SNMPD is the service running SNMP on a managed entity. SNMP comes in 3 versions. Version 1, the one we are going to use here is not secured, therefore we are going to make sure that only localhost is going to be able to access it.
People opening the service to the outside should make sure that trusted hosts can access the service either though the use of iptables or through the use of /etc/hosts.allow.
The NET-SNMP project provides various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. The snmpd package contains the snmpd and snmptrapd daemons, documentation, etc.
1.1. Installing the SNMP server
The only package which is required on the server site is snmpd, the SNMP daemon.
To install it type:
$ sudo apt-get install snmpd
snmpd is now installed but we still have to tweak it a little bit to make it work as we want.
1.2. Configuring SNMPD
The default configuration for snmpd is rather paranoid for security reasons. Edit /etc/snmp/snmpd.conf or run snmpconf to allow greater access. You can individually control whether or not snmpd and snmpdtrap are run by editing /etc/default/snmpd.
Edit /etc/snmp/snmpd.conf, enter:
# sudo gedit /etc/snmp/snmpd.conf
Edit or update file as follows:
smuxsocket 127.0.0.1 rocommunity setMeHere com2sec local localhost public group MyRWGroup v1 local group MyRWGroup v2c local group MyRWGroup usm local view all included .1 80 access MyRWGroup "" any noauth exact all all none com2sec notConfigUser default mrtg group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser view systemview included .220.127.116.11.2.1.1 view systemview included .18.104.22.168.22.214.171.124.1 view systemview included .1 80 access notConfigGroup "" any noauth exact systemview none none syslocation Athens Greece syscontact Ubuntu.gr <email@example.com>
See snmpd.conf(5) man page for details. Edit /etc/default/snmpd, enter:
# sudo gedit /etc/default/snmpd
Update it as follows:
# This file controls the activity of snmpd and snmptrapd # MIB directories. /usr/share/snmp/mibs is the default, but # including it here avoids some strange problems. export MIBDIRS=/usr/share/snmp/mibs # snmpd control (yes means start daemon). SNMPDRUN=yes # snmpd options (use syslog, close stdin/out/err). # SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid ' # snmptrapd control (yes means start daemon). As of net-snmp version # 5.0, master agentx support must be enabled in snmpd before snmptrapd # can be run. See snmpd.conf(5) for how to do this. TRAPDRUN=no # snmptrapd options (use syslog). TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid' # create symlink on Debian legacy location to official RFC path SNMPDCOMPAT=yes
Restart Snmpd Service
Type the following command:
# sudo /etc/init.d/snmpd restart
Restarting network management services: snmpd.
1.3. Checking SNMP configuration:
We are going to use the snmpwalk utility to verify that the server is working as wanted.
snmpwalk -v 1 -c mrtg 10.xxx.xxx.xxx
Should return a lot of output
How to configure SNMPv3 in ubuntu 13.10 server
Install SNMP server and client in ubuntu
Open the terminal and run the following command
sudo apt-get install snmpd snmp
After installation you need to do the following changes.
Configuring SNMPv3 in Ubuntu
Get access to the daemon from the outside.
The default installation only provides access to the daemon for localhost. In order to get access from the outside open the file /etc/default/snmpd in your favorite editor
sudo vi /etc/default/snmpd
Change the following line
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /var/run/snmpd.pid’
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf’
and restart snmpd
sudo /etc/init.d/snmpd restart
Define SNMPv3 users, authentication and encryption parameters
SNMPv3 can be used in a number of ways depending on the “securityLevel” configuration parameter:
noAuthNoPriv — No authorisation and no encryption, basically no security at all!
authNoPriv — Authorisation is required but collected data sent over the network is not encrypted.
authPriv — The strongest form. Authorisation required and everything sent over the network is encrypted.
The snmpd configuration settings are all saved in a file called /etc/snmp/snmpd.conf. Open this file in your editor as in:
sudo vi /etc/snmp/snmpd.conf
Add the following lines to the end of the file:
createUser user2 MD5 user2password
createUser user3 MD5 user3password DES user3encryption
rouser user1 noauth 126.96.36.199.2.1.1
rouser user2 auth 188.8.131.52.2.1
rwuser user3 priv 184.108.40.206.2.1
Note:- If you want to use your own username/password combinations you need to note that the password and encryption phrases should have a length of at least 8 characters
Also you need to do the following change so that snmp can listen for connections on all interfaces
Save your modified snmpd.conf file and restart the daemon with:
sudo /etc/init.d/snmpd restart