Configure SNMPv3 on Ubuntu 14.04
Simple Network Management Protocol (SNMP) is a standard protocol used to manage IP network devices. Typical SNMP-enabled devices include routers, switches, servers, workstations, printers, and data cabinets. SNMP is generally used by the network management system to monitor additional network devices according to the conditions set by the Administrator. SNMP is an integral part of the Internet Protocol Suite, which is defined by IETF institutions. It contains a series of network management standards, including an application layer protocol, a database architecture, and a set of data objects.
SNMP displays management data in the form of variables, which describe the system configuration. These variables can also be used to manage application queries (or set ).
Why SNMPv3
Although the encryption feature added by SNMPv3 does not affect the protocol, the new text conventions, concepts, and terms make it look quite different.
Based on SNMP, SNMPv3 enhances security and remote configuration.
At first, the biggest drawback of SNMP was its weak security. In the first and second versions of SNMP, authentication only transfers a plaintext password between the Administrator and the proxy. Currently, each SNMPv3 information contains an octal encoded security parameter. The specific meaning of these security parameters is determined by the selected security model.
SNMPv3 provides important security features:
Confidentiality-encrypt data packets to prevent unauthorized source listening.
Integrity-the data integrity feature ensures that data is not disturbed during transmission and includes an optional data response protection mechanism.
Authentication-check whether the data comes from a valid source.
Install the SNMP server and client in Ubuntu 14.04
Open the terminal and run the following commands
- Sudo apt-get install snmpd snmp
After the installation is complete, make the following changes.
Configure SNMPv3
Obtain access permissions from external daemon
The default installation only provides local access permissions. To obtain external access permissions, open the file/etc/default/snmpd.
- Sudo vi/etc/default/snmpd
Change the following content
Set
- SNMPDOPTS = '-Lsd-Lf/dev/null-u snmp-g snmp-I-smux, mteTrigger, mteTriggerConf-p/var/run/snmpd. Pi'
Change
- SNMPDOPTS = '-Lsd-Lf/dev/null-u snmp-I-smux-p/var/run/snmpd. pid-c/etc/snmp/snmpd. conf'
Finally, restart snmpd.
- Sudo/etc/init. d/snmpd restart
Define SNMPv3 users, authentication and encryption parameters
The "securityLevel" parameter makes SNMPv3 available for a variety of purposes.
NoAuthNoPriv -- no authorization, encryption, and any security protection!
AuthNoPriv -- authentication is required, but data sent over the network is not encrypted.
AutoPriv-the most reliable mode. Authentication is required and data is encrypted.
The configurations and settings of snmpd are saved in the/etc/snmp/snmpd. conf file. Use the editor to edit the file:
- Sudo vi/etc/snmp/snmpd. conf
Add the following content at the end of the file:
- #
- CreateUser user1
- CreateUser user2 MD5 user2password
- CreateUser user3 MD5 user3password DES user3encryption
- #
- Rouser user1 noauth 1.3.6.1.2.1.1
- Rouser user2 auth 1.3.6.1.2.1
- Rwuser user3 priv 1.3.6.1.2.1
Note: If you need to use your username/password pair, note that the minimum length of the password and encryption phrase is 8 characters.
At the same time, you need to configure the following configuration so that snmp can listen to connection requests from any interface.
Set
- # AgentAddress udp: 161, udp6: [: 1]: 161
Change
- AgentAddress udp: 161, udp6: [: 1]: 161
Save the changed snmpd. conf file and restart the daemon:
- Sudo/etc/init. d/snmpd restart
SNMP configuration for Zabbix
SNMP for dynamic network analysis
Network status monitoring using SNMP
Set up an SNMP test environment in CentOS 6.3
Linux (Ubuntu/CentOS) SNMP Configuration
Enable and configure the SNMP service for Citrix Xenserver