Difference between revisions of "Roentgen"
From Nuclear Physics Group Documentation Pages
Jump to navigationJump to searchLine 115: | Line 115: | ||
+ /scripts \ | + /scripts \ | ||
- /* \ | - /* \ | ||
+ | </pre> | ||
+ | == SNMP Configuration == | ||
+ | === /etc/snmp/snmpd.conf === | ||
+ | <pre>############################################################################### | ||
+ | # | ||
+ | # EXAMPLE.conf: | ||
+ | # An example configuration file for configuring the ucd-snmp snmpd agent. | ||
+ | # | ||
+ | ############################################################################### | ||
+ | # | ||
+ | # This file is intended to only be an example. If, however, you want | ||
+ | # to use it, it should be placed in SYSCONFDIR/share/snmp/snmpd.conf. | ||
+ | # When the snmpd agent starts up, this is where it will look for it. | ||
+ | # | ||
+ | # You might be interested in generating your own snmpd.conf file using | ||
+ | # the "snmpconf" program (perl script) instead. It's a nice menu | ||
+ | # based interface to writing well commented configuration files. Try it! | ||
+ | # | ||
+ | # Note: This file is automatically generated from EXAMPLE.conf.def. | ||
+ | # Do NOT read the EXAMPLE.conf.def file! Instead, after you have run | ||
+ | # configure & make, and then make sure you read the EXAMPLE.conf file | ||
+ | # instead, as it will tailor itself to your configuration. | ||
+ | |||
+ | # All lines beginning with a '#' are comments and are intended for you | ||
+ | # to read. All other lines are configuration commands for the agent. | ||
+ | |||
+ | # | ||
+ | # PLEASE: read the snmpd.conf(5) manual page as well! | ||
+ | # | ||
+ | |||
+ | |||
+ | ############################################################################### | ||
+ | # Access Control | ||
+ | ############################################################################### | ||
+ | |||
+ | # YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY | ||
+ | # KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO | ||
+ | # SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. | ||
+ | |||
+ | # By far, the most common question I get about the agent is "why won't | ||
+ | # it work?", when really it should be "how do I configure the agent to | ||
+ | # allow me to access it?" | ||
+ | # | ||
+ | # By default, the agent responds to the "public" community for read | ||
+ | # only access, if run out of the box without any configuration file in | ||
+ | # place. The following examples show you other ways of configuring | ||
+ | # the agent so that you can change the community names, and give | ||
+ | # yourself write access as well. | ||
+ | # | ||
+ | # The following lines change the access permissions of the agent so | ||
+ | # that the COMMUNITY string provides read-only access to your entire | ||
+ | # NETWORK (EG: 10.10.10.0/24), and read/write access to only the | ||
+ | # localhost (127.0.0.1, not its real ipaddress). | ||
+ | # | ||
+ | # For more information, read the FAQ as well as the snmpd.conf(5) | ||
+ | # manual page. | ||
+ | |||
+ | #### | ||
+ | # First, map the community name (COMMUNITY) into a security name | ||
+ | # (local and mynetwork, depending on where the request is coming | ||
+ | # from): | ||
+ | |||
+ | # sec.name source community | ||
+ | com2sec local localhost NPG | ||
+ | com2sec mynetwork 10.0.0.0/24 NPG | ||
+ | |||
+ | #### | ||
+ | # Second, map the security names into group names: | ||
+ | |||
+ | # sec.model sec.name | ||
+ | group MyRWGroup v1 local | ||
+ | group MyRWGroup v2c local | ||
+ | group MyRWGroup usm local | ||
+ | group MyROGroup v1 mynetwork | ||
+ | group MyROGroup v2c mynetwork | ||
+ | group MyROGroup usm mynetwork | ||
+ | |||
+ | #### | ||
+ | # Third, create a view for us to let the groups have rights to: | ||
+ | |||
+ | # incl/excl subtree mask | ||
+ | view all included .1 80 | ||
+ | |||
+ | #### | ||
+ | # Finally, grant the 2 groups access to the 1 view with different | ||
+ | # write permissions: | ||
+ | |||
+ | # context sec.model sec.level match read write notif | ||
+ | access MyROGroup "" any noauth exact all none none | ||
+ | access MyRWGroup "" any noauth exact all all none | ||
+ | |||
+ | # ----------------------------------------------------------------------------- | ||
+ | |||
+ | |||
+ | ############################################################################### | ||
