Lab 01 Network Management - jude-lindale/Wiki GitHub Wiki

Setting up web01:

  • Login to root on web01
  • Add a user with adduser jude and passwd jude to change the pass
  • Use usermod -aG wheel jude to give root perms
  • Use nmtui to set the hostname to web01-jude, ip to 10.0.5.200, gateway to 10.0.5.2, DNS to 10.0.5.5, and search domain to jl.local

Configuring SNMP:

  • Go to wks01 and go to pfsense via the browser (10.0.5.2)
  • Under "Services", go to SNMP
  • Enable it, keep the port to 161
  • Keep traps off and enable all of the modules
  • Set bind interface to LAN

Setting up nmon01:

  • Set the ip to 10.0.5.11, DNS to 10.0.5.5, add domain to the search suffix in network, and set hostname to nmon01-jude
  • Make a named root user
  • Use vi on /etc/ssh/sshd_config to change PermitRootLogin to no. Below, add AllowUsers jude.lindale-adm
  • SSH into jude@nmon01-jude via mgmt01

Installing snmp:

  • Use sudo yum install net-snmp-utils net-snmp to install SNMP.

  • Go to web01 and do the same

  • On web01 cd to /etc/snmp

  • Make a copy of snmpd.conf with cp snmpd.conf backup.conf

  • Edit snmpd.conf with vi

  • Delete all lines by typing gg then dG

  • Add these lines: com2sec myNetwork 10.0.5.0/24 SYS265 (next line) group myROGroup v2c myNetwork (next line) view all included .1 80 (next line) access - myROGroup "" any noauth exact all none none

  • Enable and start the snmpd service with systemctl enable snmpd and systemctl start snmpd

  • Check the status with systemctl status snmpd

  • Use firewall-cmd --add-port=161/udp --permanent to add port 161 and reload the firewall

  • On mgmt01, go under ad01 and add server roles/features to enable snmp, then do the same on mgmt01

  • Go to powershell and use Enter-PSSession ad02-jude to remotely use powershell

  • Change the firewall rules by enabling the "Remote Event Log Management" Firewall group using Set-NetFirewallRule -DisplayGroup "Remote Event Log - Management" -Enabled True

  • SNMP Service Security Properties on AD02

  • Go to ad01's Computer Management on mgmt01

  • Under Services, Security, SNMP, add SYS265 and nmon01-jude to accept

  • On nmon01, you should be able to use snmpwalk -Os -c SYS265 -v2c ad01-jude | wc -l and it should give a large number

SNMP

  • SNMP stands for 'Simple Network Management Protocol'
  • SNMP is a protocol that lies on the Application Layer of the TCP/IP model.
  • The job of SNMP is to gather information regarding the activity of network devices. This information can be bytes, packets, packets transmitted, the connection speed between devices, and the number of connections a web server receives. The way SNMP works is by sending messages, referred to as PDU's (protocol data units), to other devices on the network that will respond to these. These messages can be used to capture any data that the network administrator desires.

Source: https://www.helpsystems.com/resources/articles/snmp-basics-what-it-and-how-it-works https://www.ibm.com/docs/de/nsm/61.1?topic=view-snmp-query https://docs.oracle.com/cd/E19201-01/820-6413-13/SNMP_commands_reference_appendix.html