Network Management Lab - Zacham17/my-tech-journal GitHub Wiki

Summary

In this Lab, I installed SNMP services on servers across my virtual network.

Configuring SNMP on PfSense:

  • On a browser, navigate to the PfSense firewall configuration page.
  • Navigate to Services > SNMP
  • To set up SNMP, I checked the box to enable SNMP, Bound SNMP to the LAN interface and use my name for the System Contact. I also set a community string
  • After configuration, restart SNMP using the restart button

Disabling Root SSH access:

  • On a system with SSH installed, enter the command sudo vim /etc/ssh/sshd_config
  • Find the line in the file that reads "#PermitRootLogin yes", and change it to "PermitRootLogin no"
    • Make sure to remove the "#" to uncomment the line
  • Save the file
  • Restart ssh with sudo systemctl restart sshd.conf

Installing SNMP Client

  • Install SNMP client with the command sudo yum install net-snmp-utils
  • The snmpwalk command can be used to gather SNMP values.
    • The exact command I used was snmpwalk -Os -c SYS265 -v2c fw01-morris system, where SYS265 is the community string and fw01-morris is the system that is being queried

Installing SNMPD(an SNMP server)

  • Install SNMPD with the command sudo yum install net-snmp-utils net-snmp
  • If you wish to make changes to the configuration file, it is located at /etc/snmp/snmpd.conf
  • You may need to enable access to ports through the firewall depending on your purposes.

Installing SNMP through server manager

  • On Server Manager, navigate to Add Roles and Features
  • Select the system to add SNMP to and then select SNMP the SNMP feature to install
  • Follow through with the installation process

Enabling Remote Computer Management

  • Using RSAT, right click the Server you wish to manage and invoke a remote PowerShell window
  • Type the following command Set-NetFirewallRule -DisplayGroup "Remote Event Log management" -Enabled True to allow the system to be managed remotely
  • Back in RSAT, right click the server you wish to manage and select Computer Management
  • You can now navigate to services and configure what you need.
  • To configure SNMP Service, navigate to the services panel and go to properties of SNMP service. Go to the security tab, set the community string and put in the hostname of the system with the SNMP client installed

Using tcpdump to capture packets

  • On a system type the command, sudo tcpdump -i INTERFACENAME port PORTNUMBER -c10 AAA
    • This will output the first ten packets that TCP captures in ASCII format
  • On another system with SNMP client, query the system running tcpdump
  • Go back to the system running tcpdump and you will see the packets that have been captured.