Installing & Configuring net-snmp / snmpd

To use this system first install the net-snmp tools.

~ # emerge net-snmp
[ebuild   R   ] net-analyzer/net-snmp-5.4.2.1-r4  \
    USE="-X bzip2 diskio -doc -elf -extensible ipv6 -lm_sensors -mfd-rewrites \
    -minimal perl python -rpm (-selinux) -sendmail -smux ssl -tcpd zlib"

~ # apt-get install snmp snmpd

Configuring net-snmp

A handy utility comes with net-snmp tools that facilitate the creation of new configuration files, usually in /etc/snmp/snmpd.conf Just run this program and follow the prompts. This application will prompt for various SNMP and system information. In the 2: Access Control Setup choose only SNMPv3 read-only user like as follows.

~ # snmpconf

The configuration information which can be put into snmpd.conf is divided
into sections.  Select a configuration section for snmpd.conf
that you wish to create:

   1:  System Information Setup
   2:  Access Control Setup
   3:  Trap Destinations
   4:  Monitor Various Aspects of the Running Host
   5:  Extending the Agent
   6:  Agent Operating Mode

Other options: finished

Select section: 2

Section: Access Control Setup
Description:
  This section defines who is allowed to talk to your running
  snmp agent.

Select from:

   1:  a SNMPv3 read-write user
   2:  a SNMPv3 read-only user
   3:  a SNMPv1/SNMPv2c read-only access community name
   4:  a SNMPv1/SNMPv2c read-write access community name

Other options: finished, list

Select section: 2

Configuring: rouser
Description:
  a SNMPv3 read-only user
    arguments:  user [noauth|auth|priv] [restriction_oid]

Enter the SNMPv3 user that should have read-only access to the system: edoceo
The minimum security level required for that user [noauth|auth|priv, default = auth]: auth
The OID that this community should be restricted to [if appropriate]:

Now the snmpd process is configured for read only access by one user - we must create the user.

Configure /etc/snmp/snmpd.conf

This example shows a simple SNMP server which allows v1 and v2 read only community named "custos" only to one host (11.22.33.44)

syslocation  "Linode - Fremont"
syscontact  user@example.com
proc mountd
disk / 10000
load 12 14 14
# v1 and v2
rocommunity  custos edoceo
com2sec edoceo 11.22.33.44

Testing snmpd

From the localhost try to view your SNMP data.

~ # snmpwalk -Cc -Cp -c custos -OQ -v1 localhost

SNMP Firewall Rules

Many times, as SNMP is only used for read-only data; so configuring a proper community and then opening a port in the firewall will be acceptable. The following example opens your SNMP to your IP.

~ # iptables -A INPUT -s 3.12.71.34 -p udp -m udp --dport 161 -j ACCEPT