Notes on
Simple Network Management Protocol[link1]
Hits :
4743
snmp security[link2]
snmpget
# snmpget -v 1 -c public localhost hrSystemUptime.0
snmpwalk
# snmpwalk -v 2c -c public localhost hrSystemUptime
snmp v3
# net-snmp-create-v3-user
Enter a SNMPv3 user name to create:
snmpuser
Enter authentication pass-phrase:
snmppass
Enter encryption pass-phrase:
[press return to reuse the authentication pass-phrase]
adding the following line to /var/lib/net-snmp/snmpd.conf:
createUser snmpuser MD5 "snmppass" DES
adding the following line to /etc/snmp/snmpd.conf:
rwuser snmpuser
# snmpwalk -v 3 -c public -u snmpuser -a MD5 -A snmppass -x DES -X snmppass -l AuthNoPriv localhost
Community
change to something nobody knows:
com2sec notConfigUser default private
ACL
Remove v1 & v2c (for security reasons) ACL
## group notConfigGroup v1 notConfigUser
## group notConfigGroup v2c notConfigUser
add a new network
# ebal, Sun Aug 4 19:00:11 EEST 2013
com2sec myebal 158.255.214.14/31 COMMUNITY
# ebal, Sun Aug 4 19:01:06 EEST 2013
group MyROGroup any myebal
firewall
iptables -A INPUT -m state --state NEW -i eth1 -m udp -p udp --dport 161 -s 158.255.214.14/31 -j ACCEPT
Enable Disk Checks via snmp
vim /etc/snmp/snmpd.conf
disk / 10000
snmpwalk .1.3.6.1.4.1.2021.9.1 ............
[link2] http://net-snmp.sourceforge.net/wiki/index.php/TUT:Security