+ | # System contact information | ||
+ | # | ||
+ | |||
+ | # It is also possible to set the sysContact and sysLocation system | ||
+ | # variables through the snmpd.conf file. **PLEASE NOTE** that setting | ||
+ | # the value of these objects here makes these objects READ-ONLY | ||
+ | # (regardless of any access control settings). Any attempt to set the | ||
+ | # value of an object whose value is given here will fail with an error | ||
+ | # status of notWritable. | ||
+ | |||
+ | syslocation The Farm, UNH Physics, Durham, NH | ||
+ | syscontact Dan Noe <dpn@physics.unh.edu> | ||
+ | |||
+ | # Example output of snmpwalk: | ||
+ | # % snmpwalk -v 1 -c public localhost system | ||
+ | # system.sysDescr.0 = "SunOS name sun4c" | ||
+ | # system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 | ||
+ | # system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 | ||
+ | # system.sysContact.0 = "Me <me@somewhere.org>" | ||
+ | # system.sysName.0 = "name" | ||
+ | # system.sysLocation.0 = "Right here, right now." | ||
+ | # system.sysServices.0 = 72 | ||
+ | |||
+ | |||
+ | # ----------------------------------------------------------------------------- | ||
+ | |||
+ | |||
+ | ############################################################################### | ||
+ | # Process checks. | ||
+ | # | ||
+ | # The following are examples of how to use the agent to check for | ||
+ | # processes running on the host. The syntax looks something like: | ||
+ | # | ||
+ | # proc NAME [MAX=0] [MIN=0] | ||
+ | # | ||
+ | # NAME: the name of the process to check for. It must match | ||
+ | # exactly (ie, http will not find httpd processes). | ||
+ | # MAX: the maximum number allowed to be running. Defaults to 0. | ||
+ | # MIN: the minimum number to be running. Defaults to 0. | ||
+ | |||
+ | # | ||
+ | # Examples: | ||
+ | # | ||
+ | |||
+ | # Make sure mountd is running | ||
+ | proc mountd | ||
+ | |||
+ | # Make sure there are no more than 4 ntalkds running, but 0 is ok too. | ||
+ | proc ntalkd 4 | ||
+ | |||
+ | # Make sure at least one sendmail, but less than or equal to 10 are running. | ||
+ | proc sendmail 10 1 | ||
+ | |||
+ | # A snmpwalk of the prTable would look something like this: | ||
+ | # | ||
+ | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.PROCMIBNUM | ||
+ | # enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" | ||
+ | # enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" | ||
+ | # enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" | ||
+ | # enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." | ||
+ | # enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" | ||
+ | # enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" | ||
+ | # enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 | ||
+ | # enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 | ||
+ | # | ||
+ | # Note that the errorFlag for mountd is set to 1 because one is not | ||
+ | # running (in this case an rpc.mountd is, but thats not good enough), | ||
+ | # and the ErrMessage tells you what's wrong. The configuration | ||
+ | # imposed in the snmpd.conf file is also shown. | ||
+ | # | ||
+ | # Special Case: When the min and max numbers are both 0, it assumes | ||
+ | # you want a max of infinity and a min of 1. | ||
+ | # | ||
+ | |||
+ | |||
+ | # ----------------------------------------------------------------------------- | ||
+ | |||
+ | |||
+ | ############################################################################### | ||
+ | # Executables/scripts | ||
+ | # | ||
+ | |||
+ | # | ||
+ | # You can also have programs run by the agent that return a single | ||
+ | # line of output and an exit code. Here are two examples. | ||
+ | # | ||
+ | # exec NAME PROGRAM [ARGS ...] | ||
+ | # | ||
+ | # NAME: A generic name. | ||
+ | # PROGRAM: The program to run. Include the path! | ||
+ | # ARGS: optional arguments to be passed to the program | ||
+ | |||
+ | # a simple hello world | ||
+ | exec echotest /bin/echo hello world | ||
+ | |||
+ | # Run a shell script containing: | ||
+ | # | ||
+ | # #!/bin/sh | ||
+ | # echo hello world | ||
+ | # echo hi there | ||
+ | # exit 35 | ||
+ | # | ||
+ | # Note: this has been specifically commented out to prevent | ||
+ | # accidental security holes due to someone else on your system writing | ||
+ | # a /tmp/shtest before you do. Uncomment to use it. | ||
