Configure SNMP for GNU/Linux

This post is also available in: French

This article allows to describe how to configure SNMP daemon on GNU/Linux server to apply access restrictions on sub trees.

Notice: This article doesn’t describe how to use SNMP v3 but only v1 or v2c for Net-SNMP v5.7.x. For v3 please use Net-SNMP documentation.

Default settings

The following picture describes default snmpd daemon configuration for Debian/Ubuntu operating system:

presentation_config_snmp_1 The first parameter describes on with network interface and UDP port the SNMP daemon will listen. In this case, only localhost is authorized to send SNMP request on UDP 161 port.

The following access controls indicate that the “systemonly” access group has access to sub tree “SNMP MIB-2” (.1.3.6.1.2.1.1) and “HOST-RESORUCES-MIB” (.1.3.6.1.2.1.25.1).

Then the last parameter describes that the “systemonly” access group is linked to “public” community (look like a password to connect to agent) to get a read-only access from localhost (127.0.0.1).

Build your own snmpd.conf configuration file

When you install a Net-SNMP agent you have to define system parameters:

  • Server location
  • Main contact
  • Server type

This information has to be describing using following arguments:

  • sysLocation    Sitting on the Dock of the Bay
  • sysContact     Me <me@example.org>
  • sysServices    72         # Application + End-to-End layers

Then you have to define allowed network than can send SNMP request. In your example we will use 192.168.0.1/24 but the SNMP daemon will listen on all available network interfaces on UDP 161 port using the following parameter:

  • agentAddress udp:161

All equipment from 192.168.0.1/24 will access to complete SNMP information (all trees) with following directive:

  • view    all   included   .1

To conclude we will use “merethis” as SNMP community to have a read-only access from 192.168.0.1/24 network:

  • rocommunity   merethis                 192.168.0.0/24 –V all

The configuration file can be:

fichier de configuration minimal_2

In your example we didn’t use access group template. If you wish to define many access groups you can create access controls linked to access groups then linked this access groups to views and access type (read/write access).

A new configuration file can be this one:

fichier de configuration _3

Incoming search terms:

  • 192 168 72 229/centreon
  • linux snmp location sitting on the dock at the bay

Leave a Reply