# Listing 1: Konfiguration com2sec readonly default public group MyROGroup v2c readonly view all included .1 80 access MyROGroup "" any noauth exact all none none # Listing 2: IP-Verwaltung #!/bin/bash # alle IP-Adressen der Interfaces # zu IPTables hinzufügen for ip in `ifconfig | \ sed -n 's/.*inet addr:$[0-9\.]\+$.*/\1/p'`; do iptables -vnL traffic_in | grep $ip >/dev/null || \ iptables -A traffic_in -i ! lo -d $ip; iptables -vnL traffic_out | grep $ip >/dev/null || \ iptables -A traffic_out -o ! lo -s $ip; IPS="$IPS $ip" done # alle IP(Tables)-Adressen die zu # keinem Interface gehoeren entfernen for ip in `iptables -vnL traffic_out | sed '3,$!d' | \ awk '{print $7}'`; do echo $IPS | grep $ip >/dev/null || \ iptables -D traffic_out -s $ip -o ! lo; done for ip in `iptables -vnL traffic_in | sed '3,$!d' | \ awk '{print $8}'`; do echo $IPS | grep $ip >/dev/null || \ iptables -D traffic_in -d $ip -i ! lo; done # Listing 3: ipt_traffic_list.sh #!/bin/bash ips=`iptables -vxnL traffic_in | \ awk '{print $8}' | sed '3,$!d'` for ip in $ips; do echo $ip; done # gebe Anzahl zurück # Wert in OID .1.3.6.1.4.1.2021.49.100.1 exit `echo $ips | wc -w` # Listing 4: ipt_traffic_eval.sh #!/bin/bash [ $1 ] || exit iptables -vxnL traffic_$1 | sed '3,$!d' | \ awk '{print $2}' # Listing 5: snmpwalk-Ausgabe neo@matrix:~$ snmpwalk -On -v 2c -c \ public localhost .1.3.6.1.4.1.2021 .1.3.6.1.4.1.2021.49.1.1 = INTEGER: 1 .1.3.6.1.4.1.2021.49.2.1 = STRING: "iplist" .1.3.6.1.4.1.2021.49.3.1 = STRING: "ipt_traffic_iplist.sh" .1.3.6.1.4.1.2021.49.100.1 = INTEGER: 8 .1.3.6.1.4.1.2021.49.101.1 = STRING: "10.0.0.1" .1.3.6.1.4.1.2021.49.101.2 = STRING: "10.0.0.2" [...] # Listing 6: Data Query Get SNMP IPs Queries a host for a list of IPs with traffic monitored by iptables .1.3.6.1.4.1.2021.49.101 .1.3.6.1.4.1.2021.49.100.1 ipIP:ipIndex numeric |chosen_order_field| IP Address walk value input .1.3.6.1.4.1.2021.49.101 Incoming Traffic walk value output .1.3.6.1.4.1.2021.50.101 Outgoing Traffic walk value output .1.3.6.1.4.1.2021.51.101