Wednesday, 14 May 2025

snmp configure in Ubuntu

 




apt install snmpd snmp libsnmp-dev


systemctl status snmpd

systemctl stop snmpd


Ufw port allow

=============

Ufw allow 161



Configuration file

===============

vim /etc/snmp/snmpd.conf



SNMPv2 Configure:

=================

nano /etc/snmp/snmpd.conf

agentaddress udp:127.0.0.1:161,udp:10.200.6.53:161,udp6:[::1]:161

rocommunity  TrianglE


Note : 10.200.6.53 –interface ip



SNMPv3 configure

==============

sudo ufw allow 161/udp


apt install snmpd snmp libsnmp-dev


systemctl stop snmpd


nano /etc/snmp/snmpd.conf

======================

#add below line

agentaddress udp:161,udp6:[::1]:161



--create snmpv3 user

sudo net-snmp-config --create-snmpv3-user -ro -A "SHA%%%%^^^123" -X "AES%%%%^^^123" -a SHA-512 -x AES Usr.TrianglE

systemctl start snmpd





Verify:

— this for snmp v2 check

snmpwalk -v2c -c <community> 127.0.0.1


snmpwalk -Os -c <community> -v 2c <des-ip>

Posted by at No comments:
Labels:

firewall-cmd on Centos7

 You can add the ports with the following command:
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --reload

SMTP port allow:
firewall-cmd --permanent --add-port=25/tcp
firewall-cmd --permanent --add-port=25/udp
firewall-cmd --reload

HTTP 8080 Port allow:
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=8080/udp
firewall-cmd --reload

You can add the service with the following command:
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=telnet
firewall-cmd --permanent --add-service=smtp
firewall-cmd --permanent --add-service=snmp


You can print the whole Firewalld configuration with the following command:
firewall-cmd --list-all

to see what services are allowed to have open ports:
firewall-cmd --list-services
firewall-cmd --list-ports

You can remove the service with the following command:
firewall-cmd --permanent --remove-service=ssh
firewall-cmd --permanent --remove-service=telnet
firewall-cmd --permanent --remove-service=dns
firewall-cmd --permanent --remove-service=dhcpv6-client


check open port from another server:
nmap -sT 113.21.228.1



--to check firewalld stop/start/status
systemctl stop firewalld
systemctl start firewalld
systemctl status firewalld


--Disable the FirewallD service to start automatically on system boot:
systemctl disable firewalld











Rich Rules:





-- Add Rich Rule
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="113.21.229.224/27" port port="804" protocol="tcp" accept'
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv6" source address="2400:f940::/32" port port="804" protocol="tcp" accept'
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="0.0.0.0/0" port port="804" protocol="tcp" reject'
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv6" source address="::/0" port port="804" protocol="tcp" reject'

--Check Rich Rule
firewall-cmd --list-rich-rules

--Remove Rich Rule
firewall-cmd --permanent --zone=public --remove-rich-rule 'rule family="ipv4" source address="0.0.0.0/0" port port="804" protocol="tcp" reject'
firewall-cmd --permanent --zone=public --remove-rich-rule 'rule family="ipv6" source address="::/0" port port="804" protocol="tcp" reject'

Posted by at No comments:
Labels:

How to Remove a deb package


Get the package complete name:
dpkg --list | grep partial_package_name*

Remove the package:
sudo apt-get remove package_name


Remove all the dependencies:
sudo apt-get purge package_name


Remove the unneeded packages that were once installed as a dependency:
sudo apt-get autoremove

Remove the retrieved packages from the local cache:
sudo apt-get autoclean

Check that it was completely removed:
dpkg --list | grep partial_package_name*


Finally, do a clean so you check everything is correctly removed

sudo apt-get clean

Posted by at No comments:
Labels:

ufw in Ubntu

 sudo ufw status --check the status
sudo ufw disable -- for disable
sudo ufw enable  -- for enable
sudo ufw reload  -- for rload
sudo ufw reset  -- for reset
sudo ufw app list -- to check app list
sudo ufw status numbered --list all of the current rules
sudo ufw status verbose



sudo ufw default deny incoming
sudo ufw default allow outgoing


--INstall UFW
sudo apt update
sudo apt install ufw

--Allow SSH accss
sudo ufw allow ssh
or
sudo ufw allow 22/tcp


How to add More Rules

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 25/tcp
sudo ufw allow https/tcp


--For radiusd
ufw allow 1812/tcp
ufw allow 1812/udp
ufw allow 1813/tcp
ufw allow 1813/udp
ufw allow 1521/tcp
ufw allow 1521/udp


You can allow port ranges too say, tcp and udp 4000 to 6000:
$ sudo ufw allow 4000:6000/tcp
$ sudo ufw allow 4000:6000/udp


How to reject port
$ sudo ufw reject in smtp
$ sudo ufw reject out smtp
$ sudo sudo ufw reject 1194 comment 'No more vpn traffic'
$ sudo ufw reject 23 comment 'Unencrypted port not allowed'



Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)