<\/p>\n\n\n\n
The SNMP packages are available on default Ubuntu 20.04 repositories.<\/p>\n\n\n\n
first update your package cache;<\/p>\n\n\n\n
apt update<\/pre>\n\n\n\nOnce the update is done, install SNMP on Ubuntu 20.04.<\/p>\n\n\n\n
apt install snmpd snmp libsnmp-dev<\/pre>\n\n\n\nConfigure SNMP on Ubuntu 20.04<\/h3>\n\n\n\n
Once the installation is done, proceed to configure SNMP as follows.<\/p>\n\n\n\n
The default configuration file for SNMP is
\/etc\/snmp\/snmpd.conf<\/code>.<\/p>\n\n\n\nConfiguring SNMP Authentication on Ubuntu 20.04<\/h3>\n\n\n\n
SNMP supports three versions of SNMP protocol;<\/p>\n\n\n\n
\n
- SNMP
v1<\/code><\/li>\n\n\n\n- SNMP
v2c<\/code><\/li>\n\n\n\n- SNMP v
3<\/code><\/li>\n<\/ul>\n\n\n\nBoth SNMP version 1 and 2c provides authentication using
community string<\/em><\/code>, which is a shared secret between the agent and the client that is passed in clear text over the network<\/p>\n\n\n\nSNMP version 3 supports user authentication and message encryption using a variety of protocols and is thus a bit more secure.<\/p>\n\n\n\n
Configuring SNMP Version 2c Community on Ubuntu 20.04<\/h4>\n\n\n\n
As stated above, SNMP v2 provides access using a
permission directive<\/strong><\/code>, acommunity string<\/code><\/strong> and thesource Address<\/code><\/strong>. The source address can be IP of the monitoring server such as Nagios Server (SNMP server) or Cacti for example. This directive should be set in the format;<\/p>\n\n\n\ndirective<\/em> community<\/em> [source<\/em> [OID<\/em>]]<\/pre>\n\n\n\nWhere<\/p>\n\n\n\n
\n
directive <\/strong><\/code>can berocommunity<\/code> (provides read-only access) orrwcommunity<\/code> (provides read-write access)<\/li>\n\n\n\nsource<\/strong><\/code> can be IP of the monitoring server such as Nagios Server (SNMP server) or Cacti for example<\/li>\n\n\n\nOID<\/strong><\/code> is the optional SNMP tree to provide access to. To configure SNMP v2c<\/li>\n<\/ul>\n\n\n\nTherefore, edit the
snmpd<\/code> configuration file and configure it to listen on both localhost and an interface IP. By default, the SNMP agent is set to allow connections originating from the localhost only. <\/p>\n\n\n\nvim \/etc\/snmp\/snmpd.conf<\/strong><\/pre>\n\n\n\n...\n###########################################################################\n# SECTION: Agent Operating Mode\n#\n# This section defines how the agent will operate when it\n# is running.\n...\n#agentaddress 127.0.0.1,[::1]\nagentAddress udp:127.0.0.1:161,udp:192.168.58.18:161<\/code><\/pre>\n\n\n\nAlso, configure it to allow the monitoring server (Cacti server in my case, with IP, 192.168.58.3) only to connect using the community string (
Ex@mPL3<\/code>).<\/p>\n\n\n\n...\n#\nSECTION: Access Control Setup\n#\nThis section defines who is allowed to talk to your running\nsnmp agent.\n...\nrocommunity Ex@mPL3 192.168.58.3<\/pre>\n\n\n\nSave and exit the configuration file.<\/p>\n\n\n\n
Note that for any changes to the configuration file to take effect, force the
snmpd<\/code> service to re-read the configuration by running the following command:<\/p>\n\n\n\nsystemctl restart snmpd<\/pre>\n\n\n\nIf you can check, SNMP is now listening on two interfaces;<\/p>\n\n\n\n
