SNMP: Difference between revisions

From Newroco Tech Docs
Jump to navigationJump to search
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 8: Line 8:


This instructions will refer to the monitoring machine as '''master''' and client as '''agent'''.
This instructions will refer to the monitoring machine as '''master''' and client as '''agent'''.


1) Firstly we need to install snmp and snmp-mibs-downloader on the '''master''':
1) Firstly we need to install snmp and snmp-mibs-downloader on the '''master''':
----


<pre> sudo apt-get update
<pre> sudo apt-get update
Line 18: Line 21:
<pre> sudo apt-get update
<pre> sudo apt-get update
sudo apt-get install snmp </pre>
sudo apt-get install snmp </pre>


2) Configuring the '''master''' won't take much time, we just have to comment the mibs line in it's conf file:
2) Configuring the '''master''' won't take much time, we just have to comment the mibs line in it's conf file:
----


<pre>sudo nano /etc/snmp/snmp.conf</pre>
<pre>sudo nano /etc/snmp/snmp.conf</pre>
Line 26: Line 32:


<pre>#mibs :</pre>
<pre>#mibs :</pre>


3) Configuring the '''agent''' takes a little more changes. Log in to that machine and access the snmpd.comf file:
3) Configuring the '''agent''' takes a little more changes. Log in to that machine and access the snmpd.comf file:
----


<pre>sudo nano /etc/snmp/snmpd.conf</pre>
<pre>sudo nano /etc/snmp/snmpd.conf</pre>


By default, the agent is configured to only listen to connections from the local machine. So we need to comment the following line:
By default, the '''agent''' is configured to only listen to connections from the local machine. So we need to comment the following line:


<pre>agentAddress  udp:127.0.0.1:161</pre>
<pre>agentAddress  udp:127.0.0.1:161</pre>
Line 40: Line 49:


Do not close this file yet, we still have some modifications to do.
Do not close this file yet, we still have some modifications to do.


4) Adding a temporary user:
4) Adding a temporary user:
----


Since SNMP does not come with an administrator user preconfigured, we have to make a temporary, improvised one in the .conf file. Add the next lines:
Since SNMP does not come with an administrator user preconfigured, we have to make a temporary, improvised one in the .conf file. Add the next lines:
Line 51: Line 63:
<pre>rwuser bootstrap priv</pre>
<pre>rwuser bootstrap priv</pre>


offers read and write permissions (rwuser) and enforces him to use encription (priv).  
offers read and write permissions (rwuser) and enforces him to use encryption (priv).  
 
 
5) Making a permanent user:


5) making a permanent user:
----


Now we have the improvised user ''bootstrap''. Using this trick on a daily basis tho, is highly unrecommended so we will also prepare the creation of another one: ''admin_user''(replace with the username you desire). Set this user with the same permissions and encription:
Now we have the improvised user ''bootstrap''. Using this trick on a daily basis tho, is highly unrecommended so we will also prepare the creation of another one: ''admin_user''(replace with the username you desire). Set this user with the same permissions and encription:
Line 70: Line 85:


<pre>snmpusm -u #user management tool
<pre>snmpusm -u #user management tool
authPriv -a MD5 -x DES -A temp_password -X temp_password #auth information. temp_password is the password set for the ''bootstrap'' user
authPriv -a MD5 -x DES -A temp_password -X temp_password #auth information. temp_password is the password set for the bootstrap user
remote_host # the IP of the '''agent''' machine
remote_host # the IP of the agent machine
create admin_user bootstrap # new users are created by templating old ones so here admin_user is created after bootstrap. </pre>
create admin_user bootstrap # new users are created by templating old ones so here admin_user is created after bootstrap. </pre>


''admin_user'' now is created and functional, but has the same password as bootstrap. Here is how to change it:
''admin_user'' now is created and functional, but has the same password as ''bootstrap''. Here is how to change it:


<pre>snmpusm -u admin_user -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host passwd temp_password my_new_password</pre>
<pre>snmpusm -u admin_user -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host passwd temp_password my_new_password</pre>


Replace my_new_password with the password you want for your user.
Replace ''my_new_password'' with the password you want for your user.
 


