Difference between revisions of "SNMP server configuration for Linux hosts"
From Notes_Wiki
(Created page with "=SNMP server configuration for Linux hosts= Steps: #Ensure that packages '<tt>net-snmp</tt>' and '<tt>net-snmp-utils</tt>' are installed. #Start snmpd service and enable it o...") |
m |
||
Line 46: | Line 46: | ||
Steps have been learned from http://www.cyberciti.biz/nixcraft/linux/docs/uniqlinuxfeatures/mrtg/mrtg_config_step_3.php | Steps have been learned from http://www.cyberciti.biz/nixcraft/linux/docs/uniqlinuxfeatures/mrtg/mrtg_config_step_3.php | ||
Back to [[SNMP server configuration]] |
Revision as of 00:58, 24 November 2012
SNMP server configuration for Linux hosts
Steps:
- Ensure that packages 'net-snmp' and 'net-snmp-utils' are installed.
- Start snmpd service and enable it on start-up using 'service snmpd start' and 'chkconfig snmpd on'
- Use command 'snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex' to query snmp server and list set of IP addresses assigned to it. Replace localhost with server IP and public with community name, if required. If server is already configured then interface list will get printed and we do not need to modify configuration. If nothing is printed then we can make following changes in configuration file '/etc/snmp/snmpd.conf':
- Find ' com2sec notConfigUser default public' and replace with
- com2sec local localhost public
- com2sec mynetwork 10.0.0.0/8 public
- com2sec mynetwork 172.16.0.0/12 public
- com2sec mynetwork 192.168.0.0/16 public
- Find 'group notConfigGroup v1 notConfigUser' and 'group notConfigGroup v2c notConfigUser' and replace with
- group MyRWGroup v1 local
- group MyRWGroup v2c local
- group MyRWGroup usm local
- group MyROGroup v1 mynetwork
- group MyROGroup v2c mynetwork
- group MyROGroup usm mynetwork
- Find 'view systemview included system' and replace with
- view all included .1
- Find 'access notConfigGroup "" any noauth exact systemview none none' and replace with
- access MyROGroup "" any noauth exact all none none
- access MyRWGroup "" any noauth exact all all none
- Find 'syslocation Unknown (edit /etc/snmp/snmpd.conf)' and 'syscontact Root (configure /etc/snmp/snmp.local.conf)' and replace with
- syslocation Lab320, 10.3.3.230, VM
- syscontact Saurabh Barjatiya <saurabh.barjatiya@iiit.ac.in>
- Find ' com2sec notConfigUser default public' and replace with
- Do 'service snmpd reload'
- Again check using 'snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex' and verify that IP address are getting listed. Replace localhost with server IP and public with community name, if required.
- We can also use 'snmpwalk -v 1 -c public localhost .1 | less' to see entire list of parameters that can be queried. WARNING: The list can be very large.
- Block incomging packets on UDP ports 161, 162 from unknown hosts which should not be able to query snmp-server installed on the host.
Note:
- We can create community other than public for additional security
- We can also restrict view to certain MIBs instead of allow view of all.
Steps have been learned from http://www.cyberciti.biz/nixcraft/linux/docs/uniqlinuxfeatures/mrtg/mrtg_config_step_3.php
Back to SNMP server configuration