SNMP
WHAT IS SNMP
SNMP or Simple Network Management Protocol is used in order to have servers share information about their current state, and also as a channel through which an administer can modify pre-defined values. This page will demonstrate how to install, setup and use SNMP on a monitoring machine + client machine.
Install and configure SNMP
This instructions will refer to the monitoring machine as master and client as agent.
1) Firstly we need to install snmp and snmp-mibs-downloader on the master:
sudo apt-get update sudo apt-get install snmp snmp-mibs-downloader
On the agent we dont't have to install snmp-mibs-downloader, so we shall omit it:
sudo apt-get update sudo apt-get install snmp
2) Configuring the master won't take much time, we just have to comment the mibs line in it's conf file:
sudo nano /etc/snmp/snmp.conf
The mibs line shall look like this:
#mibs :
3) Configuring the agent takes a little more changes. Log in to that machine and access the snmpd.comf file:
sudo nano /etc/snmp/snmpd.conf
By default, the agent is configured to only listen to connections from the local machine. So we need to comment the following line:
agentAddress udp:127.0.0.1:161
And uncomment the line that allows external connections:
#agentAddress udp:161,udp6:[::1]:161
Do not close this file yet, we still have some modifications to do.
4) Adding a temporary user:
Since SNMP does not come with an administrator user preconfigured, we have to make a temporary, improvised one in the .conf file. Add the next lines:
createUser bootstrap MD5 temp_password DES
This line creates a user named bootstrap with the password temp_password, and the following one:
rwuser bootstrap priv
offers read and write permissions (rwuser) and enforces him to use encryption (priv).
5) Making a permanent user:
Now we have the improvised user bootstrap. Using this trick on a daily basis tho, is highly unrecommended so we will also prepare the creation of another one: admin_user(replace with the username you desire). Set this user with the same permissions and encription:
rwuser admin_user priv
Save and exit the .conf file. To activate the changes restart the SNMP service:
sudo service snmpd restart
Up next, return to the manager machine and create the admin_user account on the agent with:
snmpusm -u bootstrap -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host create admin_user bootstrap
Let's dissect the command a little:
snmpusm -u #user management tool authPriv -a MD5 -x DES -A temp_password -X temp_password #auth information. temp_password is the password set for the bootstrap user remote_host # the IP of the agent machine create admin_user bootstrap # new users are created by templating old ones so here admin_user is created after bootstrap.
admin_user now is created and functional, but has the same password as bootstrap. Here is how to change it:
snmpusm -u admin_user -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host passwd temp_password my_new_password
Replace my_new_password with the password you want for your user.
6) Removing the bootstrap account.
Since keeping such an account is not recommended, we need to return to the agent machine and comment the lines we previously wrote:
#createUser bootstrap MD5 temp_password DES #rwuser bootstrap priv
And restart the service:
sudo service snmpd restart
Now, to completely erase it, go back to the manager machine and run:
snmpusm remote_host delete bootstrap
Tips and Tricks
1) Client Configuration File
One thing that you can use to make accessing machines easier is the use of client configuration file. This is actually recording the autentication information in the .conf file of the master, or hidden in your home directory. If you prefer the later, run the next commands first:
mkdir ~/.snmp cd ~/.snmp
And edit with:
nano snmp.conf <pre> Or if you want to edit the SNMP .comf file: <pre>sudo nano /etc/snmp/snmp.conf
And paste the following:
defSecurityName admin_user defSecurityLevel authPriv defAuthType MD5 defPrivType DES defAuthPassphrase my_new_password defPrivPassphrase my_new_password
From now on, you can connect by simply running:
snmpget remote_host sysUpTime.0 # gets uptime