SNMP (Simple Network Management Protocol) is commonly used for monitoring and managing network devices. It enables administrators to gather data about network performance, system uptime, and much more. In this article, we'll go over the steps for setting up an SNMP server on a Rocky Linux machine, enabling SNMPv2c and SNMPv3 for enhanced security.
Step 1: Install SNMP Packages
To get started, you need to install the net-snmp
and net-snmp-utils
packages. These packages provide the SNMP daemon (snmpd
) and tools like snmpwalk
for querying SNMP data.
Run the following command to install the required packages:
sudo dnf install net-snmp net-snmp-utils -y
Step 2: Enable and Start the SNMP Daemon
Once the SNMP packages are installed, the next step is to enable and start the SNMP daemon (snmpd
). This allows your system to begin listening for SNMP requests.
Enable SNMP to start on boot:
sudo systemctl enable snmpd
Start the SNMP daemon:
sudo systemctl start snmpd
Step 3: Configure SNMP
Now that SNMP is running, you need to configure it to allow SNMP queries. The SNMP configuration file is located at /etc/snmp/snmpd.conf
.
Edit the SNMP configuration file using nano
:
sudo nano /etc/snmp/snmpd.conf
Below is a sample snmpd.conf
configuration file:
# /etc/snmp/snmpd.conf
# Set the system location and contact information
syslocation YourLocation
syscontact YourContactEmail
# Agent address, listens on all IPv4 interfaces
agentAddress udp:161
# Define a read-only community string (default is 'public', but it's recommended to change it)
rocommunity your_secure_community_string default
# Restrict SNMP access to specific IP address or subnet (optional)
# Only allow SNMP queries from a specific IP or subnet (e.g., 192.168.1.0/24)
# rocommunity your_secure_community_string 192.168.1.0/24
# System monitoring information
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
# Allow SNMPv1 and SNMPv2c access for read-only users
access notConfigGroup "" any noauth exact systemview none none
Step 4: Restart SNMP Daemon
Once the configuration is done, restart the snmpd
service to apply the changes:
sudo systemctl restart snmpd
Step 5: Open Port 161 on the Firewall
SNMP uses port 161 (UDP) for communication. If you have a firewall enabled, you will need to open this port to allow SNMP traffic.
Add the rule to open port 161 for UDP traffic:
sudo firewall-cmd --permanent --add-port=161/udp
Reload the firewall configuration to apply the changes:
sudo firewall-cmd --reload
Step 6: Test SNMPv2c Configuration
You can now test the SNMP configuration using the snmpwalk
command with your community string. Replace your_secure_community_string
with the community string you defined in the configuration file.
snmpwalk -v2c -c your_secure_community localhost
If everything is set up correctly, this command will return a list of SNMP data from your server.
Step 7: Setting Up SNMPv3 User for Enhanced Security
SNMPv3 provides enhanced security with authentication and encryption. To create a user with SNMPv3, you can use the net-snmp-create-v3-user
utility.
Run the following command to create an SNMPv3 user with SHA for authentication and AES for encryption:
sudo net-snmp-create-v3-user -ro -a SHA -A "authPassphrase123" -x AES -X "privPassphrase123" -u mySecureUser
This will create a read-only SNMPv3 user with the specified authentication and privacy keys.
Step 8: Add the SNMPv3 User to the Configuration File
You can also manually add the SNMPv3 user to the /etc/snmp/snmpd.conf
file. To do so, add the following lines:
# Define SNMPv3 user
createUser mySecureUser SHA "authPassphrase123" AES "privPassphrase123"
# Allow this user read-only access
rouser mySecureUser
Step 9: Test SNMPv3 Configuration
To test SNMPv3 functionality, use the snmpwalk
command with your SNMPv3 credentials:
snmpwalk -v3 -u mySecureUser -a SHA -A "authPassphrase123" -x AES -X "privPassphrase123" -l authPriv localhost
This will return SNMP data using SNMPv3 authentication and encryption.
Conclusion
By following these steps, you’ve successfully set up an SNMP server on your Rocky Linux system, allowing you to monitor the system’s performance and uptime. You've also configured SNMPv3 for better security with authentication and encryption. Whether you're using SNMPv2c or SNMPv3, this setup can be easily adapted to monitor additional devices in your network.
For further monitoring, you can use SNMP management tools like snmpwalk
, snmpget
, or third-party applications such as Zabbix, Nagios, or PRTG.