Notes on Simple Network Management Protocol
snmpget
# snmpget -v 1 -c public localhost hrSystemUptime.0
snmpwalk
# snmpwalk -v 2c -c public localhost hrSystemUptime
snmp v3
# net-snmp-create-v3-user Enter a SNMPv3 user name to create: snmpuser Enter authentication pass-phrase: snmppass Enter encryption pass-phrase: [press return to reuse the authentication pass-phrase] adding the following line to /var/lib/net-snmp/snmpd.conf: createUser snmpuser MD5 "snmppass" DES adding the following line to /etc/snmp/snmpd.conf: rwuser snmpuser
# snmpwalk -v 3 -c public -u snmpuser -a MD5 -A snmppass -x DES -X snmppass -l AuthNoPriv localhost
Community
change to something nobody knows:
com2sec notConfigUser default private
ACL
Remove v1 & v2c (for security reasons) ACL
## group notConfigGroup v1 notConfigUser ## group notConfigGroup v2c notConfigUser
add a new network
# ebal, Sun Aug 4 19:00:11 EEST 2013 com2sec myebal 158.255.214.14/31 COMMUNITY # ebal, Sun Aug 4 19:01:06 EEST 2013 group MyROGroup any myebal
firewall
iptables -A INPUT -m state --state NEW -i eth1 -m udp -p udp --dport 161 -s 158.255.214.14/31 -j ACCEPT
Enable Disk Checks via snmp
vim /etc/snmp/snmpd.conf
disk / 10000
snmpwalk .1.3.6.1.4.1.2021.9.1 ............