...
| Code Block |
|---|
# ssh onto the VM and navigate to /tmp/ directory:
ssh omkadmin@<FQDN_OR_IP>
cd /tmp/# install your favourite text editor, if not installed:
sudo yum install -y nano
# we will be customising 'privprotocol' entry in Table-Nodes.nmis to add 'aes256' and 'aes256c' as values,
CUSTOM_TABLE_NODES_FILE='/usr/local/nmis9/conf/Table-Nodes.nmis'
# so we copy file 'Table-Nodes.nmis' from 'conf-default' to 'conf':
cp /usr/local/nmis9/conf-default/Table-Nodes.nmis "${CUSTOM_TABLE_NODES_FILE}"
# find the line we need to edit - here we get line 153156 returned:
grep -nF "privprotocol" "${CUSTOM_TABLE_NODES_FILE}"
153156: { privprotocol => { header => 'SNMP Priv Proto',display => 'popup',value => ['des','aes','3des'],
# change "['des','aes','3des']" to "['des','aes','3des','aes256','aes256c']" in file '/usr/local/nmis9/conf/Table-Nodes.nmis' only editing line 153156:
sed -i -e "153s156s/\['des','aes','3des'\]/['des','aes','3des','aes256','aes256c']/" "${CUSTOM_TABLE_NODES_FILE}"
# check this has worked:
grep -nF "privprotocol" "${CUSTOM_TABLE_NODES_FILE}"
153156: { privprotocol => { header => 'SNMP Priv Proto',display => 'popup',value => ['des','aes','3des','aes256','aes256c'],
# restart nmis9d daemon:
sudo systemctl restart nmis9d
# check nmis9d has restarted:
sudo systemctl status nmis9d
● nmis9d.service - Opmantek NMIS9 Daemon
Loaded: loaded (/etc/systemd/system/nmis9d.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2021-03-05 04:35:30 UTC; 15s ago
Process: 5048 ExecStart=/usr/local/nmis9/bin/nmisd (code=exited, status=0/SUCCESS)
Process: 5006 ExecStartPre=/bin/sh -c sleep 30 (code=exited, status=0/SUCCESS)
Main PID: 5050 (nmisd.scheduler)
CGroup: /system.slice/nmis9d.service
├─5050 nmisd.scheduler
├─5051 nmisd.fping
├─5053 nmisd.worker.<idle>
├─5055 nmisd.worker.<idle>
├─5057 nmisd.worker.<idle>
├─5059 nmisd.worker.<idle>
├─5064 nmisd.worker.<idle>
├─5066 nmisd.worker.<idle>
├─5068 nmisd.worker.<idle>
├─5072 nmisd.worker.<idle>
├─5079 nmisd.worker.<idle>
└─5080 nmisd.worker.<idle>
Mar 05 04:35:00 omk-vm9-centos7 systemd[1]: Starting Opmantek NMIS9 Daemon...
Mar 05 04:35:30 omk-vm9-centos7 systemd[1]: Started Opmantek NMIS9 Daemon.
# fetch the patched version of Net::SNMP::Security::USM:
wget https://dl-nmis.opmantek.com/nmis9/jira/Net_SNMP_Security_USM_v4_0_1_patch/USM.pm
# sha512sum the file - we intend to validate the checksum:
sha512sum USM.pm
56dcc308d3575d7cd8548d6cb7bd176f52f17a3991a4856ddc7fcd58da26376a80fe52fb4f815a03f51303148cd2ccd0a08415d5305fd1470a8147968f109790 USM.pm
# fetch the sha512sum of USM.pm and cat it to check against the one we calculated above:
wget https://dl-nmis.opmantek.com/nmis9/jira/Net_SNMP_Security_USM_v4_0_1_patch/USM.pm.sha512
cat USM.pm.sha512
56dcc308d3575d7cd8548d6cb7bd176f52f17a3991a4856ddc7fcd58da26376a80fe52fb4f815a03f51303148cd2ccd0a08415d5305fd1470a8147968f109790 USM.pm
# check that sha512 checksums match ...
# once we are satisfied sha512 checksums do match, we find the copies of Net::SNMP::Security::USM to replace with the patched version:
sudo find / -type f -name "USM.pm" 2>/dev/null|grep -F "Net/SNMP/Security/"|grep -Fv "/usr/local/omk"
/usr/share/perl5/vendor_perl/Net/SNMP/Security/USM.pm
# move the original file aside and replace with the patched version
sudo mv /usr/share/perl5/vendor_perl/Net/SNMP/Security/USM.pm /usr/share/perl5/vendor_perl/Net/SNMP/Security/USM.pm.orig
sudo cp /tmp/USM.pm /usr/share/perl5/vendor_perl/Net/SNMP/Security/USM.pm
# restart nmis9d daemon:
sudo systemctl restart nmis9d
# check nmis9d has restarted:
sudo systemctl status nmis9d
● nmis9d.service - Opmantek NMIS9 Daemon
Loaded: loaded (/etc/systemd/system/nmis9d.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2021-03-05 04:56:07 UTC; 4s ago
Process: 7115 ExecStart=/usr/local/nmis9/bin/nmisd (code=exited, status=0/SUCCESS)
Process: 7069 ExecStartPre=/bin/sh -c sleep 30 (code=exited, status=0/SUCCESS)
Main PID: 7118 (nmisd.scheduler)
CGroup: /system.slice/nmis9d.service
├─7118 nmisd.scheduler
├─7119 nmisd.fping
├─7121 nmisd.worker.<idle>
├─7123 nmisd.worker.<idle>
├─7125 nmisd.worker.<idle>
├─7126 nmisd.worker.<idle>
├─7129 nmisd.worker.<idle>
├─7131 nmisd.worker.<idle>
├─7134 nmisd.worker.<idle>
├─7136 nmisd.worker.<idle>
├─7141 nmisd.worker.<idle>
└─7142 nmisd.worker.<idle>
Mar 05 04:55:36 omk-vm9-centos7 systemd[1]: Starting Opmantek NMIS9 Daemon...
