SNMP: Difference between revisions

From Newroco Tech Docs
Jump to navigationJump to search
Line 31: Line 31:
<pre>sudo nano /etc/snmp/snmpd.conf</pre>
<pre>sudo nano /etc/snmp/snmpd.conf</pre>


By default, the agent is configured to only listen to connections from the local machine. So we need to comment the following line:
By default, the '''agent''' is configured to only listen to connections from the local machine. So we need to comment the following line:


<pre>agentAddress  udp:127.0.0.1:161</pre>
<pre>agentAddress  udp:127.0.0.1:161</pre>
Line 51: Line 51:
<pre>rwuser bootstrap priv</pre>
<pre>rwuser bootstrap priv</pre>


offers read and write permissions (rwuser) and enforces him to use encription (priv).  
offers read and write permissions (rwuser) and enforces him to use encryption (priv).  


5) making a permanent user:
5) making a permanent user:
Line 72: Line 72:
authPriv -a MD5 -x DES -A temp_password -X temp_password #auth information. temp_password is the password set for the ''bootstrap'' user
authPriv -a MD5 -x DES -A temp_password -X temp_password #auth information. temp_password is the password set for the ''bootstrap'' user
remote_host # the IP of the '''agent''' machine
remote_host # the IP of the '''agent''' machine
create admin_user bootstrap # new users are created by templating old ones so here admin_user is created after bootstrap. </pre>
create admin_user bootstrap # new users are created by templating old ones so here ''admin_user'' is created after ''bootstrap''. </pre>


''admin_user'' now is created and functional, but has the same password as bootstrap. Here is how to change it:
''admin_user'' now is created and functional, but has the same password as ''bootstrap''. Here is how to change it:


<pre>snmpusm -u admin_user -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host passwd temp_password my_new_password</pre>
<pre>snmpusm -u admin_user -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host passwd temp_password my_new_password</pre>


Replace my_new_password with the password you want for your user.
Replace ''my_new_password'' with the password you want for your user.


6) Removing the ''bootstrap'' account.
6) Removing the ''bootstrap'' account.

Revision as of 13:41, 29 September 2017

WHAT IS SNMP

SNMP or Simple Network Management Protocol is used in order to have servers share information about their current state, and also as a channel through which an administer can modify pre-defined values. This page will demonstrate how to install, setup and use SNMP on a monitoring machine + client machine.


Install and configure SNMP

This instructions will refer to the monitoring machine as master and client as agent.

1) Firstly we need to install snmp and snmp-mibs-downloader on the master:

 sudo apt-get update
sudo apt-get install snmp snmp-mibs-downloader 

On the agent we dont't have to install snmp-mibs-downloader, so we shall omit it:

 sudo apt-get update
sudo apt-get install snmp 

2) Configuring the master won't take much time, we just have to comment the mibs line in it's conf file:

sudo nano /etc/snmp/snmp.conf

The mibs line shall look like this:

#mibs :

3) Configuring the agent takes a little more changes. Log in to that machine and access the snmpd.comf file:

sudo nano /etc/snmp/snmpd.conf

By default, the agent is configured to only listen to connections from the local machine. So we need to comment the following line:

agentAddress  udp:127.0.0.1:161

And uncomment the line that allows external connections:

#agentAddress udp:161,udp6:[::1]:161

Do not close this file yet, we still have some modifications to do.

4) Adding a temporary user:

Since SNMP does not come with an administrator user preconfigured, we have to make a temporary, improvised one in the .conf file. Add the next lines:

createUser bootstrap MD5 temp_password DES

This line creates a user named bootstrap with the password temp_password, and the following one:

rwuser bootstrap priv

offers read and write permissions (rwuser) and enforces him to use encryption (priv).

5) making a permanent user:

Now we have the improvised user bootstrap. Using this trick on a daily basis tho, is highly unrecommended so we will also prepare the creation of another one: admin_user(replace with the username you desire). Set this user with the same permissions and encription:

rwuser admin_user priv

Save and exit the .conf file. To activate the changes restart the SNMP service:

sudo service snmpd restart

Up next, return to the manager machine and create the admin_user account on the agent with:

snmpusm -u bootstrap -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host create admin_user bootstrap

Let's dissect the command a little:

snmpusm -u #user management tool
authPriv -a MD5 -x DES -A temp_password -X temp_password #auth information. temp_password is the password set for the ''bootstrap'' user
remote_host # the IP of the '''agent''' machine
create admin_user bootstrap # new users are created by templating old ones so here ''admin_user'' is created after ''bootstrap''. 

admin_user now is created and functional, but has the same password as bootstrap. Here is how to change it:

snmpusm -u admin_user -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host passwd temp_password my_new_password

Replace my_new_password with the password you want for your user.

6) Removing the bootstrap account.

Since keeping such an account is not recommended, we need to return to the agent machine and comment the lines we previously wrote:

#createUser bootstrap MD5 temp_password DES
#rwuser bootstrap priv

And restart the service:

sudo service snmpd restart

Now, to completely erase it, go back to the manager machine and run:

snmpusm remote_host delete bootstrap