+ | # | ||
+ | #exec shelltest /bin/sh /tmp/shtest | ||
+ | |||
+ | # Then, | ||
+ | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.SHELLMIBNUM | ||
+ | # enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 | ||
+ | # enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 | ||
+ | # enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" | ||
+ | # enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" | ||
+ | # enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" | ||
+ | # enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" | ||
+ | # enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 | ||
+ | # enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 | ||
+ | # enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." | ||
+ | # enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." | ||
+ | # enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 | ||
+ | # enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 | ||
+ | |||
+ | # Note that the second line of the /tmp/shtest shell script is cut | ||
+ | # off. Also note that the exit status of 35 was returned. | ||
+ | |||
+ | # ----------------------------------------------------------------------------- | ||
+ | |||
+ | exec .1.3.6.1.4.1.2021.5822.10 LM.Sensors /etc/snmp/sensormib.sh | ||
+ | |||
+ | ############################################################################### | ||
+ | # disk checks | ||
+ | # | ||
+ | |||
+ | # The agent can check the amount of available disk space, and make | ||
+ | # sure it is above a set limit. | ||
+ | |||
+ | # disk PATH [MIN=DEFDISKMINIMUMSPACE] | ||
+ | # | ||
+ | # PATH: mount path to the disk in question. | ||
+ | # MIN: Disks with space below this value will have the Mib's errorFlag set. | ||
+ | # Default value = DEFDISKMINIMUMSPACE. | ||
+ | |||
+ | # Check the / partition and make sure it contains at least 10 megs. | ||
+ | |||
+ | disk / 10000 | ||
+ | disk /var 10000 | ||
+ | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.DISKMIBNUM | ||
+ | # enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 | ||
+ | # enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F | ||
+ | # enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" | ||
+ | # enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 | ||
+ | # enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 | ||
+ | # enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 | ||
+ | # enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 | ||
+ | # enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 | ||
+ | # enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 | ||
+ | # enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" | ||
+ | |||
+ | # ----------------------------------------------------------------------------- | ||
+ | |||
+ | |||
+ | ############################################################################### | ||
+ | # load average checks | ||
+ | # | ||
+ | |||
+ | # load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE] | ||
+ | # | ||
+ | # 1MAX: If the 1 minute load average is above this limit at query | ||
+ | # time, the errorFlag will be set. | ||
+ | # 5MAX: Similar, but for 5 min average. | ||
+ | # 15MAX: Similar, but for 15 min average. | ||
+ | |||
+ | # Check for loads: | ||
+ | load 12 14 14 | ||
+ | |||
+ | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.LOADAVEMIBNUM | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" | ||
+ | # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" | ||
+ | |||
+ | # ----------------------------------------------------------------------------- | ||
+ | |||
+ | |||
+ | ############################################################################### | ||
+ | # Extensible sections. | ||
+ | # | ||
+ | |||
+ | # This alleviates the multiple line output problem found in the | ||
+ | # previous executable mib by placing each mib in its own mib table: | ||
+ | |||
+ | # Run a shell script containing: | ||
+ | # | ||
+ | # #!/bin/sh | ||
+ | # echo hello world | ||
+ | # echo hi there | ||
+ | # exit 35 | ||
+ | # | ||
+ | # Note: this has been specifically commented out to prevent | ||
+ | # accidental security holes due to someone else on your system writing | ||
+ | # a /tmp/shtest before you do. Uncomment to use it. | ||
+ | # | ||
+ | # exec .EXTENSIBLEDOTMIB.50 shelltest /bin/sh /tmp/shtest | ||
+ | |||
+ | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.50 | ||
