john pfeiffer

Snmp

snmp = Simple Network Management Protocol - monitoring/management of remote devices The SNMP agent receives requests on UDP port 161 (TLS might use 10161 with 10162 for traps) SNMPv1 -> SNMPv2c = SNMPv2 with the community string (instead of a complex security model) SNMPv3 can support encryption (DES)

snmpd = snmp daemon = managed device (i.e. router,voip phone,server,etc) MIB = management information bases (the actual data that can be presented via SNMP) - a hierarchical namespace containing object identifiers (OID) - a variable that can be read/set via SNMP The internet as the OID 1.3.6.1, which is defined as a subtree of iso.org.dod, or 1.3.6 - to be able to query by "object name" the client needs the correct MIB (maps the oid to the resource and name) - Counters go up and reset at the max, gauge's do not exceed the max (i.e. netw traffic vs cpu usage)

apt-get update (apt-get upgrade) apt-get install snmpd -y (For an snmp client then use apt-get install snmp , required for snmpwalk testing...)

define security config (i.e. what ip addresses, what "community string" password, etc.)

sudo vi /etc/snmp/snmpd.conf

com2sec SECURITYNAME NETWORKALLOWED COMMUNITYSTRINGPASSWORD

com2sec localhost localhost public

group GROUPNAME SNMPVERSION SECURITYNAME

group MyLocalhost v1 localhost group MyLocalhost v2c localhost

view VIEWNAME INCLUDED/EXCLUDED OPTIONAL-MASK

view all included .1

inclusion - you access only that branch of the mib tree

exclusion - you access all the branches except that one

access GROUPNAME CONTEXT SNMPVERSION SECURITY MATCH READ WRITE NOTIFICATION

access MyLocalhost "" all noauth exact all none none

ALSO: sudo vi /etc/default/snmpd

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'

if you prefer to restrict what interfaces append at the end...

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1 192.168.1.1'

FIREWALL - snmp uses UDP 161

below would restrict udp 161 access to only the subnet: 192.168.1.0/24

/sbin/iptables -A RH-Firewall-1-INPUT -p udp -s 192.168.1.0/24 -m udp --dport 161 -j ACCEPT

/usr/share/snmp/mibs/ You might add new .txt config based MIB files...

TESTING snmpwalk (version) (community string) (target ip) (target oid)

general info

snmpwalk -v 1 -c public localhost system

everything

snmpwalk -c public -v 1 127.0.0.1 . snmpwalk -c public -v 2c 127.0.0.1 . | grep time

test from a remote machine

snmpwalk -c public -v2c 10.10.10.197 system snmpwalk -c public -v2c 10.10.10.197

processes

snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2

disk check

snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9

for more info on SNMPv3 http://crazy8s.info/wiki/index.php/Network_-_SNMPv3_Configuration for more info on MIB's http://www.net-snmp.org/wiki/index.php/TUT:snmptranslate http://oreilly.com/catalog/esnmp/chapter/ch02.html

Similar to Disk monitoring specific processes can be monitored:

proc NAME [MAX=0] [MIN=0] proc sendmail 10 1

snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2

Further example ubuntu configs of snmpd.conf

syslocation California syscontact support@domain.com

com2sec Localhost localhost mypassword com2sec Subnet 192.168.1.0/24 mypassword

group MyLocalhost v2c Localhost group MySubnet v2c Subnet

view all included .1 80 view system included .1.3.6.1.2.1.1 view system included .iso.org.dod.internet.mgmt.mib-2.system

access MyLocalhost "" any noauth exact all none none access MySubnet "" any noauth exact system none none

syslocation California syscontact support@domain.com

com2sec Localhost localhost mypassword group MyLocalhost v2c Localhost view all included .1 80 access MyLocalhost "" any noauth exact all none none

com2sec Subnet 10.10.10.0/24 mypassword group MySubnet v2c Subnet

iso.org.dod.internet.mgt = 1.3.6.1.2

iso.org.dod.internet.private = 1.3.6.1.4

sysName

view system included iso.org.dod.internet.mgmt.1.1.5

ip address, interfaces, subnet

view system included iso.org.dod.internet.mgmt.1.4.20.1

hrSystemUptime

view system included iso.org.dod.internet.mgmt.1.25.1.1

Total RAM

view system included iso.org.dod.internet.private.1.2021.4.5.0

Memory available RAM

view system included iso.org.dod.internet.private.1.2021.4.6.0

Disk basics

disk / 5% view system included iso.org.dod.internet.private.1.2021.9.1

cpu idle percentage

view system included iso.org.dod.internet.private.1.2021.11.11

access MySubnet "" any noauth exact system none none

snmpwalk -c public -v2c 10.10.10.197 .

Published

Category

linux

~571 words

Tags