How To Install and Configure an SNMP on Ubuntu 20.04

Introduction

A large part of being a system administrator is collecting accurate information about your servers and infrastructure. There are a number of tools and options for gathering and processing this type of information. Many of them are built upon a technology called SNMP.

sudo apt update

Next, install the SNMP software:

sudo apt install snmp snmp-mibs-downloader

As mentioned before, most of the bulk of the work happens in the agent server, so your configuration on the manager server will be less involved. You just need to modify one file to make sure that SNMP tools can use the extra MIB data you installed.

On your manager server, open the /etc/snmp/snmp.conf file in your text editor with sudo privileges. This tutorial will use nano:

sudo nano /etc/snmp/snmp.conf

In this file, there are a few comments and a single un-commented line. To allow the manager to import the MIB files, comment out the mibs : line:

/etc/snmp/snmp.conf

# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loading them by commenting out the following line.
#mibs :

Save and close snmp.conf by pressing CTRL+X, followed by Y, and then ENTER if you’re using nano.

You are now finished configuring the manager server, but you will still need to use this server to help configure your agent server, which you will do in the next step.

Configuring the SNMP Agent Server

As a true client-server system, the agent server does not have any of the external tools needed to configure its own SNMP setup. You can modify some configuration files to make some changes, but most of the changes you need to make will be done by connecting to your agent server from your management server.

In this tutorial, you will use version 3 of the SNMP protocol. Unlike SNMPv1 and v2, in SNMPv3 each message contains security parameters that are encoded. In this step you will configure SNMPv3 authentication and access control rules.

To get started, on your agent server, open the daemon’s configuration file with sudo privileges:

sudo nano /etc/snmp/snmpd.conf

Inside, you will have to make a few changes. These will mainly be used to bootstrap your configuration so that you can manage it from your other server.

/// code for snmpd.conf

 ###########################################################################
#
# snmpd.conf
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
# See snmpd.conf(5) man page for details
#
###########################################################################
# SECTION: System Information Setup
#
# syslocation: The [typically physical] location of the system.
#   Note that setting this value here means that when trying to
#   perform an snmp SET operation to the sysLocation.0 variable will make
#   the agent return the "notWritable" error code.  IE, including
#   this token in the snmpd.conf file will disable write access to
#   the variable.
#   arguments:  location_string
sysLocation    Sitting on the Dock of the Bay
sysContact     Me 
# sysservices: The proper value for the sysServices object.
#   arguments:  sysservices_number
sysServices    72
 ###########################################################################
# SECTION: Agent Operating Mode
#
#   This section defines how the agent will operate when it
#   is running.
# master: Should the agent operate as a master agent or not.
#   Currently, the only supported master agent type for this token
#   is "agentx".
#   
#   arguments: (on|yes|agentx|all|off|no)
 master  agentx
 # agentaddress: The IP address and port number that the agent will listen on.
#   By default the agent listens to any and all traffic from any
#   interface on the default SNMP port (161).  This allows you to
#   specify which address, interface, transport type and port(s) that you
#   want the agent to listen on.  Multiple definitions of this token
#   are concatenated together (using ':'s).
#   arguments: [transport:]port[@interface/address],...
 #agentaddress  127.0.0.1,[::1]
agentAddress udp:161
 ###########################################################################
# SECTION: Access Control Setup
#
#   This section defines who is allowed to talk to your running
#   snmp agent.
 # Views
#   arguments viewname included [oid]
 #  system + hrSystem groups only
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1
view   systemonly  included   .1.3.6.1
view   systemonly  included   .1.3.6.1.4.1.2021.11.66.0
view   systemonly  included   .1.3.6.1.2.1.25.3.3.1.2
view   systemonly  included   .1.3.6.1.4.1.4331.2.1.0
 # rocommunity: a SNMPv1/SNMPv2c read-only access community name
#   arguments:  community [default|hostname|network/bits] [oid | -V view]
# Read-only access to everyone to the systemonly view
rocommunity  public default -V systemonly
rocommunity6 public default -V systemonly
# SNMPv3 doesn't use communities, but users with (optionally) an
# authentication and encryption string. This user needs to be created
# with what they can view with rouser/rwuser lines in this file.
#
# createUser username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES] [privpassphrase]
# e.g.
# createuser authPrivUser SHA-512 myauthphrase AES myprivphrase
# This should be put into /var/lib/snmp/snmpd.conf
#
# rouser: a SNMPv3 read-only access username
#    arguments: username [noauth|auth|priv [OID | -V VIEW [CONTEXT]]]
rouser authPrivUser authpriv -V systemonly 

Apply default UFW rules:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Confirming Firewall Status:

Check the status of UFW to ensure it’s active:

sudo ufw status

or

sudo systemctl status ufw

---

Share on Facebook

Share on Twitter

Share by E-Mail

Share on Pinterest

Share on LinkedIn

Share on WhatsApp

Share on Telegram