Notes on Simple Network Management Protocol



Hits : 4742


snmp security

snmpget


# snmpget -v 1 -c public localhost hrSystemUptime.0

snmpwalk


# snmpwalk -v 2c -c public localhost hrSystemUptime

snmp v3


# net-snmp-create-v3-user 
Enter a SNMPv3 user name to create: 
snmpuser
Enter authentication pass-phrase: 
snmppass
Enter encryption pass-phrase: 
  [press return to reuse the authentication pass-phrase]

adding the following line to /var/lib/net-snmp/snmpd.conf:
   createUser snmpuser MD5 "snmppass" DES
adding the following line to /etc/snmp/snmpd.conf:
   rwuser snmpuser


# snmpwalk -v 3 -c public -u snmpuser  -a MD5 -A snmppass -x DES -X snmppass -l AuthNoPriv localhost

Community


change to something nobody knows:


com2sec notConfigUser  default       private

ACL 


Remove v1 & v2c (for security reasons) ACL


## group  notConfigGroup v1   notConfigUser
## group  notConfigGroup v2c  notConfigUser


add a new network


# ebal, Sun Aug  4 19:00:11 EEST 2013
com2sec myebal  158.255.214.14/31       COMMUNITY

# ebal, Sun Aug  4 19:01:06 EEST 2013
group MyROGroup any     myebal

firewall


iptables -A INPUT -m state --state NEW -i eth1 -m udp -p udp --dport 161 -s 158.255.214.14/31 -j ACCEPT

Enable Disk Checks via snmp


vim /etc/snmp/snmpd.conf


disk / 10000


snmpwalk .1.3.6.1.4.1.2021.9.1 ............