Update : check SNMP
All checks were successful
Deployment Verification / deploy-and-test (push) Successful in 2m2s
All checks were successful
Deployment Verification / deploy-and-test (push) Successful in 2m2s
This commit is contained in:
parent
9de00974e9
commit
ecdf93e011
7
custom/custom_snmp
Normal file
7
custom/custom_snmp
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# variables
|
||||||
|
|
||||||
|
SNMP_SYSLOCATION="Server Room"
|
||||||
|
SNMP_SYSCONTACT="admin@tips-of-mine.fr"
|
||||||
|
SNMP_SYSNAME="$(hostname)"
|
||||||
|
SNMP_SYSDESCR="Linux $(uname -r) on $(uname -m)"
|
||||||
|
$SNMP_AGENTADDRESS="10.0.4.190,10.0.4.191"
|
||||||
@ -19,7 +19,6 @@ configure_custom_banner() {
|
|||||||
log_message "INFO" "Creating custom banner file"
|
log_message "INFO" "Creating custom banner file"
|
||||||
|
|
||||||
cat > "$banner_file" << 'EOF'
|
cat > "$banner_file" << 'EOF'
|
||||||
|
|
||||||
_______ _ ____ __ __ __ _
|
_______ _ ____ __ __ __ _
|
||||||
|__ __(_) / __ \ / _| | \/ (_)
|
|__ __(_) / __ \ / _| | \/ (_)
|
||||||
| | _ _ __ ___ ___| | | | |_ ___| \ / |_ _ __ ___
|
| | _ _ __ ___ ___| | | | |_ ___| \ / |_ _ __ ___
|
||||||
@ -40,6 +39,7 @@ Tout utilisateur autorisé est informé et reconnaît que ses actions
|
|||||||
peuvent être enregistrées, conservées et auditées conformément aux
|
peuvent être enregistrées, conservées et auditées conformément aux
|
||||||
chartes/politiques internes de aux chartes/politiques internes de
|
chartes/politiques internes de aux chartes/politiques internes de
|
||||||
Tips-Of-Mine.
|
Tips-Of-Mine.
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
chmod +x "$banner_file"
|
chmod +x "$banner_file"
|
||||||
|
|||||||
@ -8,6 +8,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|||||||
|
|
||||||
# Source common functions and variables
|
# Source common functions and variables
|
||||||
source "./common.sh"
|
source "./common.sh"
|
||||||
|
source "./custom/custom_snmp"
|
||||||
|
|
||||||
# Function to configure SNMP
|
# Function to configure SNMP
|
||||||
configure_snmp() {
|
configure_snmp() {
|
||||||
@ -36,44 +37,59 @@ configure_snmp() {
|
|||||||
# SNMP Configuration
|
# SNMP Configuration
|
||||||
# Generated by security hardening script
|
# Generated by security hardening script
|
||||||
|
|
||||||
|
# SECTION: Agent Operating Mode
|
||||||
|
# This section defines how the agent will operate when it is running.
|
||||||
|
|
||||||
|
# master: Should the agent operate as a master agent or not.
|
||||||
|
# Currently, the only supported master agent type for this token is "agentx".
|
||||||
|
master agentx
|
||||||
|
|
||||||
# Listen on localhost and specific network interface
|
# Listen on localhost and specific network interface
|
||||||
agentAddress udp:127.0.0.1:161,udp:161
|
agentAddress 127.0.0.1,[::1],$SNMP_AGENTADDRESS
|
||||||
|
|
||||||
# Information about this host
|
# Information about this host
|
||||||
sysLocation "Server Room"
|
sysLocation "$SNMP_SYSLOCATION"
|
||||||
sysContact admin@example.com
|
sysContact $SNMP_SYSCONTACT
|
||||||
sysName $(hostname)
|
sysName $SNMP_SYSDESCR
|
||||||
sysDescr "Linux $(uname -r) on $(uname -m)"
|
sysDescr "$SNMP_SYSDESCR"
|
||||||
|
|
||||||
|
# sysservices: The proper value for the sysServices object.
|
||||||
|
sysServices 72
|
||||||
|
|
||||||
# Authentication (replace with your own values)
|
# Authentication (replace with your own values)
|
||||||
# Format: user_name security_name auth_protocol auth_passphrase priv_protocol priv_passphrase
|
# Format: user_name security_name auth_protocol auth_passphrase priv_protocol priv_passphrase
|
||||||
createUser authOnlyUser MD5 "auth_pass_phrase"
|
#createUser authOnlyUser MD5 "auth_pass_phrase"
|
||||||
createUser authPrivUser SHA "auth_pass_phrase" DES "priv_pass_phrase"
|
#createUser authPrivUser SHA "auth_pass_phrase" DES "priv_pass_phrase"
|
||||||
|
|
||||||
# Grant access to SNMPv3 users
|
# Grant access to SNMPv3 users
|
||||||
rouser authOnlyUser auth
|
#rouser authOnlyUser auth
|
||||||
rouser authPrivUser priv
|
#rouser authPrivUser priv
|
||||||
|
rouser authPrivUser authpriv -V systemonly
|
||||||
|
|
||||||
# Views
|
# Views
|
||||||
view systemonly included .1.3.6.1.2.1.1
|
view systemonly included .1.3.6.1.2.1.1
|
||||||
view systemonly included .1.3.6.1.2.1.25.1
|
view systemonly included .1.3.6.1.2.1.25.1
|
||||||
|
|
||||||
|
# rocommunity: a SNMPv1/SNMPv2c read-only access community name
|
||||||
|
rocommunity public default -V systemonly
|
||||||
|
rocommunity6 public default -V systemonly
|
||||||
|
|
||||||
# Grant only system information to SNMPv3 users
|
# Grant only system information to SNMPv3 users
|
||||||
access grpAuthOnlyUser "" usm auth nopriv exact systemonly none none
|
#access grpAuthOnlyUser "" usm auth nopriv exact systemonly none none
|
||||||
access grpAuthPrivUser "" usm auth priv exact systemonly none none
|
#access grpAuthPrivUser "" usm auth priv exact systemonly none none
|
||||||
|
|
||||||
# Additional monitoring
|
# Additional monitoring
|
||||||
# Load averages
|
# Load averages
|
||||||
extend load /bin/cat /proc/loadavg
|
#extend load /bin/cat /proc/loadavg
|
||||||
# Disk space
|
# Disk space
|
||||||
extend dfspace /bin/df -P
|
#extend dfspace /bin/df -P
|
||||||
|
|
||||||
# Disable older SNMP versions (only allow SNMPv3)
|
# Disable older SNMP versions (only allow SNMPv3)
|
||||||
disableSnmpv1d yes
|
#disableSnmpv1d yes
|
||||||
disableSnmpv2cd yes
|
#disableSnmpv2cd yes
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
authtrapenable 1
|
#authtrapenable 1
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
log_message "SUCCESS" "SNMP configuration created at $snmpd_conf"
|
log_message "SUCCESS" "SNMP configuration created at $snmpd_conf"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user