To use this system first install the net-snmp tools.
~ # emerge net-snmp [ebuild R ] net-analyzer/net-snmp-188.8.131.52-r4 \ USE="-X bzip2 diskio -doc -elf -extensible ipv6 -lm_sensors -mfd-rewrites \ -minimal perl python -rpm (-selinux) -sendmail -smux ssl -tcpd zlib"
~ # apt-get install snmp snmpd
A handy utility comes with net-snmp tools that facilitate the creation of new configuration files, usually in /etc/snmp/snmpd.conf Just run this program and follow the prompts. This application will prompt for various SNMP and system information. In the 2: Access Control Setup choose only SNMPv3 read-only user like as follows.
~ # snmpconf
The configuration information which can be put into snmpd.conf is divided into sections. Select a configuration section for snmpd.conf that you wish to create: 1: System Information Setup 2: Access Control Setup 3: Trap Destinations 4: Monitor Various Aspects of the Running Host 5: Extending the Agent 6: Agent Operating Mode Other options: finished Select section: 2 Section: Access Control Setup Description: This section defines who is allowed to talk to your running snmp agent. Select from: 1: a SNMPv3 read-write user 2: a SNMPv3 read-only user 3: a SNMPv1/SNMPv2c read-only access community name 4: a SNMPv1/SNMPv2c read-write access community name Other options: finished, list Select section: 2 Configuring: rouser Description: a SNMPv3 read-only user arguments: user [noauth|auth|priv] [restriction_oid] Enter the SNMPv3 user that should have read-only access to the system: edoceo The minimum security level required for that user [noauth|auth|priv, default = auth]: auth The OID that this community should be restricted to [if appropriate]:
Now the snmpd process is configured for read only access by one user - we must create the user.
This example shows a simple SNMP server which allows v1 and v2 read only community named "custos" only to one host (184.108.40.206)
syslocation "Linode - Fremont" syscontact firstname.lastname@example.org proc mountd disk / 10000 load 12 14 14 # v1 and v2 rocommunity custos edoceo com2sec edoceo 220.127.116.11
From the localhost try to view your SNMP data.
~ # snmpwalk -Cc -Cp -c custos -OQ -v1 localhost
SNMP Firewall Rules
Many times, as SNMP is only used for read-only data; so configuring a proper community and then opening a port in the firewall will be acceptable. The following example opens your SNMP to your IP.
~ # iptables -A INPUT -s 18.104.22.168 -p udp -m udp --dport 161 -j ACCEPT