Setting Up an SNMP Server on Rocky Linux | Nutanix Community
Skip to main content

Setting Up an SNMP Server on Rocky Linux


BxtGeek
Nutanix Employee

SNMP (Simple Network Management Protocol) is commonly used for monitoring and managing network devices. It enables administrators to gather data about network performance, system uptime, and much more. In this article, we'll go over the steps for setting up an SNMP server on a Rocky Linux machine, enabling SNMPv2c and SNMPv3 for enhanced security.

Step 1: Install SNMP Packages

To get started, you need to install the net-snmp and net-snmp-utils packages. These packages provide the SNMP daemon (snmpd) and tools like snmpwalk for querying SNMP data.

Run the following command to install the required packages:

sudo dnf install net-snmp net-snmp-utils -y

Step 2: Enable and Start the SNMP Daemon

Once the SNMP packages are installed, the next step is to enable and start the SNMP daemon (snmpd). This allows your system to begin listening for SNMP requests.

Enable SNMP to start on boot:

sudo systemctl enable snmpd

Start the SNMP daemon:

sudo systemctl start snmpd

Step 3: Configure SNMP

Now that SNMP is running, you need to configure it to allow SNMP queries. The SNMP configuration file is located at /etc/snmp/snmpd.conf.

Edit the SNMP configuration file using nano:

sudo nano /etc/snmp/snmpd.conf

Below is a sample snmpd.conf configuration file:

# /etc/snmp/snmpd.conf

# Set the system location and contact information
syslocation YourLocation
syscontact YourContactEmail

# Agent address, listens on all IPv4 interfaces
agentAddress udp:161

# Define a read-only community string (default is 'public', but it's recommended to change it)
rocommunity your_secure_community_string  default

# Restrict SNMP access to specific IP address or subnet (optional)
# Only allow SNMP queries from a specific IP or subnet (e.g., 192.168.1.0/24)
# rocommunity your_secure_community_string 192.168.1.0/24

# System monitoring information
view   systemview  included   .1.3.6.1.2.1.1
view   systemview  included   .1.3.6.1.2.1.25.1.1

# Allow SNMPv1 and SNMPv2c access for read-only users
access  notConfigGroup "" any noauth exact systemview none none

Step 4: Restart SNMP Daemon

Once the configuration is done, restart the snmpd service to apply the changes:

sudo systemctl restart snmpd

Step 5: Open Port 161 on the Firewall

SNMP uses port 161 (UDP) for communication. If you have a firewall enabled, you will need to open this port to allow SNMP traffic.

Add the rule to open port 161 for UDP traffic:

sudo firewall-cmd --permanent --add-port=161/udp

Reload the firewall configuration to apply the changes:

sudo firewall-cmd --reload

Step 6: Test SNMPv2c Configuration

You can now test the SNMP configuration using the snmpwalk command with your community string. Replace your_secure_community_string with the community string you defined in the configuration file.

snmpwalk -v2c -c your_secure_community localhost

If everything is set up correctly, this command will return a list of SNMP data from your server.

Step 7: Setting Up SNMPv3 User for Enhanced Security

SNMPv3 provides enhanced security with authentication and encryption. To create a user with SNMPv3, you can use the net-snmp-create-v3-user utility.

Run the following command to create an SNMPv3 user with SHA for authentication and AES for encryption:

sudo net-snmp-create-v3-user -ro -a SHA -A "authPassphrase123" -x AES -X "privPassphrase123" -u mySecureUser

This will create a read-only SNMPv3 user with the specified authentication and privacy keys.

Step 8: Add the SNMPv3 User to the Configuration File

You can also manually add the SNMPv3 user to the /etc/snmp/snmpd.conf file. To do so, add the following lines:

# Define SNMPv3 user
createUser mySecureUser SHA "authPassphrase123" AES "privPassphrase123"

# Allow this user read-only access
rouser mySecureUser

Step 9: Test SNMPv3 Configuration

To test SNMPv3 functionality, use the snmpwalk command with your SNMPv3 credentials:

snmpwalk -v3 -u mySecureUser -a SHA -A "authPassphrase123" -x AES -X "privPassphrase123" -l authPriv localhost

This will return SNMP data using SNMPv3 authentication and encryption.

Conclusion

By following these steps, you’ve successfully set up an SNMP server on your Rocky Linux system, allowing you to monitor the system’s performance and uptime. You've also configured SNMPv3 for better security with authentication and encryption. Whether you're using SNMPv2c or SNMPv3, this setup can be easily adapted to monitor additional devices in your network.

For further monitoring, you can use SNMP management tools like snmpwalk, snmpget, or third-party applications such as Zabbix, Nagios, or PRTG.

0 replies

Be the first to reply!

Reply