+ | # enterprises.ucdavis.50.1.1 = 1 | ||
+ | # enterprises.ucdavis.50.2.1 = "shelltest" | ||
+ | # enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" | ||
+ | # enterprises.ucdavis.50.100.1 = 35 | ||
+ | # enterprises.ucdavis.50.101.1 = "hello world." | ||
+ | # enterprises.ucdavis.50.101.2 = "hi there." | ||
+ | # enterprises.ucdavis.50.102.1 = 0 | ||
+ | |||
+ | # Now the Output has grown to two lines, and we can see the 'hi | ||
+ | # there.' output as the second line from our shell script. | ||
+ | # | ||
+ | # Note that you must alter the mib.txt file to be correct if you want | ||
+ | # the .50.* outputs above to change to reasonable text descriptions. | ||
+ | |||
+ | # Other ideas: | ||
+ | # | ||
+ | # exec .EXTENSIBLEDOTMIB.51 ps /bin/ps | ||
+ | # exec .EXTENSIBLEDOTMIB.52 top /usr/local/bin/top | ||
+ | # exec .EXTENSIBLEDOTMIB.53 mailq /usr/bin/mailq | ||
+ | |||
+ | # ----------------------------------------------------------------------------- | ||
+ | |||
+ | |||
+ | ############################################################################### | ||
+ | # Pass through control. | ||
+ | # | ||
+ | |||
+ | # Usage: | ||
+ | # pass MIBOID EXEC-COMMAND | ||
+ | # | ||
+ | # This will pass total control of the mib underneath the MIBOID | ||
+ | # portion of the mib to the EXEC-COMMAND. | ||
+ | # | ||
+ | # Note: You'll have to change the path of the passtest script to your | ||
+ | # source directory or install it in the given location. | ||
+ | # | ||
+ | # Example: (see the script for details) | ||
+ | # (commented out here since it requires that you place the | ||
+ | # script in the right location. (its not installed by default)) | ||
+ | |||
+ | # pass .EXTENSIBLEDOTMIB.255 /bin/sh PREFIX/local/passtest | ||
+ | |||
+ | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.255 | ||
+ | # enterprises.ucdavis.255.1 = "life the universe and everything" | ||
+ | # enterprises.ucdavis.255.2.1 = 42 | ||
+ | # enterprises.ucdavis.255.2.2 = OID: 42.42.42 | ||
+ | # enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 | ||
+ | # enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 | ||
+ | # enterprises.ucdavis.255.5 = 42 | ||
+ | # enterprises.ucdavis.255.6 = Gauge: 42 | ||
+ | # | ||
+ | # % snmpget -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.5 | ||
+ | # enterprises.ucdavis.255.5 = 42 | ||
+ | # | ||
+ | # % snmpset -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.1 s "New string" | ||
+ | # enterprises.ucdavis.255.1 = "New string" | ||
+ | # | ||
+ | |||
+ | # For specific usage information, see the man/snmpd.conf.5 manual page | ||
+ | # as well as the local/passtest script used in the above example. | ||
+ | |||
+ | ############################################################################### | ||
+ | # Subagent control | ||
+ | # | ||
+ | |||
+ | # The agent can support subagents using a number of extension mechanisms. | ||
+ | # From the 4.2.1 release, AgentX support is being compiled in by default. | ||
+ | # However, this is still experimental code, so should not be used on | ||
+ | # critical production systems. | ||
+ | # Please see the file README.agentx for more details. | ||
+ | # | ||
+ | # If having read, marked, learnt and inwardly digested this information, | ||
+ | # you decide that you do wish to make use of this mechanism, simply | ||
+ | # uncomment the following directive. | ||
+ | # | ||
+ | # master agentx | ||
+ | # | ||
+ | # I repeat - this is *NOT* regarded as suitable for front-line production | ||
+ | # systems, though it is probably stable enough for day-to-day use. | ||
+ | # Probably. | ||
+ | # | ||
+ | # No refunds will be given. | ||
+ | |||
+ | |||
+ | ############################################################################### | ||
+ | # Further Information | ||
+ | # | ||
+ | # See the snmpd.conf manual page, and the output of "snmpd -H". | ||
+ | # MUCH more can be done with the snmpd.conf than is shown as an | ||
+ | # example here. | ||
</pre> | </pre> |
Revision as of 13:39, 23 July 2007
General Information
Roentgen is the old physics server, which now hosts this wiki.
Hostnames: roentgen.unh.edu
, roentgen.farm.physics.unh.edu
Alias: physics.farm.physics.unh.edu
Network Configuration
Currently has ethernet cable to switch for local (farm) connection, and an ethernet cable to the wall for unh connection.
