The information on getting SNMPv3 up and running on Linux is somewhat fragmented on the Internet, I decided to write this simple how to. The info below describes the steps of getting SNMPv3 installed and ready for use on a clean installation of Ubuntu (12.04/14.04 LTS). Ubuntu uses the net-SNMP package.
1. Installing SNMP (daemon and agent)
net-SNMP comes in two flavours: a server-side agent (snmpd) and a client-site application (snmp). To install both, simply logon into your server, open a terminal and enter the following on the command-line:
sudo apt-get install snmp snmpd
2. Define SNMPv3 users, authentication and encryption parameters.
SNMPv3 can be used in a number of ways depending on the “securityLevel” configuration parameter:
- noAuthNoPriv – No authorisation and no encryption, basically no security at all!
- authNoPriv – Authorisation is required but collected data sent over the network is not encrypted.
- authPriv – The strongest form. Authorisation required and everything sent over the network is encrypted.
The snmpd configuration settings are all saved in a file called /etc/snmp/snmpd.conf. Open this file in your editor (I use joe) as in:
sudo nano /etc/snmp/snmpd.conf
Add the following lines to the end of the file (choose your own usernames and passwords)
# createUser user1 createUser user2 MD5 user2password createUser user3 MD5 user3password DES user3encryption # rouser user1 noauth 1.3.6.1.2.1.1 rouser user2 auth 1.3.6.1.2.1 rwuser user3 priv 1.3.6.1.2.1
PS. The password and encryption phrases should have a length of at least 8 characters!
By default, the SNMP daemon is only accessible locally (localhost) on the same server. This is of course for security reasons. To make snmpd accessible from the outside change the “AGENT BEHAVIOUR” section into:
# AGENT BEHAVIOUR # # Listen for connections from the local system only #agentAddress udp:127.0.0.1:161 # Listen for connections on all interfaces (both IPv4 *and* IPv6) agentAddress udp:161,udp6:[::1]:161
Save your modified snmpd.conf file and restart the SNMP daemon with:
sudo /etc/init.d/snmpd restart
3. Testing the configuration with the installed net-SNMP client “snmpget”
In step1 we already installed the snmp client. In the examples below the first line is what I entered and the italic lines are the responses. “Platinum” is the name of my test server!
Let’s begin testing with user1 by entering:
snmpget -v 3 -u user1 -l NoauthNoPriv platinum 1.3.6.1.2.1.1.1.0 iso.3.6.1.2.1.1.1.0 = STRING: "Linux Platinum 3.2.0-60-generic #91-Ubuntu SMP Wed Feb 19 03:54:44 UTC 2014 x86_64"
Trying to access an OID outside 1.3.6.1.2.1.1 gives:
snmpget -v 3 -u user1 -l NoauthNoPriv platinum 1.3.6.1.2.1.2.1.0 iso.3.6.1.2.1.2.1.0 = No Such Object available on this agent at this OID
The same with user2 gives:
snmpget -v 3 -u user2 -l NoauthNoPriv platinum 1.3.6.1.2.1.1.1.0 Error in packet Reason: authorizationError (access denied to that object)
Of course we added user2 with Authentication in mind so lets use it:
snmpget -v 3 -u user2 -l authNoPriv -a MD5 -A user2password platinum 1.3.6.1.2.1.1.1.0 iso.3.6.1.2.1.1.1.0 = STRING: "Linux Platinum 3.2.0-60-generic #91-Ubuntu SMP Wed Feb 19 03:54:44 UTC 2014 x86_64"
…and another test:
snmpget -v 3 -u user2 -l authNoPriv -a MD5 -A user2password platinum 1.3.6.1.2.1.2.1.0 iso.3.6.1.2.1.2.1.0 = INTEGER: 12
Finally add some encryption:
snmpget -v 3 -u user3 -l authPriv -a MD5 -A user3password -x DES -X user3encryption platinum .1.3.6.1.2.1.1.1.0 iso.3.6.1.2.1.1.1.0 = STRING: "Linux Platinum 3.2.0-60-generic #91-Ubuntu SMP Wed Feb 19 03:54:44 UTC 2014 x86_64"
Happy testing!