Installing the SNMPD daemon
Before we will be able to use SNMP we need to download and install the snmpd package. Update your apt cache and install the required binaries:
sudo apt-get update
sudo apt-get install -y snmp snmpd
Configure the SNMP daemon
Make the daemon listen on all IP addresses
By default the snmpd daemon daemon listens only to connections from the local host, we need to change the agentAddress parameter so the SNMP daemon will listen on all IP addresses.
For Ubuntu 10.04.4 LTS:
vi /etc/default/snmpd
# remove 127.0.0.1 from snmpdopts
For other distributions:
# Listen for connections from the local system only
# agentAddress udp:127.0.0.1:161 <-- put this entry in comment
# Listen for connections on all interfaces (both IPv4 and IPv6)
agentAddress udp:161,udp6:[::1]:161 <-- add this entry to make it listen to all IP addresses
Restart your daemon for the changes to take effect.
service snmpd restart
Create an authentication user for SNMPv3:
In our set-up we will be utilising SNMPv3 with an encrypted connection and user authentication.
To facilitate in this we will need to create a SNMP user account and password to validate our connection to the SNMP server.
automated
service snmpd stop
net-snmp-config --create-snmpv3-user -ro -A password -X password -a MD5 -x AES snmpv3user
service snmpd start
or manually
service snmpd stop
echo 'createUser snmpv3user MD5 "password" AES' | sudo tee -a /var/lib/snmp/snmpd.conf
echo 'rouser snmpv3user' | sudo tee -a /usr/share/snmp/snmpd.conf
service snmpd start
Testing the SNMP daemon
Let’s test our snmp daemon with snmpwalk, if everything is ok, we should be able to walk the snmp tree.
snmpwalk -v3 -a MD5 -x AES localhost -u snmpv3user -A password
If it doesn’t work when trying this from another station, it might be possible that the iptables firewall is blocking the connection to your snmp daemon.
Allow access from any ip address:
iptables -I INPUT -p udp -m udp --dport 161 -j ACCEPT
iptables -I INPUT -p udp -m udp --dport 162 -j ACCEPT
iptables-save > /etc/iptables.up.rules
Allow access from source ip address:
iptables -I INPUT -s my.source.ip.addr/32 -p udp -m udp --dport 161 -j ACCEPT
iptables -I INPUT -s
my.source.ip.addr /32 -p udp -m udp --dport 162 -j ACCEPT
iptables-save > /etc/iptables.up.rules
Extra steps on debian
Apparently snmpd is not working by default on debian systems.
On debian systems we need to install the snmp mibs, these do not come bundled with the snmpd package.
We can download the mibs with a package called: snmp-mibs-downloader
But before we can install this downloader, we need activate our non-free repositories for apt.
echo "deb http://ftp.us.debian.org/debian/ jessie main non-free" >> /etc/apt/sources.list
echo "deb-src http://ftp.us.debian.org/debian/ jessie main non-free" >> /etc/apt/sources.list
apt-get update
Now install the snmp-mibs-downloader:
apt-get install snmp-mibs-downloader
Now install the required mibs:
snmp-mibs-downloader
Random notes of a SysAdmin 