Cacti – The Networking Monitoring & Security Tool

Cacti – The Networking Monitoring & Security Tool

 

CACTI – As the official website states “ Cacti is a complete network graphing solution designed to harness the power of RRD TOOL’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices

In IT industries with 100’s of devices running on the network , CACTI proves to be the best solution for monitoring these devices for resource consumption on all grounds.

 

CACTI works on all versions of SNMP v 1 , v2c , v3 . To embed more security we have documented the use of SNMP V3 as all the communication in this scenario goes encrypted over the network.

 

INSTALLATION :

Cacti runs on a LAMP stack in Linux environment.

STEP 1 : Setting up the LAMP Stack in linux

Setting up LAMP stack on Ubuntu

1.1: APACHE – web server

sudo apt-get install apache2

1.2: My sql

sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql

sudo /usr/bin/mysql_secure_installation

1.3: Php

sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt

sudo nano /etc/apache2/mods-enabled/dir.conf

#Append the dir.conf file with these entries.

<IfModule mod_dir.c>

DirectoryIndex index.php index.html index.cgi index.pl index.php index.xhtml index.htm

</IfModule>

1.4: Restart apache web server

service apache2 restart

 

STEP 2 : Setting up the SNMP linux

SNMP – SIMPLE NETWORK MANAGEMENT PROTOCOL

SNMP allows you get information about various services , resource consumption , load , CPU cycles etc about the devices through snmp protocol . It runs on udp port 161 for the SNMP manager and Agent activities and uses UDP port 162 for TRAPS(alerts).

 

2.1 Setting up the SNMP agent

Agents are the devices from which we will be polling the data for cacti graphs . Agent response to the requests made by SNMP Manager .

2.1.1 Setting up snmp agent in linux (SNMP V3 configuration)

sudo apt-get install snmpd

sudo nano /etc/snmp/snmpd.conf

comment out agentAddress udp:127.0.0.1:161

and uncomment out agentAddress udp:161,udp6:[::1]:161

Add the line

view all included .1 80

Setup the communtiy name in the following line

rocommunity <your communtiy name > default

We are using bots as our community name :

rocommunity bots default

You can skip setting up community name if you want as the communtiy name is basically used in v2 c (community SNMP v2)

Add these lines for SNMP V3 username according to theirs rights

createUser lvl001

createUser lvl002 MD5 yourpassword

createUser lvl003 MD5 yourpassword DES yourkey

rouser lvl001 noauth 1.3.6.1.2.1.1

rouser lvl002 auth 1.3.6.1.2.1

rwuser lvl003 priv 1.3.6.1.2.1

Finally save the file and close it. You are done With the configuration .

2.1.2 Verifying SNMP V3 in linux

TO VERIFY ON SNMP Manager side

-> snmpwalk -v 3 -u lvl001 -l NoauthNoPriv host_address

-> snmpwalk -v 3 -u lvl002 -l NoauthNoPriv host_address

Output:

Error in packet

Reason: authorizationError (access denied to that object)

-> snmpwalk -v 3 -u lvl002 -l authNoPriv -a MD5 -A cactiwebinterfaceissecured host_address

-> snmpwalk -v 3 -u lvl003 -l authPriv -a MD5 -A cactiwebinterfaceissecured -x DES -X cactiwebinterfaceissupersecure host_address

2.1.3 SNIFING SNMP PACKETS WITH WIRESHARK

WIRESHARK Display Filters complete list of SNMP display filter fields can be found in the display filter reference.

Show only the SNMP based traffic:

snmp

Capture Filter

you cannot directly filter SNMP protocols while capturing.

However, if you know the UDP ports used (see above), you can filter on that ones.

Capture SNMP traffic over the default ports (161 and 162):

udp port 161 or udp port 162

 

 

akash-thakur-sector443

Akash Thakur

Leave a Reply

Your email address will not be published. Required fields are marked *