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0 HWADDR=00:E0:81:21:7D:B4 ONBOOT=yes BOOTPROTO=static IPADDR=132.177.88.61 NETMASK=255.255.252.0 GATEWAY=132.177.88.1
/etc/sysconfig/network-scripts/ifcfg-eth0:1
# Please read /usr/share/doc/initscripts-*/sysconfig.txt # for the documentation of these parameters. TYPE=Ethernet IPADDR=132.177.91.234 DEVICE=eth0:1 BOOTPROTO=none NETMASK=255.255.252.0 ONPARENT=yes USERCTL=no PEERDNS=yes
/etc/sysconfig/network-scripts/ifcfg-eth0:2
# Please read /usr/share/doc/initscripts-*/sysconfig.txt # for the documentation of these parameters. TYPE=Ethernet IPADDR=132.177.88.130 DEVICE=eth0:2 BOOTPROTO=none NETMASK=255.255.252.0 ONPARENT=yes USERCTL=no PEERDNS=yes
/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1 HWADDR=00:E0:81:21:7D:B5 ONBOOT=yes BOOTPROTO=static IPADDR=10.0.0.249 NETMASK=255.255.255.0
/etc/sysconfig/network-scripts/ifcfg-lo
DEVICE=lo IPADDR=127.0.0.1 NETMASK=255.0.0.0 NETWORK=127.0.0.0 # If you're having problems with gated making 127.0.0.0/8 a martian, # you can change this to something else (255.255.255.255, for example) BROADCAST=127.255.255.255 ONBOOT=yes NAME=loopback
Access Configuration
/etc/security/access.conf
# Allow direct root logins only from console and einstein + : root : LOCAL einstein.unh.edu lentil.unh.edu einstein.farm.physics.unh.edu lentil.farm.physics.unh.edu ennui.unh.edu # Allow su to cyrus mail server account + : cyrus : LOCAL # Allow only NPG users and administrators - : ALL EXCEPT tomcat4 dept staff faculty mri npg domain_admins dal testing web observatory : ALL
Backup Configuration
/etc/rsync-backup.conf
# Backups are 'pull' only. Too bad there isn't a better way to enforce this. read only = yes # Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other. uid = root # There's not much point in putting the superuser in a chroot jail # use chroot = no # This isn't really an effective "lock" per se, since the value is per-module, # but there really ought never be more than one, and it would at least # ensure serialized backups. max connections = 1 [var] path = /var comment = user and system storage filter = - /lib/bind/proc [srv] path = /srv comment = published content [usr_local] path = /usr/local comment = unpackaged software [opt] path = /opt comment = unpackaged software [etc] path = /etc comment = conf files [wheel] path = /wheel comment = admin files filter = \ : .rsync-filter \ + / \ + /kickstart \ + /custom \ + /docs \ + /gpg-pubkey \ + /scripts \ - /* \
SNMP Configuration
/etc/snmp/snmpd.conf
############################################################################### # # EXAMPLE.conf: # An example configuration file for configuring the ucd-snmp snmpd agent. # ############################################################################### # # This file is intended to only be an example. If, however, you want # to use it, it should be placed in SYSCONFDIR/share/snmp/snmpd.conf. # When the snmpd agent starts up, this is where it will look for it. # # You might be interested in generating your own snmpd.conf file using # the "snmpconf" program (perl script) instead. It's a nice menu # based interface to writing well commented configuration files. Try it! # # Note: This file is automatically generated from EXAMPLE.conf.def. # Do NOT read the EXAMPLE.conf.def file! Instead, after you have run # configure & make, and then make sure you read the EXAMPLE.conf file # instead, as it will tailor itself to your configuration. # All lines beginning with a '#' are comments and are intended for you # to read. All other lines are configuration commands for the agent. # # PLEASE: read the snmpd.conf(5) manual page as well! # ############################################################################### # Access Control ############################################################################### # YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY # KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO # SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. # By far, the most common question I get about the agent is "why won't # it work?", when really it should be "how do I configure the agent to # allow me to access it?" # # By default, the agent responds to the "public" community for read # only access, if run out of the box without any configuration file in # place. The following examples show you other ways of configuring # the agent so that you can change the community names, and give # yourself write access as well. # # The following lines change the access permissions of the agent so # that the COMMUNITY string provides read-only access to your entire # NETWORK (EG: 10.10.10.0/24), and read/write access to only the # localhost (127.0.0.1, not its real ipaddress). # # For more information, read the FAQ as well as the snmpd.conf(5) # manual page. #### # First, map the community name (COMMUNITY) into a security name # (local and mynetwork, depending on where the request is coming # from): # sec.name source community com2sec local localhost NPG com2sec mynetwork 10.0.0.0/24 NPG #### # Second, map the security names into group names: # sec.model sec.name group MyRWGroup v1 local group MyRWGroup v2c local group MyRWGroup usm local group MyROGroup v1 mynetwork group MyROGroup v2c mynetwork group MyROGroup usm mynetwork #### # Third, create a view for us to let the groups have rights to: # incl/excl subtree mask view all included .1 80 #### # Finally, grant the 2 groups access to the 1 view with different # write permissions: # context sec.model sec.level match read write notif access MyROGroup "" any noauth exact all none none access MyRWGroup "" any noauth