netstat -nlpu|grep snmp<\/pre>\n\n\n\nudp 0 0 192.168.58.18:161 0.0.0.0:* 36473\/snmpd \nudp 0 0 127.0.0.1:161 0.0.0.0:* 36473\/snmpd<\/code><\/pre>\n\n\n\nIf firewall is running, allow connection from the monitoring server.<\/p>\n\n\n\n
ufw allow from 192.168.58.3 to any port 161 proto udp<\/pre>\n\n\n\nVerify SNMP v2c Connection with Community String<\/h4>\n\n\n\n
Next, run the command below from the monitoring server to verify access to the host;<\/p>\n\n\n\n
snmpwalk -v2c -c Ex@mPL3 192.168.58.18<\/pre>\n\n\n\niso.3.6.1.2.1.1.1.0 = STRING: \"Linux ubuntu20.kifarunix-demo.com 5.4.0-51-generic #56-Ubuntu SMP Mon Oct 5 14:28:49 UTC 2020 x86_64\"\niso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10\niso.3.6.1.2.1.1.3.0 = Timeticks: (2891) 0:00:28.91\niso.3.6.1.2.1.1.4.0 = STRING: \"Me <me@example.org>\"\niso.3.6.1.2.1.1.5.0 = STRING: \"ubuntu20.kifarunix-demo.com\"\niso.3.6.1.2.1.1.6.0 = STRING: \"Sitting on the Dock of the Bay\"\niso.3.6.1.2.1.1.7.0 = INTEGER: 72\niso.3.6.1.2.1.1.8.0 = Timeticks: (2) 0:00:00.02\niso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.10.3.1.1\niso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.11.3.1.1\niso.3.6.1.2.1.1.9.1.2.3 = OID: iso.3.6.1.6.3.15.2.1.1\niso.3.6.1.2.1.1.9.1.2.4 = OID: iso.3.6.1.6.3.1\niso.3.6.1.2.1.1.9.1.2.5 = OID: iso.3.6.1.6.3.16.2.2.1\niso.3.6.1.2.1.1.9.1.2.6 = OID: iso.3.6.1.2.1.49\niso.3.6.1.2.1.1.9.1.2.7 = OID: iso.3.6.1.2.1.4\niso.3.6.1.2.1.1.9.1.2.8 = OID: iso.3.6.1.2.1.50\niso.3.6.1.2.1.1.9.1.2.9 = OID: iso.3.6.1.6.3.13.3.1.3\niso.3.6.1.2.1.1.9.1.2.10 = OID: iso.3.6.1.2.1.92\niso.3.6.1.2.1.1.9.1.3.1 = STRING: \"The SNMP Management Architecture MIB.\"\niso.3.6.1.2.1.1.9.1.3.2 = STRING: \"The MIB for Message Processing and Dispatching.\"<\/code><\/pre>\n\n\n\nConfigure SNMP Version 3 on Ubuntu 20.04<\/h3>\n\n\n\n
SNMP v3 uses a username, permission, security level, authentication, and privacy passphrases to allow access. As a result, you need to create a user for authenticating. When created, the user is added to the following configuration files;
\/etc\/snmp\/snmpd.conf<\/code> and\/var\/lib\/net-snmp\/snmpd.conf<\/code>.<\/p>\n\n\n\nSimilarly, make a copy of the original configuration file just like we did above.<\/p>\n\n\n\n
cp \/etc\/snmp\/snmpd.conf{,.bak}<\/pre>\n\n\n\nStop SNMP daemon<\/p>\n\n\n\n
systemctl stop snmpd<\/pre>\n\n\n\nCreate SNMP v3 Authentication User<\/h4>\n\n\n\n
Create a read-only authentication user using the
net-snmp-create-v3-user<\/code> command. The command syntax is;<\/p>\n\n\n\n
net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass][-x DES|AES] [username]<\/code><\/p>\n\n\n\nnet-snmp-create-v3-user -ro -A STrP@SSWRD -a SHA -X STr0ngP@SSWRD -x AES snmpadmin<\/pre>\n\n\n\nadding the following line to \/var\/lib\/snmp\/snmpd.conf:\n createUser snmpadmin SHA \"STrP@SSWRD\" AES \"STr0ngP@SSWRD\"\nadding the following line to \/usr\/share\/snmp\/snmpd.conf:\n rouser snmpadmin<\/code><\/pre>\n\n\n\nStart SNMP daemon and configure inbound Firewall rules to UDP port 161 as we did above.<\/p>\n\n\n\n
systemctl start snmpd<\/pre>\n\n\n\nEnable SNMP daemon to run on system reboot.<\/p>\n\n\n\n
systemctl enable snmpd<\/pre>\n\n\n\nVerify SNMP v3 Connection<\/h4>\n\n\n\n
Test to verify that everything is working as expected.<\/p>\n\n\n\n
