Solaris SNMP: System Management Agent

From Genunix

Solaris 10 includes Net-SNMP under the name "System Management Agent", or SMA for short. Its a central componants of the Solaris 10 management interface:

$ svcs -a | grep -i management
disabled       Dec_24   svc:/application/management/seaport:default
disabled       Dec_24   svc:/application/management/snmpdx:default
disabled       Dec_24   svc:/application/management/webmin:default
disabled       Dec_24   svc:/application/management/sma:default
disabled       Dec_24   svc:/application/management/common-agent-container-1:default
online         Dec_24   svc:/application/management/wbem:default

In the above we see:

• Webmin: Heavily broken and ugly.
• SMA: Sun's modified Net-SNMP
• WBEM: The communications protocal for Sun's Management Console (SMC)
• common-agent-container-1: Cacao, a common Java container for JDMK/JMX based management solution
• snmpdx: The legacy Solstice Enterprise Agent (SEA) Master Agent.
• seaport: Unclear.. potentially a SEA/SMA Bridge.

Contents 1 Configuration 2 SNMP Security 3 Using HOST-RESOURCES-MIB 4 Sun MIBs 5 SMA Example Walks 5.1 vmstat_solaris2 5.2 memory_solaris2 5.3 diskio 6 Galaxy (SunFire X4100) MIBs 7 SNMPv3 User Management 8 See Also 9 Attribution

Configuration

The configuration is straight out of Net-SNMP with files moved around and renamed. The main config file is found here: /etc/sma/snmp/snmpd.conf

The following customizations are found in this configuration file:

• rocommunity public: Community name for Read-Only OIDs, optionally an ACL can be added to restrict access (ie: rocommunity public 10.0.0.0/24); "public" is the default
• rwcommunity private: Community name for Read-Write OIDs, optionally an ACL can be added to restrict access; "private" with lock down to localhost is default
• syslocation "System administrators office": System Location OID description
• syscontact "System administrator": System Contact OID description
• sysservices 72: Unknown.

Please also refer to:

• sma_snmp(5): SNMP Overview
• snmp_config(4): Overview of SNMP Configuration
• snmptrapd.conf(4): SNMP Trap setup and configuration
• snmp.conf(4)
• snmpd.conf(4) [1]

SNMP Security

Like it or not, SNMP IS INSECURE!. Is SMA going to be hacked? Maybe not, but it can supply lots of useful information that would give an attacker an advantage. For example, details on your network configuration, disk configuration, and full process list with arguments are visable to anyone when SMA is enabled by default. Should a use supply a password to MySQL on the command line (ie: mysql -uroot -pMyPass mydatabase) your sunk. Therefore, please ALWAYS use the following suggestions as appropriate:

• If you can, use SNMPv3 and disable SNMPv2. This is done by simply removing the rocommunity and rwcommunity directives from snmpd.conf.
• Use ACL's to limit who can talk to SMA. Example: rocommunity public 8.17.76.0/24. You can supply as many lines as you wish with the same or differing community names.
• At the absolute bare minimum, change the community string from "public" to something more obscure!

Using HOST-RESOURCES-MIB

The Host Resource MIB [2] has a variety of systems level information of interest to admins beyond the networking information provided by the RFC MIB's. Example:

root@aeon ~$ snmpwalk -v2c -c public 10.0.0.2 HOST-RESOURCES-MIB::hrStorageUsed
HOST-RESOURCES-MIB::hrStorageUsed.2 = INTEGER: 509280
HOST-RESOURCES-MIB::hrStorageUsed.3 = INTEGER: 246611
HOST-RESOURCES-MIB::hrStorageUsed.4 = INTEGER: 11464843
HOST-RESOURCES-MIB::hrStorageUsed.5 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.6 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.7 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.8 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.9 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.10 = INTEGER: 216
HOST-RESOURCES-MIB::hrStorageUsed.11 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.12 = INTEGER: 11464843
HOST-RESOURCES-MIB::hrStorageUsed.13 = INTEGER: 137
HOST-RESOURCES-MIB::hrStorageUsed.14 = INTEGER: 11
HOST-RESOURCES-MIB::hrStorageUsed.15 = INTEGER: 64748456
HOST-RESOURCES-MIB::hrStorageUsed.16 = INTEGER: 53
HOST-RESOURCES-MIB::hrStorageUsed.17 = INTEGER: 40
HOST-RESOURCES-MIB::hrStorageUsed.18 = INTEGER: 2128018
HOST-RESOURCES-MIB::hrStorageUsed.19 = INTEGER: 38
HOST-RESOURCES-MIB::hrStorageUsed.20 = INTEGER: 2097472
HOST-RESOURCES-MIB::hrStorageUsed.21 = INTEGER: 242497596
HOST-RESOURCES-MIB::hrStorageUsed.22 = INTEGER: 44
HOST-RESOURCES-MIB::hrStorageUsed.23 = INTEGER: 5134139
HOST-RESOURCES-MIB::hrStorageUsed.24 = INTEGER: 5134132
HOST-RESOURCES-MIB::hrStorageUsed.25 = INTEGER: 5134132

root@aeon ~$ snmpwalk -v2c -c public 10.0.0.2 HOST-RESOURCES-MIB::hrSystemProcesses
HOST-RESOURCES-MIB::hrSystemProcesses.0 = Gauge32: 137

root@aeon ~$ snmpwalk -v2c -c public 10.0.0.2 HOST-RESOURCES-MIB::hrMemorySize     
HOST-RESOURCES-MIB::hrMemorySize.0 = INTEGER: 2096692 KBytes