exact all all none # ----------------------------------------------------------------------------- ############################################################################### # System contact information # # It is also possible to set the sysContact and sysLocation system # variables through the snmpd.conf file. **PLEASE NOTE** that setting # the value of these objects here makes these objects READ-ONLY # (regardless of any access control settings). Any attempt to set the # value of an object whose value is given here will fail with an error # status of notWritable. syslocation The Farm, UNH Physics, Durham, NH syscontact Dan Noe <dpn@physics.unh.edu> # Example output of snmpwalk: # % snmpwalk -v 1 -c public localhost system # system.sysDescr.0 = "SunOS name sun4c" # system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 # system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 # system.sysContact.0 = "Me <me@somewhere.org>" # system.sysName.0 = "name" # system.sysLocation.0 = "Right here, right now." # system.sysServices.0 = 72 # ----------------------------------------------------------------------------- ############################################################################### # Process checks. # # The following are examples of how to use the agent to check for # processes running on the host. The syntax looks something like: # # proc NAME [MAX=0] [MIN=0] # # NAME: the name of the process to check for. It must match # exactly (ie, http will not find httpd processes). # MAX: the maximum number allowed to be running. Defaults to 0. # MIN: the minimum number to be running. Defaults to 0. # # Examples: # # Make sure mountd is running proc mountd # Make sure there are no more than 4 ntalkds running, but 0 is ok too. proc ntalkd 4 # Make sure at least one sendmail, but less than or equal to 10 are running. proc sendmail 10 1 # A snmpwalk of the prTable would look something like this: # # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.PROCMIBNUM # enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 # enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 # enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 # enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" # enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" # enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" # enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 # enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 # enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 # enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 # enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 # enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 # enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 # enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 # enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 # enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." # enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" # enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" # enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 # enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 # enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 # # Note that the errorFlag for mountd is set to 1 because one is not # running (in this case an rpc.mountd is, but thats not good enough), # and the ErrMessage tells you what's wrong. The configuration # imposed in the snmpd.conf file is also shown. # # Special Case: When the min and max numbers are both 0, it assumes # you want a max of infinity and a min of 1. # # ----------------------------------------------------------------------------- ############################################################################### # Executables/scripts # # # You can also have programs run by the agent that return a single # line of output and an exit code. Here are two examples. # # exec NAME PROGRAM [ARGS ...] # # NAME: A generic name. # PROGRAM: The program to run. Include the path! # ARGS: optional arguments to be passed to the program # a simple hello world exec echotest /bin/echo hello world # Run a shell script containing: # # #!/bin/sh # echo hello world # echo hi there # exit 35 # # Note: this has been specifically commented out to prevent # accidental security holes due to someone else on your system writing # a /tmp/shtest before you do. Uncomment to use it. # #exec shelltest /bin/sh /tmp/shtest # Then, # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.SHELLMIBNUM # enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 # enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 # enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" # enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" # enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" # enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" # enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 # enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 # enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." # enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." # enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 # enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 # Note that the second line of the /tmp/shtest shell script is cut # off. Also note that the exit status of 35 was returned. # ----------------------------------------------------------------------------- exec .1.3.6.1.4.1.2021.5822.10 LM.Sensors /etc/snmp/sensormib.sh ############################################################################### # disk checks # # The agent can check the amount of available disk space, and make # sure it is above a set limit. # disk PATH [MIN=DEFDISKMINIMUMSPACE] # # PATH: mount path to the disk in question. # MIN: Disks with space below this value will have the Mib's errorFlag set. # Default value = DEFDISKMINIMUMSPACE. # Check the / partition and make sure it contains at least 10 megs. disk / 10000 disk /var 10000 # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.DISKMIBNUM # enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 # enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F # enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" # enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 # enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 # enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 # enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 # enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 # enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 # enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" # ----------------------------------------------------------------------------- ############################################################################### # load average checks # # load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE] # # 1MAX: If the 1 minute load average is above this limit at query # time, the errorFlag will be set. # 5MAX: Similar, but for 5 min average. # 15MAX: Similar, but for 15 min average. # Check for loads: load 12 14 14 # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.LOADAVEMIBNUM # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 # enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" # enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" # enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" # ----------------------------------------------------------------------------- ############################################################################### # Extensible sections. # # This alleviates the multiple line output problem found in the # previous executable mib by placing each mib in its own mib table: # Run a shell script containing: # # #!/bin/sh # echo hello world # echo hi there # exit 35 # # Note: this has been specifically commented out to prevent # accidental security holes due to someone else on your system writing # a /tmp/shtest before you do. Uncomment to use it. # # exec .EXTENSIBLEDOTMIB.50 shelltest /bin/sh /tmp/shtest # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.50 # enterprises.ucdavis.50.1.1 = 1 # enterprises.ucdavis.50.2.1 = "shelltest" # enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" # enterprises.ucdavis.50.100.1 = 35 # enterprises.ucdavis.50.101.1 = "hello world." # enterprises.ucdavis.50.101.2 = "hi there." # enterprises.ucdavis.50.102.1 = 0 # Now the Output has grown to two lines, and we can see the 'hi # there.' output as the second line from our shell script. # # Note that you must alter the mib.txt file to be correct if you want # the .50.* outputs above to change to reasonable text descriptions. # Other ideas: # # exec .EXTENSIBLEDOTMIB.51 ps /bin/ps # exec .EXTENSIBLEDOTMIB.52 top /usr/local/bin/top # exec .EXTENSIBLEDOTMIB.53 mailq /usr/bin/mailq # ----------------------------------------------------------------------------- ############################################################################### # Pass through control. # # Usage: # pass MIBOID EXEC-COMMAND # # This will pass total control of the mib underneath the MIBOID # portion of the mib to the EXEC-COMMAND. # # Note: You'll have to change the path of the passtest script to your # source directory or install it in the given location. # # Example: (see the script for details) # (commented out here since it requires that you place the # script in the right location. (its not installed by default)) # pass .EXTENSIBLEDOTMIB.255 /bin/sh PREFIX/local/passtest # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.255 # enterprises.ucdavis.255.1 = "life the universe and everything" # enterprises.ucdavis.255.2.1 = 42 # enterprises.ucdavis.255.2.2 = OID: 42.42.42 # enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 # enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 # enterprises.ucdavis.255.5 = 42 # enterprises.ucdavis.255.6 = Gauge: 42 # # % snmpget -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.5 # enterprises.ucdavis.255.5 = 42 # # % snmpset -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.1 s "New string" # enterprises.ucdavis.255.1 = "New string" # # For specific usage information, see the man/snmpd.conf.5 manual page # as well as the local/passtest script used in the above example. ############################################################################### # Subagent control # # The agent can support subagents using a number of extension mechanisms. # From the 4.2.1 release, AgentX support is being compiled in by default. # However, this is still experimental code, so should not be used on # critical production systems. # Please see the file README.agentx for more details. # # If having read, marked, learnt and inwardly digested this information, # you decide that you do wish to make use of this mechanism, simply # uncomment the following directive. # # master agentx # # I repeat - this is *NOT* regarded as suitable for front-line production # systems, though it is probably stable enough for day-to-day use. # Probably. # # No refunds will be given. ############################################################################### # Further Information # # See the snmpd.conf manual page, and the output of "snmpd -H". # MUCH more can be done with the snmpd.conf than is shown as an # example here.