如何配置 snmpd.conf 文件以在 net-snmp 中使用 SET 命令？

Question

我已將 snmpd.conf 配置如下

com2sec AllUser default public
group AllGroup v2c AllUser
view AllView included .1
access AllGroup "" any noauth exact AllView none none

mibs +GET-PDU-INFO-MIB
mibs +NOTIFICATION-TEST-MIB

rocommunity private localhost
rwcommunity private localhost

pass .1.3.6.1.4.1.53864.1 /bin/sh /etc/snmp/pduMIBScript.sh

有路

/etc/snmp/snmpd.conf

所以在那之后我嘗試發送以下命令

1. 獲取下一個
2. 得到
3. 批量獲取
4. 走
5. 放

在嘗試了上述所有命令之后，我觀察到的一件事是，除了“Set”命令之外，所有命令都運行良好。

為了調試這個問題，我首先確認的是我試圖設置的變量在 MIB 文件中具有讀寫訪問權限。 我使用的 MIB 文件如下

GET-PDU-INFO-MIB DEFINITIONS ::= BEGIN

IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, enterprises FROM SNMPv2-SMI
;

pduInfo MODULE-IDENTITY
LAST-UPDATED "202005100000Z"
ORGANIZATION "XYZ"
CONTACT-INFO
     "postal:   admin @ admin"
DESCRIPTION
    "This Mib module defines objects for signal statistics"
REVISION     "202005100000Z"
DESCRIPTION
    "Corrected notification example definitions"
REVISION     "200202060000Z"
DESCRIPTION
    "First draft"
::= { enterprises 53864 }

--
-- top level structure
--
pduVar       OBJECT IDENTIFIER ::= { pduInfo 1 }

--
-- Example scalars
--

gpsVar1 OBJECT-TYPE
   SYNTAX      OCTET STRING
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "the latest value of signal"
   DEFVAL { "hello" }
   ::= { pduVar 1 }
   
   END

從 MIB 瀏覽器發送“SET”命令后，出現以下錯誤

“SET 命令問題”的原因是什么。 誰能幫我理解這背后的問題？

Answer 1

經過大量搜索，我終於找到了解決方案。 現在我編輯了 snmpd.conf 如下，

######################################################################## 
#######
# Access Control
#######################################################################

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in 
# place.  The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
#com2sec paranoid  default         public
#com2sec readonly  default         public
com2sec readwrite default         private

####
# Second, map the security names into group names:

#               sec.model  sec.name
#group MyROSystem v1        paranoid
#group MyROSystem v2c       paranoid
#group MyROSystem usm       paranoid
#group MyROGroup v1         readonly
#group MyROGroup v2c        readonly
#group MyROGroup usm        readonly
group MyRWGroup v1         readwrite
group MyRWGroup v2c        readwrite
group MyRWGroup usm        readwrite

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80
view system included  .iso.org.dod.internet.mgmt.mib-2.system

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
#access MyROSystem ""     any       noauth    exact  system none   none
#access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

# ------------------------------------------------------------------