root@aeon ~$ snmpwalk -v2c -c public 10.0.0.2 HOST-RESOURCES-MIB::hrFSTable   
HOST-RESOURCES-MIB::hrFSIndex.1 = INTEGER: 1
HOST-RESOURCES-MIB::hrFSIndex.2 = INTEGER: 2
HOST-RESOURCES-MIB::hrFSIndex.3 = INTEGER: 3
HOST-RESOURCES-MIB::hrFSIndex.4 = INTEGER: 4
HOST-RESOURCES-MIB::hrFSIndex.5 = INTEGER: 5
HOST-RESOURCES-MIB::hrFSIndex.6 = INTEGER: 6
HOST-RESOURCES-MIB::hrFSIndex.7 = INTEGER: 7
HOST-RESOURCES-MIB::hrFSIndex.8 = INTEGER: 8
HOST-RESOURCES-MIB::hrFSIndex.9 = INTEGER: 9
HOST-RESOURCES-MIB::hrFSIndex.10 = INTEGER: 10
HOST-RESOURCES-MIB::hrFSIndex.11 = INTEGER: 11
HOST-RESOURCES-MIB::hrFSIndex.12 = INTEGER: 12
HOST-RESOURCES-MIB::hrFSIndex.13 = INTEGER: 13
HOST-RESOURCES-MIB::hrFSIndex.14 = INTEGER: 14
HOST-RESOURCES-MIB::hrFSIndex.15 = INTEGER: 15
HOST-RESOURCES-MIB::hrFSIndex.16 = INTEGER: 16
HOST-RESOURCES-MIB::hrFSIndex.17 = INTEGER: 17
HOST-RESOURCES-MIB::hrFSIndex.18 = INTEGER: 18
HOST-RESOURCES-MIB::hrFSIndex.19 = INTEGER: 19
HOST-RESOURCES-MIB::hrFSIndex.20 = INTEGER: 20
HOST-RESOURCES-MIB::hrFSIndex.21 = INTEGER: 21
HOST-RESOURCES-MIB::hrFSIndex.22 = INTEGER: 22
HOST-RESOURCES-MIB::hrFSMountPoint.1 = STRING: "/"
HOST-RESOURCES-MIB::hrFSMountPoint.2 = STRING: "/devices"
HOST-RESOURCES-MIB::hrFSMountPoint.3 = STRING: "/dev"
HOST-RESOURCES-MIB::hrFSMountPoint.4 = STRING: "/system/contract"
HOST-RESOURCES-MIB::hrFSMountPoint.5 = STRING: "/proc"
HOST-RESOURCES-MIB::hrFSMountPoint.6 = STRING: "/etc/mnttab"
HOST-RESOURCES-MIB::hrFSMountPoint.7 = STRING: "/etc/svc/volatile"
HOST-RESOURCES-MIB::hrFSMountPoint.8 = STRING: "/system/object"
HOST-RESOURCES-MIB::hrFSMountPoint.9 = STRING: "/lib/libc.so.1"
HOST-RESOURCES-MIB::hrFSMountPoint.10 = STRING: "/tmp"
HOST-RESOURCES-MIB::hrFSMountPoint.11 = STRING: "/var/run"
HOST-RESOURCES-MIB::hrFSMountPoint.12 = STRING: "/home/benr"
HOST-RESOURCES-MIB::hrFSMountPoint.13 = STRING: "/local"
HOST-RESOURCES-MIB::hrFSMountPoint.14 = STRING: "/local/zones"
HOST-RESOURCES-MIB::hrFSMountPoint.15 = STRING: "/local/zones/testing"
HOST-RESOURCES-MIB::hrFSMountPoint.16 = STRING: "/iscsi"
HOST-RESOURCES-MIB::hrFSMountPoint.17 = STRING: "/iscsi/benr"
HOST-RESOURCES-MIB::hrFSMountPoint.18 = STRING: "/iscsi/benr/mov"
HOST-RESOURCES-MIB::hrFSMountPoint.19 = STRING: "/zones"
HOST-RESOURCES-MIB::hrFSMountPoint.20 = STRING: "/zones/testing1"
HOST-RESOURCES-MIB::hrFSMountPoint.21 = STRING: "/zones/testing2"
HOST-RESOURCES-MIB::hrFSMountPoint.22 = STRING: "/zones/testing3"
...

Read through the MIB on the net at net-snmp.sourceforge.net or on your system here: /etc/sma/snmp/mibs/HOST-RESOURCES-MIB.txt.

Sun MIBs

SMA MIBs can be found in /etc/sma/snmp/mibs.

• SUN-FM-MIB.mib: Solaris Fault Management
• SUN-MIB.txt: Generic Sun Enterprises definition
• SUN-SEA-EXTENSIONS-MIB.txt: Sun Process data, etc.
• SUN-SEA-PROXY-MIB.txt: used to manage the snmpdx master agent daemon

To view which MIBs are initialized from an SMA instance use the following:

benr@ultra ~$ /usr/sfw/sbin/snmpd  -Dregister_mib -Dmib_init -L
register_mib: registering "bulk_to_next" at benr@ultra ~$ .0
register_mib: registering "bulk_to_next" at .1
register_mib: registering "bulk_to_next" at .2
mib_init: initializing: diskio
register_mib: registering "bulk_to_next" at iso.3.6.1.4.1.2021.13.15.1.1.1
register_mib: registering "bulk_to_next" at iso.3.6.1.4.1.2021.13.15.1.1.2
register_mib: registering "bulk_to_next" at iso.3.6.1.4.1.2021.13.15.1.1.3
register_mib: registering "bulk_to_next" at iso.3.6.1.4.1.2021.13.15.1.1.4
register_mib: registering "bulk_to_next" at iso.3.6.1.4.1.2021.13.15.1.1.5
register_mib: registering "bulk_to_next" at iso.3.6.1.4.1.2021.13.15.1.1.6
....

