MyWackoSite : snmp

Notes on Simple Network Management Protocol^[link1]

Hits : 4714

snmp security^[link2]

snmpget

# snmpget -v 1 -c public localhost hrSystemUptime.0

snmpwalk

# snmpwalk -v 2c -c public localhost hrSystemUptime

snmp v3

# net-snmp-create-v3-user 
Enter a SNMPv3 user name to create: 
snmpuser
Enter authentication pass-phrase: 
snmppass
Enter encryption pass-phrase: 
  [press return to reuse the authentication pass-phrase]

adding the following line to /var/lib/net-snmp/snmpd.conf:
   createUser snmpuser MD5 "snmppass" DES
adding the following line to /etc/snmp/snmpd.conf:
   rwuser snmpuser

# snmpwalk -v 3 -c public -u snmpuser  -a MD5 -A snmppass -x DES -X snmppass -l AuthNoPriv localhost

Community

change to something nobody knows:

com2sec notConfigUser  default       private

ACL

Remove v1 & v2c (for security reasons) ACL

## group  notConfigGroup v1   notConfigUser
## group  notConfigGroup v2c  notConfigUser

add a new network

# ebal, Sun Aug  4 19:00:11 EEST 2013
com2sec myebal  158.255.214.14/31       COMMUNITY

# ebal, Sun Aug  4 19:01:06 EEST 2013
group MyROGroup any     myebal

firewall

iptables -A INPUT -m state --state NEW -i eth1 -m udp -p udp --dport 161 -s 158.255.214.14/31 -j ACCEPT

Enable Disk Checks via snmp

vim /etc/snmp/snmpd.conf

disk / 10000

snmpwalk .1.3.6.1.4.1.2021.9.1 ............

Links

^[link1] http://www.net-snmp.org/

^[link2] http://net-snmp.sourceforge.net/wiki/index.php/TUT:Security

MyWackoSite: snmp