6) Removing the ''bootstrap'' account.
6) Removing the ''bootstrap'' account.
----


Since keeping such an account is not recommended, we need to return to the '''agent''' machine and comment the lines we previously wrote:
Since keeping such an account is not recommended, we need to return to the '''agent''' machine and comment the lines we previously wrote:
Line 95: Line 113:


<pre>snmpusm remote_host delete bootstrap</pre>
<pre>snmpusm remote_host delete bootstrap</pre>
== Tips and Tricks ==
1) Client Configuration File
----
One thing that you can use to make accessing machines easier is the use of client configuration file. This is actually recording the autentication information in the .conf file of the '''master''', or hidden in your home directory. If you prefer the later, run the next commands first:
<pre>mkdir ~/.snmp
cd ~/.snmp</pre>
And edit with:
<pre> nano snmp.conf <pre>
Or if you want to edit the SNMP .comf file:
<pre>sudo nano /etc/snmp/snmp.conf</pre>
And paste the following:
<pre>
defSecurityName admin_user
defSecurityLevel authPriv
defAuthType MD5
defPrivType DES
defAuthPassphrase my_new_password
defPrivPassphrase my_new_password
</pre>
From now on, you can connect by simply running:
<pre>snmpget remote_host sysUpTime.0 # gets uptime</pre>
== Biblio ==
https://www.digitalocean.com/community/tutorials/an-introduction-to-snmp-simple-network-management-protocol

Latest revision as of 14:02, 29 September 2017

WHAT IS SNMP

SNMP or Simple Network Management Protocol is used in order to have servers share information about their current state, and also as a channel through which an administer can modify pre-defined values. This page will demonstrate how to install, setup and use SNMP on a monitoring machine + client machine.


Install and configure SNMP

This instructions will refer to the monitoring machine as master and client as agent.


1) Firstly we need to install snmp and snmp-mibs-downloader on the master:


 sudo apt-get update
sudo apt-get install snmp snmp-mibs-downloader 

On the agent we dont't have to install snmp-mibs-downloader, so we shall omit it:

 sudo apt-get update
sudo apt-get install snmp 


2) Configuring the master won't take much time, we just have to comment the mibs line in it's conf file:


sudo nano /etc/snmp/snmp.conf

The mibs line shall look like this:

#mibs :


3) Configuring the agent takes a little more changes. Log in to that machine and access the snmpd.comf file:


sudo nano /etc/snmp/snmpd.conf

By default, the agent is configured to only listen to connections from the local machine. So we need to comment the following line:

agentAddress  udp:127.0.0.1:161

And uncomment the line that allows external connections:

#agentAddress udp:161,udp6:[::1]:161

Do not close this file yet, we still have some modifications to do.


4) Adding a temporary user:


Since SNMP does not come with an administrator user preconfigured, we have to make a temporary, improvised one in the .conf file. Add the next lines:

createUser bootstrap MD5 temp_password DES

This line creates a user named bootstrap with the password temp_password, and the following one:

rwuser bootstrap priv

offers read and write permissions (rwuser) and enforces him to use encryption (priv).


5) Making a permanent user:


Now we have the improvised user bootstrap. Using this trick on a daily basis tho, is highly unrecommended so we will also prepare the creation of another one: admin_user(replace with the username you desire). Set this user with the same permissions and encription:

rwuser admin_user priv

Save and exit the .conf file. To activate the changes restart the SNMP service:

sudo service snmpd restart

Up next, return to the manager machine and create the admin_user account on the agent with:

snmpusm -u bootstrap -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host create admin_user bootstrap

Let's dissect the command a little:

snmpusm -u #user management tool
authPriv -a MD5 -x DES -A temp_password -X temp_password #auth information. temp_password is the password set for the bootstrap user
remote_host # the IP of the agent machine
create admin_user bootstrap # new users are created by templating old ones so here admin_user is created after bootstrap. 

admin_user now is created and functional, but has the same password as bootstrap. Here is how to change it:

snmpusm -u admin_user -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host passwd temp_password my_new_password

Replace my_new_password with the password you want for your user.


6) Removing the bootstrap account.


Since keeping such an account is not recommended, we need to return to the agent machine and comment the lines we previously wrote:

#createUser bootstrap MD5 temp_password DES
#rwuser bootstrap priv

And restart the service:

sudo service snmpd restart

Now, to completely erase it, go back to the manager machine and run:

snmpusm remote_host delete bootstrap


Tips and Tricks

1) Client Configuration File


One thing that you can use to make accessing machines easier is the use of client configuration file. This is actually recording the autentication information in the .conf file of the master, or hidden in your home directory. If you prefer the later, run the next commands first:

mkdir ~/.snmp
cd ~/.snmp

And edit with:

 nano snmp.conf <pre>

Or if you want to edit the SNMP .comf file:

<pre>sudo nano /etc/snmp/snmp.conf

And paste the following:

defSecurityName admin_user
defSecurityLevel authPriv
defAuthType MD5
defPrivType DES
defAuthPassphrase my_new_password
defPrivPassphrase my_new_password

From now on, you can connect by simply running:

snmpget remote_host sysUpTime.0 # gets uptime


Biblio

https://www.digitalocean.com/community/tutorials/an-introduction-to-snmp-simple-network-management-protocol