Mar 05 04:56:07 omk-vm9-centos7 systemd[1]: Started Opmantek NMIS9 Daemon.
# Create a node that supports SNMPv3 AES256: Here we are creating a node that supports Cisco implementation 'aes256c'
# Please read wiki page https://community.opmantek.com/x/XwB4 with particular reference to 'Creation of Nodes' paragraph.
#
# first we create an ' NMIS9 node create' template at /tmp/node_create_template.json:
#
/usr/local/nmis9/admin/node_admin.pl act=mktemplate placeholder=1|tee /tmp/node_create_template.json
Created minimal template
Please see https://community.opmantek.com/display/opCommon/Common+Node+Properties for detailed descriptions of the properties.
{
"activated" : {
"NMIS" : "__REPLACE_ACTIVATED.NMIS__"
},
"cluster_id" : "__REPLACE_CLUSTER_ID__",
"configuration" : {
"authkey" : "__REPLACE_CONFIGURATION.AUTHKEY__",
"authpassword" : "__REPLACE_CONFIGURATION.AUTHPASSWORD__",
"authprotocol" : "__REPLACE_CONFIGURATION.AUTHPROTOCOL__",
"collect" : "__REPLACE_CONFIGURATION.COLLECT__",
"community" : "__REPLACE_CONFIGURATION.COMMUNITY__",
"group" : "__REPLACE_CONFIGURATION.GROUP__",
"host" : "__REPLACE_CONFIGURATION.HOST__",
"location" : "__REPLACE_CONFIGURATION.LOCATION__",
"model" : "__REPLACE_CONFIGURATION.MODEL__",
"netType" : "__REPLACE_CONFIGURATION.NETTYPE__",
"notes" : "__REPLACE_CONFIGURATION.NOTES__",
"ping" : "__REPLACE_CONFIGURATION.PING__",
"port" : "__REPLACE_CONFIGURATION.PORT__",
"privkey" : "__REPLACE_CONFIGURATION.PRIVKEY__",
"privpassword" : "__REPLACE_CONFIGURATION.PRIVPASSWORD__",
"privprotocol" : "__REPLACE_CONFIGURATION.PRIVPROTOCOL__",
"roleType" : "__REPLACE_CONFIGURATION.ROLETYPE__",
"threshold" : "__REPLACE_CONFIGURATION.THRESHOLD__",
"username" : "__REPLACE_CONFIGURATION.USERNAME__",
"version" : "__REPLACE_CONFIGURATION.VERSION__"
},
"name" : "__REPLACE_NAME__",
"uuid" : "__REPLACE_UUID__"
}
# Edit the information inside the template (i.e. change "__REPLACE_ACTIVE__" to "true") to correspond with the node you want to create then save it as a .json file.
# For the purposes of this example we have created /tmp/new_midgard.json
cp /tmp/node_create_template.json /tmp/new_midgard.json
# Now we edit and save our file, here /tmp/new_midgard.json, with our text editor:
nano /tmp/new_midgard.json
# Here is the json we've saved for new_midgard.json - we've replaced secure values with '<...>' - please ensure these values are completed appropriately in your case:
cat /tmp/new_midgard.json
cat new_midgard.json
{
"activated" : {
"NMIS" : "1"
},
"cluster_id" : "",
"configuration" : {
"authkey" : "",
"authpassword" : "<AN_AUTH_PASSWORD>",
"authprotocol" : "<sha_OR_md5>",
"collect" : "1",
"community" : "<A_COMMUNITY_STRING>",
"group" : "HeadOffice",
"host" : "<NODE_IP_ADDRESS>",
"location" : "Cloud",
"model" : "automatic",
"netType" : "wan",
"notes" : "Testing SNMPv3 AES256C Secure Network Management",
"ping" : "true",
"port" : "161",
"privkey" : "",
"privpassword" : "<A_PRIV_PASSWORD>",
"privprotocol" : "aes256c",
"roleType" : "distribution",
"threshold" : "true",
"username" : "<A_USERNAME>",
"version" : "snmpv3"
},
"name" : "<A_NODE_NAME>",
"uuid" : ""
}# Create our node:
/usr/local/nmis9/admin/node_admin.pl act=create node=midgard file=new_midgard.json
Successfully created node 73932a61-0492-41ed-882b-af113de74fd4 (midgard)
# Wait about 1 minute for the changes to take effecfteffect, then open NMIS9 GUI and check whether your new node is displaying 'nodestatus reachable' |
...