or,

benr@ultra ~$ /usr/sfw/bin/net-snmp-config --snmpd-module-list
ucd-snmp/diskio mibII/system_mib mibII/sysORTable mibII/at mibII/interfaces mibII/snmp_mib mibII/tcp mibII/icmp mibII/ip mibII/udp mibII/vacm_vars mibII/setSerialNo ucd-snmp/vmstat_solaris2 ucd-snmp/memory_solaris2 ucd-snmp/proc ucd-snmp/versioninfo ucd-snmp/pass ucd-snmp/pass_persist ucd-snmp/disk ucd-snmp/loadave ucd-snmp/extensible ucd-snmp/errormib ucd-snmp/file ucd-snmp/dlmod ucd-snmp/proxy snmpv3/snmpEngine snmpv3/snmpMPDStats snmpv3/usmStats snmpv3/usmUser notification/snmpNotifyTable notification/snmpNotifyFilterTable notification/snmpNotifyFilterProfileTable target/snmpTargetAddrEntry target/snmpTargetParamsEntry target/target target/target_counters agent/nsTransactionTable agent/nsModuleTable agentx/master agentx/subagent utilities/override host/hr_system host/hr_storage host/hr_device host/hr_other host/hr_proc host/hr_network host/hr_print host/hr_disk host/hr_partition host/hr_filesys host/hr_swrun host/hr_swinst disman/mteTriggerTable disman/mteTriggerDeltaTable disman/mteTriggerExistenceTable disman/mteTriggerBooleanTable disman/mteTriggerThresholdTable disman/mteObjectsTable disman/mteEventTable disman/mteEventNotificationTable util_funcs kernel_sunos5 mibII/tcpTable mibII/ipAddr mibII/var_route mibII/route_write mibII/udpTable mibII/vacm_context header_complex agentx/protocol agentx/client agentx/master_admin agentx/agentx_config

SMA Example Walks

vmstat_solaris2

benr@ultra ~$ snmpwalk -v2c -c public localhost  iso.3.6.1.4.1.2021.11
UCD-SNMP-MIB::ssIndex.0 = INTEGER: 1
UCD-SNMP-MIB::ssErrorName.0 = STRING: systemStats
UCD-SNMP-MIB::ssSwapIn.0 = INTEGER: 0
UCD-SNMP-MIB::ssSwapOut.0 = INTEGER: 0
UCD-SNMP-MIB::ssIOSent.0 = INTEGER: 0
UCD-SNMP-MIB::ssIOReceive.0 = INTEGER: 0
UCD-SNMP-MIB::ssSysInterrupts.0 = INTEGER: 442
UCD-SNMP-MIB::ssSysContext.0 = INTEGER: 271
UCD-SNMP-MIB::ssCpuUser.0 = INTEGER: 0
UCD-SNMP-MIB::ssCpuSystem.0 = INTEGER: 1
UCD-SNMP-MIB::ssCpuIdle.0 = INTEGER: 99
UCD-SNMP-MIB::ssCpuRawUser.0 = Counter32: 532708
UCD-SNMP-MIB::ssCpuRawSystem.0 = Counter32: 357814
UCD-SNMP-MIB::ssCpuRawIdle.0 = Counter32: 45296410
UCD-SNMP-MIB::ssCpuRawWait.0 = Counter32: 0
UCD-SNMP-MIB::ssCpuRawKernel.0 = Counter32: 357814
UCD-SNMP-MIB::ssIORawSent.0 = Counter32: 2059
UCD-SNMP-MIB::ssIORawReceived.0 = Counter32: 449698
UCD-SNMP-MIB::ssRawInterrupts.0 = Counter32: 284358041
UCD-SNMP-MIB::ssRawContexts.0 = Counter32: 214383316

