HOWTO use SNMPv3 (UBUNTU)

HOWTO use SNMPv3 (UBUNTU)

1.- Install SNMP

Follow the follow blog entry to install SNMP server and client first.
http://wmunguiam.blogspot.com/2009/07/howto-install-snmp-and-test-snmpv1.html

2.- Level users
SNMP version 3 (SNMPv3) is used to provide a secured environment in managing the systems and networks. The SNMPv3 Agent provides support for three level of users. The supported security levels as defined in the USM MIB (RFC 2574) are:

• noAuthNoPriv - Communication without authentication and privacy.
• authNoPriv - Communication with authentication and without privacy. The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm).
• authPriv - Communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA. The DES (Data Encryption Standard) protocol is used for Privacy.

3.- MIB Tree:
Reference: http://www.alvestrand.no/objectid/1.3.6.1.2.1.html

• 1.3.6.1.2.1.1 - SNMP MIB-2 System
• 1.3.6.1.2.1.2 - SNMP MIB-2 Interfaces
• 1.3.6.1.2.1.3 - at
• 1.3.6.1.2.1.4 - ip
• 1.3.6.1.2.1.5 - icmp
• 1.3.6.1.2.1.6 - tcp
• 1.3.6.1.2.1.7 - udp
• 1.3.6.1.2.1.1.1 - sysDescr
• 1.3.6.1.2.1.1.2 - sysObjectID
• 1.3.6.1.2.1.1.3 - sysUpTime
• 1.3.6.1.2.1.1.4 - sysContact
• 1.3.6.1.2.1.1.5 - sysName
• 1.3.6.1.2.1.1.6 - sysLocation
• 1.3.6.1.2.1.1.7 - sysServices

4.- Backup "snmpd.conf" (to restore it if want later)

wmunguiam@server:~$ sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf-backup

5.- Manual Edition of "snmpd.conf" for SNMPv3

Go to directory:

wmunguiam@server:~$ cd /etc/snmp/

Review files: (look for snmpd.conf)

wmunguiam@server:~$ ls -lh

Edit snmpd.conf:

wmunguiam@server:~$ sudo vim snmpd.conf

Add this Example Content File:

#=====================================
#Users Creation
createUser monitor SHA monitorpw
createUser engineer MD5 engineerpw
createUser supervisor MD5 supervisorpw DES supervisorx
#Access features
rouser monitor noauth .1.3.6.1.2.1
rouser engineer auth .1.3.6.1.2.1
rwuser supervisor auth .1.3.6.1.2.1.1
rouser supervisor priv .1.3.6.1.2.1
#=====================================

DESCRIPTION:

- User1: monitor
Password: monitorpw (type SHA)
Access: Read Only (With NoAuth) to OID .1.3.6.1.2.1

- User2: engineer
Password: engineerpw (type(MD5)
Access: Read Only (With Auth) to OID .1.3.6.1.2.1

-User3: supervisor
Password: supervisorpw(type MD5)
Password PDU encryption: supervisorx (type DES)
Access: Read Write (With Auth ) to OID .1.3.6.1.2.1.1
Access: Read Only (With Auth and Encryp) to OID .1.3.6.1.2.1




6.- Restart SNMP service

wmunguiam@server:~$ sudo /etc/init.d/snmpd restart
Restarting network management services:.

7.- Test configuration

Reading Location Object: (System=.1.3.6.1.2.1.1)

wmunguiam@server:/etc/snmp$ snmpget -v 3 -u monitor -l NoauthNo Priv localhost .1.3.6.1.2.1.1.6.0
Output:
SNMPv2- MIB::sysLocation.0 = STRING: MyLAB

wmunguiam@server:/etc/snmp$ snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw localhost .1.3.6.1.2.1.1.6.0
Output:
SNMPv2- MIB::sysLocation.0 = STRING: MyLAB

wmunguiam@server:/etc/snmp$ snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw localhost .1.3.6.1.2.1.1.6.0
Output:
SNMPv2- MIB::sysLocation.0 = STRING: MyLAB

wmunguiam@server:/etc/snmp$ snmpget -v 3 -u supervisor -l auth NoPriv -a MD5 -A supervisorpw localhost .1.3.6.1.2.1.1.6.0
Output:
SNMPv2- MIB::sysLocation.0 = STRING: MyLAB

wmunguiam@server:/etc/snmp$ snmpget -v 3 -u supervisor -l authPriv -a MD5 -A supervisorpw -x DES -X supervisorx localhost .1.3.6.1.2.1.1.6.0
Output:
SNMPv2- MIB::sysLocation.0 = STRING: MyLAB

Writing data over Object:

wmunguiam@server:~$ snmpset -v3 -u supervisor -l authPriv -a MD5 -A supervisorpw -x DES -X supervisorx localhost .1.3.6.1.2.1.1.4.0 s wmunguiam@blogspot.com
Output:
SNMPv2- MIB::sysContact.0 = STRING: wmunguiam@blogspot.com