Howto – Install and configure the snmpd daemon under linux

Installing the SNMPD daemon

Before we will be able to use SNMP we need to download and install the snmpd package. Update your apt cache and install the required binaries:

sudo apt-get update
sudo apt-get install -y snmp snmpd

Configure the SNMP daemon

Make the daemon listen on all IP addresses

By default the snmpd daemon daemon listens only to connections from the local host, we need to change the agentAddress parameter so the SNMP daemon will listen on all IP addresses.

For Ubuntu 10.04.4 LTS:

vi /etc/default/snmpd
# remove 127.0.0.1 from snmpdopts

For other distributions:

# Listen for connections from the local system only
# agentAddress udp:127.0.0.1:161 <-- put this entry in comment
# Listen for connections on all interfaces (both IPv4 and IPv6)
agentAddress udp:161,udp6:[::1]:161 <-- add this entry to make it listen to all IP addresses

Restart your daemon for the changes to take effect.

service snmpd restart

Create an authentication user for SNMPv3:

In our set-up we will be utilising SNMPv3 with an encrypted connection and user authentication.
To facilitate in this we will need to create a SNMP user account and password to validate our connection to the SNMP server.

automated

service snmpd stop
net-snmp-config --create-snmpv3-user -ro -A password -X password -a MD5 -x AES snmpv3user

service snmpd start

or manually

service snmpd stop
echo 'createUser snmpv3user MD5 "password" AES' | sudo tee -a /var/lib/snmp/snmpd.conf

echo 'rouser snmpv3user' | sudo tee -a /usr/share/snmp/snmpd.conf
service snmpd start

Testing the SNMP daemon

Let’s test our snmp daemon with snmpwalk, if everything is ok, we should be able to walk the snmp tree.

snmpwalk -v3 -a MD5 -x AES localhost -u snmpv3user -A password


If it doesn’t work when trying this from another station, it might be possible that the iptables firewall is blocking the connection to your snmp daemon.

Allow access from any ip address:

iptables -I INPUT -p udp -m udp --dport 161 -j ACCEPT
iptables -I INPUT -p udp -m udp --dport 162 -j ACCEPT
iptables-save > /etc/iptables.up.rules

Allow access from source ip address:

iptables -I INPUT -s my.source.ip.addr/32 -p udp -m udp --dport 161 -j ACCEPT

iptables -I INPUT -s
my.source.ip.addr /32 -p udp -m udp --dport 162 -j ACCEPT
iptables-save > /etc/iptables.up.rules

Extra steps on debian

Apparently snmpd is not working by default on debian systems.
On debian systems we need to install the snmp mibs, these do not come bundled with the snmpd package.
We can download the mibs with a package called: snmp-mibs-downloader
But before we can install this downloader, we need activate our non-free repositories for apt.

echo "deb http://ftp.us.debian.org/debian/ jessie main non-free" >>  /etc/apt/sources.list 

echo "deb-src http://ftp.us.debian.org/debian/ jessie main non-free" >> /etc/apt/sources.list

apt-get update

Now install the snmp-mibs-downloader:

apt-get install snmp-mibs-downloader

Now install the required mibs:

snmp-mibs-downloader

Published by

Ronny Van den Broeck

I'm a network and system engineer for more than 20 years now. During this period I became a pro in hunting down one's and zero's, with an eager mindset to help people accomplish the same or abstract them away from the matrix.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s