SNMP

From Newroco Tech Docs
Jump to navigationJump to search

WHAT IS SNMP

SNMP or Simple Network Management Protocol is used in order to have servers share information about their current state, and also as a channel through which an administer can modify pre-defined values. This page will demonstrate how to install, setup and use SNMP on a monitoring machine + client machine.


Install and configure SNMP

This instructions will refer to the monitoring machine as master and client as agent.


1) Firstly we need to install snmp and snmp-mibs-downloader on the master:


 sudo apt-get update
sudo apt-get install snmp snmp-mibs-downloader 

On the agent we dont't have to install snmp-mibs-downloader, so we shall omit it:

 sudo apt-get update
sudo apt-get install snmp 


2) Configuring the master won't take much time, we just have to comment the mibs line in it's conf file:


sudo nano /etc/snmp/snmp.conf

The mibs line shall look like this:

#mibs :


3) Configuring the agent takes a little more changes. Log in to that machine and access the snmpd.comf file:


sudo nano /etc/snmp/snmpd.conf

By default, the agent is configured to only listen to connections from the local machine. So we need to comment the following line:

agentAddress  udp:127.0.0.1:161

And uncomment the line that allows external connections:

#agentAddress udp:161,udp6:[::1]:161

Do not close this file yet, we still have some modifications to do.


4) Adding a temporary user:


Since SNMP does not come with an administrator user preconfigured, we have to make a temporary, improvised one in the .conf file. Add the next lines:

createUser bootstrap MD5 temp_password DES

This line creates a user named bootstrap with the password temp_password, and the following one:

rwuser bootstrap priv

offers read and write permissions (rwuser) and enforces him to use encryption (priv).


5) Making a permanent user:


Now we have the improvised user bootstrap. Using this trick on a daily basis tho, is highly unrecommended so we will also prepare the creation of another one: admin_user(replace with the username you desire). Set this user with the same permissions and encription:

rwuser admin_user priv

Save and exit the .conf file. To activate the changes restart the SNMP service:

sudo service snmpd restart

Up next, return to the manager machine and create the admin_user account on the agent with:

snmpusm -u bootstrap -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host create admin_user bootstrap

Let's dissect the command a little:

snmpusm -u #user management tool
authPriv -a MD5 -x DES -A temp_password -X temp_password #auth information. temp_password is the password set for the bootstrap user
remote_host # the IP of the agent machine
create admin_user bootstrap # new users are created by templating old ones so here admin_user is created after bootstrap. 

admin_user now is created and functional, but has the same password as bootstrap. Here is how to change it:

snmpusm -u admin_user -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host passwd temp_password my_new_password

Replace my_new_password with the password you want for your user.


6) Removing the bootstrap account.


Since keeping such an account is not recommended, we need to return to the agent machine and comment the lines we previously wrote:

#createUser bootstrap MD5 temp_password DES
#rwuser bootstrap priv

And restart the service:

sudo service snmpd restart

Now, to completely erase it, go back to the manager machine and run:

snmpusm remote_host delete bootstrap


Tips and Tricks

1) Client Configuration File


One thing that you can use to make accessing machines easier is the use of client configuration file. This is actually recording the autentication information in the .conf file of the master, or hidden in your home directory. If you prefer the later, run the next commands first:

mkdir ~/.snmp
cd ~/.snmp

And edit with:

 nano snmp.conf <pre>

Or if you want to edit the SNMP .comf file:

<pre>sudo nano /etc/snmp/snmp.conf

And paste the following:

defSecurityName admin_user
defSecurityLevel authPriv
defAuthType MD5
defPrivType DES
defAuthPassphrase my_new_password
defPrivPassphrase my_new_password

From now on, you can connect by simply running:

snmpget remote_host sysUpTime.0 # gets uptime


Biblio

https://www.digitalocean.com/community/tutorials/an-introduction-to-snmp-simple-network-management-protocol