snmpwalk -v3 -a SHA -A STrP@SSWRD -x AES -X STr0ngP@SSWRD -l authPriv -u snmpadmin localhost | head<\/pre>\n\n\n\niso.3.6.1.2.1.1.1.0 = STRING: \"Linux ubuntu20.kifarunix-demo.com 5.4.0-51-generic #56-Ubuntu SMP Mon Oct 5 14:28:49 UTC 2020 x86_64\"\niso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10\niso.3.6.1.2.1.1.3.0 = Timeticks: (6269) 0:01:02.69\niso.3.6.1.2.1.1.4.0 = STRING: \"Me me@example.org<\/a>\"\niso.3.6.1.2.1.1.5.0 = STRING: \"ubuntu20.kifarunix-demo.com\"\niso.3.6.1.2.1.1.6.0 = STRING: \"Sitting on the Dock of the Bay\"\niso.3.6.1.2.1.1.7.0 = INTEGER: 72\niso.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01\niso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.10.3.1.1\niso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.11.3.1.1<\/pre>\n\n\n\nFrom a remote host;<\/p>\n\n\n\n
snmpwalk -v3 -a SHA -A STrP@SSWRD -x AES -X STr0ngP@SSWRD -l authPriv -u snmpadmin 192.168.58.18 | head<\/pre>\n\n\n\niso.3.6.1.2.1.1.1.0 = STRING: \"Linux ubuntu20.kifarunix-demo.com 5.4.0-51-generic #56-Ubuntu SMP Mon Oct 5 14:28:49 UTC 2020 x86_64\"\niso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10\niso.3.6.1.2.1.1.3.0 = Timeticks: (11693) 0:01:56.93\niso.3.6.1.2.1.1.4.0 = STRING: \"Me <me@example.org>\"\niso.3.6.1.2.1.1.5.0 = STRING: \"ubuntu20.kifarunix-demo.com\"\niso.3.6.1.2.1.1.6.0 = STRING: \"Sitting on the Dock of the Bay\"\niso.3.6.1.2.1.1.7.0 = INTEGER: 72\niso.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01\niso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.10.3.1.1\niso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.11.3.1.1<\/code><\/pre>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"
Install and Configure SNMP on Ubuntu 20.04 The SNMP packages are available on default Ubuntu 20.04 repositories. first update your package cache; apt update Once the update is done, install SNMP on Ubuntu 20.04. apt install snmpd snmp libsnmp-dev Configure SNMP on Ubuntu 20.04 Once the installation is done, proceed to configure SNMP as follows. […]<\/p>\n","protected":false},"author":1,"featured_media":119,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[6],"tags":[],"class_list":["post-42","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu"],"_links":{"self":[{"href":"http:\/\/nitirat.ddns.net\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/42","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/nitirat.ddns.net\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/nitirat.ddns.net\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/nitirat.ddns.net\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/nitirat.ddns.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=42"}],"version-history":[{"count":2,"href":"http:\/\/nitirat.ddns.net\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/42\/revisions"}],"predecessor-version":[{"id":175,"href":"http:\/\/nitirat.ddns.net\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/42\/revisions\/175"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/nitirat.ddns.net\/wordpress\/index.php?rest_route=\/wp\/v2\/media\/119"}],"wp:attachment":[{"href":"http:\/\/nitirat.ddns.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=42"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/nitirat.ddns.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=42"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/nitirat.ddns.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}