memory_solaris2

benr@ultra ~$ snmpwalk -v2c -c public localhost iso.3.6.1.4.1.2021.4   
UCD-SNMP-MIB::memIndex.0 = INTEGER: 0
UCD-SNMP-MIB::memErrorName.0 = STRING: swap
UCD-SNMP-MIB::memTotalSwap.0 = INTEGER: 2096476
UCD-SNMP-MIB::memAvailSwap.0 = INTEGER: 2096476
UCD-SNMP-MIB::memTotalReal.0 = INTEGER: 4192820
UCD-SNMP-MIB::memAvailReal.0 = INTEGER: 246880
UCD-SNMP-MIB::memTotalFree.0 = INTEGER: 1908124
UCD-SNMP-MIB::memMinimumSwap.0 = INTEGER: 16000
UCD-SNMP-MIB::memSwapError.0 = INTEGER: 0
UCD-SNMP-MIB::memSwapErrorMsg.0 = STRING: 

diskio

benr@ultra ~$ snmpwalk -v2c -c public localhost iso.3.6.1.4.1.2021.13.15.1.1
UCD-DISKIO-MIB::diskIOIndex.1 = INTEGER: 1
UCD-DISKIO-MIB::diskIOIndex.2 = INTEGER: 2
UCD-DISKIO-MIB::diskIOIndex.3 = INTEGER: 3
UCD-DISKIO-MIB::diskIOIndex.4 = INTEGER: 4
UCD-DISKIO-MIB::diskIOIndex.5 = INTEGER: 5
UCD-DISKIO-MIB::diskIOIndex.6 = INTEGER: 6
UCD-DISKIO-MIB::diskIOIndex.7 = INTEGER: 7
UCD-DISKIO-MIB::diskIOIndex.8 = INTEGER: 8
UCD-DISKIO-MIB::diskIOIndex.9 = INTEGER: 9
UCD-DISKIO-MIB::diskIODevice.1 = STRING: sd3
UCD-DISKIO-MIB::diskIODevice.2 = STRING: sd0
UCD-DISKIO-MIB::diskIODevice.3 = STRING: sd4
UCD-DISKIO-MIB::diskIODevice.4 = STRING: sd5
UCD-DISKIO-MIB::diskIODevice.5 = STRING: sd2
UCD-DISKIO-MIB::diskIODevice.6 = STRING: sd1
UCD-DISKIO-MIB::diskIODevice.7 = STRING: sd8
UCD-DISKIO-MIB::diskIODevice.8 = STRING: sd6
UCD-DISKIO-MIB::diskIODevice.9 = STRING: sd7
UCD-DISKIO-MIB::diskIONRead.1 = Counter32: 107606
UCD-DISKIO-MIB::diskIONRead.2 = Counter32: 4152901206
UCD-DISKIO-MIB::diskIONRead.3 = Counter32: 3442596454
UCD-DISKIO-MIB::diskIONRead.4 = Counter32: 3437274726
UCD-DISKIO-MIB::diskIONRead.5 = Counter32: 578270
UCD-DISKIO-MIB::diskIONRead.6 = Counter32: 3158
UCD-DISKIO-MIB::diskIONRead.7 = Counter32: 17494
UCD-DISKIO-MIB::diskIONRead.8 = Counter32: 17494
UCD-DISKIO-MIB::diskIONRead.9 = Counter32: 17494
UCD-DISKIO-MIB::diskIONWritten.1 = Counter32: 0
UCD-DISKIO-MIB::diskIONWritten.2 = Counter32: 36806144
UCD-DISKIO-MIB::diskIONWritten.3 = Counter32: 1792765952
UCD-DISKIO-MIB::diskIONWritten.4 = Counter32: 1818279424
UCD-DISKIO-MIB::diskIONWritten.5 = Counter32: 0
UCD-DISKIO-MIB::diskIONWritten.6 = Counter32: 0
UCD-DISKIO-MIB::diskIONWritten.7 = Counter32: 0
UCD-DISKIO-MIB::diskIONWritten.8 = Counter32: 0
UCD-DISKIO-MIB::diskIONWritten.9 = Counter32: 0
UCD-DISKIO-MIB::diskIOReads.1 = Counter32: 250
UCD-DISKIO-MIB::diskIOReads.2 = Counter32: 477630
UCD-DISKIO-MIB::diskIOReads.3 = Counter32: 40835
UCD-DISKIO-MIB::diskIOReads.4 = Counter32: 40495
UCD-DISKIO-MIB::diskIOReads.5 = Counter32: 166
UCD-DISKIO-MIB::diskIOReads.6 = Counter32: 12
UCD-DISKIO-MIB::diskIOReads.7 = Counter32: 9
UCD-DISKIO-MIB::diskIOReads.8 = Counter32: 9
UCD-DISKIO-MIB::diskIOReads.9 = Counter32: 9
UCD-DISKIO-MIB::diskIOWrites.1 = Counter32: 40
UCD-DISKIO-MIB::diskIOWrites.2 = Counter32: 23754
UCD-DISKIO-MIB::diskIOWrites.3 = Counter32: 427836
UCD-DISKIO-MIB::diskIOWrites.4 = Counter32: 427029
UCD-DISKIO-MIB::diskIOWrites.5 = Counter32: 302
UCD-DISKIO-MIB::diskIOWrites.6 = Counter32: 6
UCD-DISKIO-MIB::diskIOWrites.7 = Counter32: 6
UCD-DISKIO-MIB::diskIOWrites.8 = Counter32: 6
UCD-DISKIO-MIB::diskIOWrites.9 = Counter32: 6

