SNMP Monitoring Linux

Add Login and User SNMP Monitoring Linux

If you want to use SNMP Monitoring Linux and UNIX servers, you must configure the SNMP background on those servers to respond to queries from the op5 Monitor server. Most people want to shorten the SNMP version 3, in the "Authentication and Privacy Protected" mode, often as AuthPriv, but other methods are also discussed in this section.

Please note that SNMP protocol versions 1 and 2c are not encrypted, so someone who can read traffic streams on your network can read the values ​​(including community names) that are sent to and received from the device monitored by SNMP.

SNMP version 1 has features that make it unsuitable for monitoring, both in performance and the types of data it provides, so we strongly recommend that you do not use it. Although SNMP versions 3 and 2c provide the same data, and version 3 has a generic performance because the traffic is encrypted, the easy management of using the same protocol on the network creates a very strong case for using only SNMP version 3.

• This HOWTO assumes that the net snmp is installed on the server to be monitored.
• The servers that need to be monitored must be accessible on the 161, TCP and UDP ports.
• The snmp daemon's configuration file is usually located at /etc/snmp/snmpd.conf, but some operating systems are placed elsewhere.
• Secure passwords that are easy to work with can be created from several combined words such as "horse.eats.bananas"
• It is generally a good idea to avoid shell meta characters in passwords and community names. The most common problematic ones are $ ~!;? * () [] \ "'
• Be sure to restart snmpd after reconfiguring.

SNMPv3 User

SNMP version 3 has three options for security and privacy (security level or secLevel);

• noAuthNoPriv (no authentication, no privacy)
• authNoPriv (no authentication but no privacy)
• authPriv (authentication and privacy)

SNMPv3 offers two different authentication mechanisms:
• md5 - now supported for backward compatibility mostly
• sha1 - a more powerful encryption algorithm with faster calculation, there is no reason to use md5.

SNMPv3 also offers two different encryption algorithms:
• DES - have known security issues, and since encryption is weak, it should be avoided.
• AES - use when possible

To add a new SNMP v3 user, you must edit two files:
• /var/lib/net-snmp/snmpd.conf (createuser commands go here)
• /etc/snmp/snmpd.conf (access configuration goes here)

Be sure to change your user names and passwords (authPass and privPass in the following example) to secure your own choice. Before you start adding a new SNMP v3 user, you must stop the snmp daemon:

Service SNMP Stop

Now add the following line to the /var/lib/net-snmp/snmpd.conf file:

Create User op5user SHA authPass AES privPass
When snmpd is started, after the user has completed adding, the createUser command line in /var/lib/net-snmp/snmpd.conf will be modified to look like this:
usmUser 1 3 0x80001f88801fe67e4b048e4d5500000000 0x6b616b6100 0x6b616b6100 NULL .
At the end of /Etc/snmp/snmpd.conf, you would add the new user to give read-only access to the full tree:
rouser op5user custom .1

Restart the snmp daemon:

Start Service SNMP

The above example is authenticated with 'authPass' and will allow the 'op5user' user to send privPass as read access to the SNMP tree as a communication encryption key. To verify the configuration, perform a snmpwalk in a terminal and this should lead to multiple outputs in Snmp Monitoring Linux.

If you do not receive the output, we recommend that you check your snmpd configuration for errors, restart snmpd, and ensure that you have configured your firewalls correctly. $ snmpwalk -v 3 -l authPriv -u op5user -a sha -A authPass -x aes -X privPass localhost .1

Here are more examples of how to create snmp version 3 users and how to enable read-only access.
We strongly recommend using SNMP version 3 without verification and encryption.
  • Create different users in variable levels and authentication information
  • If a password or hash / encryption type is not specified, this requires credentials
  • On queries will result in a configuration error when initializing snmpd.
  • Username authProto authPass privProto privPass
Download Snmp Monitoring Linux :

Snmp Monitoring Linux
Free Driver

Create User auth_None

  • createUser auth_md5 MD5 md5_pass
  • createUser auth_md5_des MD5 md5_pass DES des_crypt
  • createUser auth_md5_aes MD5 md5_pass AES aes_crypt
  • createUser auth_sha SHA sha_pass
  • createUser auth_sha_des SHA sha_pass DES des_crypt
  • createUser auth_sha_aes SHA sha_pass AES aes_crypt /etc/snmp/snmpd.conf:

Allow user-read-only access to the entire 'auth_none' SNMP tree

          User mode subtree
  • rouser auth_none noauth .1
  • rouser auth_sha auth.1
  • rouser auth_md5 auth .1
  • rouser auth_sha_des custom .1
  • rouser auth_sha_aes custom .1
  • rouser auth_md5_des custom .1
  • rouser auth_md5_aes custom .1

If you choose to use SNMP version 3, you must disable unencrypted access to the server to prevent unauthorized access. To do this, interpret all the lines that start with the rocommunity or rwcommunity in your snmpd configuration file, as well as all rows that start with com2sec or access in SNMP Monitoring Linux.