Skip to main content

Extending SNMP to run arbitrary shell script

Why are we here...

This is not likely something I would have pursued under normal circumstances.  I happen to be working for a customer/client who is not afforded a lot of flexibility to accomplish their goals.  In this case, the rigor is justified.  They have to sometimes be fairly creative with how they solve problems.

In this case they would like to utilize an existing snmp implementation to execute a command (or shell script) on a remote system.  They came to me with the idea of using Net-SNMP extend.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sect-System_Monitoring_Tools-Net-SNMP-Extending.html

NOTE:  This is NOT a good implementation strategy in the "real world"  it will simply allow you to test the functionality.  There are a TON of security implications which would need to be taken in to consideration.

Implementation Steps:

[root@rh7tst01 ~]# yum -y install net-snmp net-snmp-utils
[root@rh7tst01 ~]# cd /etc/snmp
[root@rh7tst01 snmp]# grep -v \# snmpd.conf | grep -v ^$
com2sec notConfigUser  default       public
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1
view    systemview included   .1
access  notConfigGroup ""      any       noauth    exact  systemview none none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
dontLogTCPWrappersConnects yes

-- Update/create snmpd.local.conf
[root@rh7tst01 snmp]# grep -v \# snmpd.local.conf
syscontact James Radtke <root@localhost>
syslocation Laptop, Virtual Machine

extend sshd_pids /usr/local/bin/check_proc.sh sshd

-- Restart and enable snmpd
[root@rh7tst01 snmp]# systemctl restart snmpd
[root@rh7tst01 snmp]# systemctl enable $_

-- Update the firewall
[root@rh7tst01 snmp]# firewall-cmd --permanent --add-port=161/udp
[root@rh7tst01 snmp]# firewall-cmd --reload
[root@rh7tst01 snmp]# cat /usr/local/bin/check_procs.sh
#!/bin/sh

 PATTERN=$1
NUMPIDS=`pgrep $PATTERN | wc -l`

 echo "There are $NUMPIDS $PATTERN processes."
exit $NUMPIDS


Test your config

[root@rh7tst01 snmp]# snmpwalk -v 2c -c public localhost NET-SNMP-EXTEND-MIB::nsExtendObjects
NET-SNMP-EXTEND-MIB::nsExtendNumEntries.0 = INTEGER: 1
NET-SNMP-EXTEND-MIB::nsExtendCommand."sshd_pids" = STRING: /usr/local/bin/check_proc.sh
NET-SNMP-EXTEND-MIB::nsExtendArgs."sshd_pids" = STRING: sshd
NET-SNMP-EXTEND-MIB::nsExtendInput."sshd_pids" = STRING: 
NET-SNMP-EXTEND-MIB::nsExtendCacheTime."sshd_pids" = INTEGER: 5
NET-SNMP-EXTEND-MIB::nsExtendExecType."sshd_pids" = INTEGER: exec(1)
NET-SNMP-EXTEND-MIB::nsExtendRunType."sshd_pids" = INTEGER: run-on-read(1)
NET-SNMP-EXTEND-MIB::nsExtendStorage."sshd_pids" = INTEGER: permanent(4)
NET-SNMP-EXTEND-MIB::nsExtendStatus."sshd_pids" = INTEGER: active(1)
NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."sshd_pids" = STRING: There are 2 sshd processes.
NET-SNMP-EXTEND-MIB::nsExtendOutputFull."sshd_pids" = STRING: There are 2 sshd processes.
NET-SNMP-EXTEND-MIB::nsExtendOutNumLines."sshd_pids" = INTEGER: 1
NET-SNMP-EXTEND-MIB::nsExtendResult."sshd_pids" = INTEGER: 2
NET-SNMP-EXTEND-MIB::nsExtendOutLine."sshd_pids".1 = STRING: There are 2 sshd processes.

-- Now, figure out the OID location
[root@rh7tst01 ~]# snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutLine
.1.3.6.1.4.1.8072.1.3.2.4.1.2

-- Poll the OID
[root@rh7tst01 ~]# snmpwalk -v 2c -c public localhost .1.3.6.1.4.1.8072.1.3.2.4.1.2
NET-SNMP-EXTEND-MIB::nsExtendOutLine."sshd_pids".1 = STRING: There are 4 sshd processes.

SNMP Foo

Review the man pages for the following helpful commands:
snmpd -H
snmpd -V -c /etc/snmp/snmpd.conf
snmpconf -g basic_setup




References:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sect-System_Monitoring_Tools-Net-SNMP-Extending.html
http://www.net-snmp.org/docs/mibs/NET-SNMP-EXTEND-MIB.txt
Labels:

Comments

Post a Comment

Popular posts from this blog

P2V using dd for KVM-QEMU guest

Preface: I have certainly not exhaustively tested this process.  I had a specific need and found a specific solution that worked. Situation:  I was issued a shiny new laptop running Red Hat Enterprise Linux 7 (with Corp VPN, certs, Authentication configuration, etc...)  The image was great, but I needed more flexibility on my bare metal.  So, my goal was to P2V the corporate image so I could just run it as a VM. * Remove corporate drive and install new SSD * install corp drive in external USB-3 case * Install RHEL 7 on new SSD * dd old drive to a disk-image file in a temp location which will be an image which is the same size as your actual drive (unless you have enough space in your destination to contain a temp and converted image) * convert the raw disk-image to a qcow file while pushing it to the final location - this step should reduce the disk size - however, I believe it will only reduce/collapse zero-byte blocks (not just free space - i.e. if you de...
1 comment
Read more

Sun USS 7100 foo

TIP: put ALL of your LUNs into a designated TARGET and INITIATOR group when you create them.  If you leave them in the "default" group, then everything that does an discovery against the array will find them :-( I'm struggling to recognize a reason that a default should even be present on the array. Also - who, exactly, is Sun trying to kid.  The USS is simply a box.. running Solaris .. with IPMP and ZFS.  Great.  If you have ever attempted to "break-in" or "p0wn" your IBM HMC, you know that there are people out there that can harden a box - then.. there's Sun.  After a recent meltdown at the office I had to get quite intimate with my USS 7110 and learned quite a bit.  Namely: there's a shell ;-) My current irritation is how they attempt to "warn you" away from using the shell (my coverage expired a long time ago to worry about that) and then how they try to hide things, poorly. I was curious as to what version of SunOS it ...
1 comment
Read more