Galaxy (SunFire X4100) MIBs

The following MIBs are used in conjunction with Galaxy systems:

• SUN-ILOM-PET-EVENTS.mib
• SUN-PLATFORM-MIB.mib
• SUN-ILOM-CONTROL-MIB.mib

The ILOM also supports the following standard MIBs:

• ENTITY-MIB
• SNMPv3-MIB
• SNMP-FRAMEWORK-MIB
• SNMP-USER-BASED-SM-MIB
• SNMP-MPD-MIB

IMPORTANT: SUN-PLATFORM-MIB depends on ENTITY-MIB.

Standard MIBs can be downloaded from ietf.org.

Download the MIB files in the "common_files" package on the Companion CD with your system. For X4100 go here: Sun Fire X4100 M2 and Sun Fire X4200 M2 Software 1.2

SNMPv3 User Management

Please refer to SNMP for SNMPv3 concepts before proceeding!

SNMPv3 adds user management, integrity checking, encryption, and the concept of "views" to SNMP replacing community names. User management is handled in one of two ways: snmpusm or net-snmp-config. Example:

root@ultra ~$ svcadm disable sma
root@ultra ~$ /usr/sfw/bin/net-snmp-config --create-snmpv3-user
Enter a SNMPv3 user name to create: 
benr
Enter authentication pass-phrase: 
thisismybond
Enter encryption pass-phrase: 
  [press return to reuse the authentication pass-phrase]

adding the following line to /var/sma_snmp/snmpd.conf:
   createUser benr MD5 "thisismybond" DES
adding the following line to /etc/sma/snmp/snmpd.conf:
   rwuser benr

root@ultra ~$ svcadm enable sma

benr@ultra ~$ snmpwalk -v 3 -a MD5 -A "thisismybond" -u benr -l authNoPriv localhost .1 | wc -l
    9007

For details on the User-Based Security Model (USM) used by SNMPv3 please refer to Using USM for Authentication and Message Privacy from the Solaris System Management Agent Administration Guide.

See Also

• Solaris System Management Agent Administration Guide
• The Cuddletech Guide to SNMP Programming
• Excllent Tutorial on Cacti and Extending Net-SNMP
• Cacti Scripts and Templates Forum
• SMA Utilized MIBS
• Solaris 10 and Net-SNMP (SMA)

Attribution

This content was donated by Joyent.