不然Xshell 会提示 所选的用户密钥未在远程主机上注册。请再试一次。
//or willnotice The selected user key is not registered in the remote host.Try again.

4:多个密钥,多种密钥SSH登录
多密钥,只需要把公钥追加到authorized_keys
cat ~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys

其他相关信息
ecdsa Xshell PUTTY还不支持,密钥认证是针对每个用户的。

-t type
Specifies the type of key to create. The possible values are
“rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or
“rsa” for protocol version 2.
-b bits
Specifies the number of bits in the key tocreate. For RSA keys, the minimum size is 768 bits and
the default is 2048 bits. Generally,2048 bits is considered sufficient. DSA keys must be exactly
1024 bits as specified by FIPS 186-2. ForECDSA keys, the -b flag determines the key length by
selecting from one of three elliptic curvesizes: 256, 384 or 521 bits. Attempting to use bit lengths
other than these three values for ECDSA keyswill fail. ED25519 keys have a fixedlength and the
-b flag will be ignored.

ssh-keygen -t rsa -b 2048 //ssh-keygen -t rsa -b 65536,key bits exceeds maximum 16384
Bits has bad value 65536 (too large)
ssh-keygen -t rsa -b 16384
id_rsa
id_rsa.pub

ssh-keygen -t dsa -b 1024 //DSA keys must be 1024 bits
id_dsa
id_dsa.pub

ssh-keygen -t ecdsa -b 521
id_ecdsa
id_ecdsa.pub

ECDSA(椭圆曲线签名算法)
RSA公钥加密算法
DSA
结束
rsa

dsa

加载更多