OpenWRT snmpd v3 - snmpwalk authpriv Decryption error
net-snmp snmp OpenWRT
Linux
發布日期:   2020-09-01
文章字數:   575
閱讀時長:   3 分
閱讀次數:  

snmp.conf 設定檔

  • vim /etc/snmp/snmp.conf
createUser user MD5 "987654321" DES "123456789"
rouser user priv
rouser user2
agentAddress udp:0.0.0.0:161
exec .1.3.6.1.4.1.2021.51 ps /bin/ps
exec .1.3.6.1.4.1.2021.52 openssl /usr/bin/openssl x509 -in /etc/uhttpd.crt -noout -dates -fingerprint -inform der

snmpwalk 測試

  1. openWRT 端,執行snmpd -f -Le
  2. 測試端,執行snmpwalk -v3 -u user2 -l authNoPriv -a MD5 -A "987654321" -x DES -X 123456789 192.168.7.20,可正常運行
  3. 測試端,執行snmpwalk -v3 -u user -l authPriv -a MD5 -A "987654321" -x DES -X 123456789 192.168.7.20 .1.3.6.1.4.1.2021.52
iso.3.6.1.4.1.2021.52.1.0 = INTEGER: 1
iso.3.6.1.4.1.2021.52.2.1.2.8.99.97.95.99.104.101.99.107 = STRING: "/bin/sh"
iso.3.6.1.4.1.2021.52.2.1.3.8.99.97.95.99.104.101.99.107 = STRING: "/tmp/ca_check.sh"
iso.3.6.1.4.1.2021.52.2.1.4.8.99.97.95.99.104.101.99.107 = ""
iso.3.6.1.4.1.2021.52.2.1.5.8.99.97.95.99.104.101.99.107 = INTEGER: 5
iso.3.6.1.4.1.2021.52.2.1.6.8.99.97.95.99.104.101.99.107 = INTEGER: 1
iso.3.6.1.4.1.2021.52.2.1.7.8.99.97.95.99.104.101.99.107 = INTEGER: 1
iso.3.6.1.4.1.2021.52.2.1.20.8.99.97.95.99.104.101.99.107 = INTEGER: 4
iso.3.6.1.4.1.2021.52.2.1.21.8.99.97.95.99.104.101.99.107 = INTEGER: 1
iso.3.6.1.4.1.2021.52.3.1.1.8.99.97.95.99.104.101.99.107 = STRING: "/bin/sh: can't open '/tmp/ca_check.sh'"
iso.3.6.1.4.1.2021.52.3.1.2.8.99.97.95.99.104.101.99.107 = STRING: "/bin/sh: can't open '/tmp/ca_check.sh'"
iso.3.6.1.4.1.2021.52.3.1.3.8.99.97.95.99.104.101.99.107 = INTEGER: 1
iso.3.6.1.4.1.2021.52.3.1.4.8.99.97.95.99.104.101.99.107 = INTEGER: 2
iso.3.6.1.4.1.2021.52.4.1.2.8.99.97.95.99.104.101.99.107.1 = STRING: "/bin/sh: can't open '/tmp/ca_check.sh'"

發生問題

snmpwalk: Unknown engine ID
or
snmpwalk: Decryption error

Use option --with-openssl=internal

  • vim net-snmp/Makefile
diff --git a/net/net-snmp/Makefile b/net/net-snmp/Makefile
index 3446d151..9728478c 100644
--- a/net/net-snmp/Makefile
+++ b/net/net-snmp/Makefile
@@ -137,6 +137,7 @@ SNMP_MIB_MODULES_INCLUDED = \
        ucd-snmp/vmstat \
        util_funcs \
        utilities/execute \
+#      agent/extend \

 SNMP_MIB_MODULES_EXCLUDED = \
        agent_mibs \
@@ -180,7 +181,7 @@ CONFIGURE_ARGS += \
        --with-mib-modules="$(SNMP_MIB_MODULES_INCLUDED)" \
        --with-out-transports="$(SNMP_TRANSPORTS_EXCLUDED)" \
        --with-transports="$(SNMP_TRANSPORTS_INCLUDED)" \
-       --without-openssl \
+       --with-openssl=internal \
        --without-libwrap \
        --without-rpm \
        --without-zlib \

之後重 build, 即可使用 SNMPV3 authPriv。

reference :

  轉載請註明: YuYan's blog OpenWRT snmpd v3 - snmpwalk authpriv Decryption error

  目錄