Saturday, July 4, 2009

HOWTO use SNMPv3 (UBUNTU)

HOWTO use SNMPv3 (UBUNTU)

1.- Install SNMP

Follow the follow blog entry to install SNMP server and client first.
http://wmunguiam.blogspot.com/2009/07/howto-install-snmp-and-test-snmpv1.html

2.- Level users
SNMP version 3 (SNMPv3) is used to provide a secured environment in managing the systems and networks. The SNMPv3 Agent provides support for three level of users. The supported security levels as defined in the USM MIB (RFC 2574) are:
  • noAuthNoPriv - Communication without authentication and privacy.
  • authNoPriv - Communication with authentication and without privacy. The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm).
  • authPriv - Communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA. The DES (Data Encryption Standard) protocol is used for Privacy.
3.- MIB Tree:
Reference: http://www.alvestrand.no/objectid/1.3.6.1.2.1.html


4.- Backup "snmpd.conf" (to restore it if want later)

wmunguiam@server:~$ sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf-backup


5.- Manual Edition of "snmpd.conf" for SNMPv3

Go to directory:
wmunguiam@server:~$ cd /etc/snmp/
Review files: (look for snmpd.conf)


wmunguiam@server:~$ ls -lh

Edit snmpd.conf:
wmunguiam@server:~$ sudo vim snmpd.conf


Add this Example Content File:

#=====================================
#Users Creation
createUser monitor SHA monitorpw
createUser engineer MD5
engineerpw
createUser supervisor MD5
supervisorpw DES supervisorx
#Access features
rouser monitor noauth .1.3.6.1.2.1
rouser engineer auth .1.3.6.1.2.1
rwuser supervisor auth .1.3.6.1.2.1.1
rouser
supervisor priv .1.3.6.1.2.1
#=====================================

DESCRIPTION:

- User1: monitor
Password: monitorpw (type SHA)
Access: Read Only (With NoAuth) to OID .1.3.6.1.2.1

- User2: engineer
Password: engineerpw (type(MD5)
Access: Read Only (With Auth) to OID .1.3.6.1.2.1

-User3: supervisor
Password: supervisorpw(type MD5)
Password PDU encryption: supervisorx (type DES)
Access: Read Write (With Auth ) to OID .1.3.6.1.2.1.1
Access: Read Only (With Auth and Encryp) to OID .1.3.6.1.2.1




6.- Restart SNMP service

wmunguiam@server:~$ sudo /etc/init.d/snmpd restart
Restarting network management services:.

7.- Test configuration

Reading Location Object: (System=.1.3.6.1.2.1.1)

wmunguiam@server:/etc/snmp$ snmpget -v 3 -u monitor -l NoauthNo Priv localhost .1.3.6.1.2.1.1.6.0
Output:
SNMPv2- MIB::sysLocation.0 = STRING: MyLAB

wmunguiam@server:/etc/snmp$ snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw localhost .1.3.6.1.2.1.1.6.0
Output:
SNMPv2- MIB::sysLocation.0 = STRING: MyLAB

wmunguiam@server:/etc/snmp$ snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw localhost .1.3.6.1.2.1.1.6.0
Output:
SNMPv2- MIB::sysLocation.0 = STRING: MyLAB

wmunguiam@server:/etc/snmp$ snmpget -v 3 -u supervisor -l auth NoPriv -a MD5 -A supervisorpw localhost .1.3.6.1.2.1.1.6.0
Output:
SNMPv2- MIB::sysLocation.0 = STRING: MyLAB

wmunguiam@server:/etc/snmp$ snmpget -v 3 -u supervisor -l authPriv -a MD5 -A supervisorpw -x DES -X supervisorx localhost .1.3.6.1.2.1.1.6.0
Output:
SNMPv2- MIB::sysLocation.0 = STRING: MyLAB

Writing data over Object:

wmunguiam@server:~$ snmpset -v3 -u supervisor -l authPriv -a MD5 -A supervisorpw -x DES -X supervisorx localhost .1.3.6.1.2.1.1.4.0 s wmunguiam@blogspot.com
Output:
SNMPv2- MIB::sysContact.0 = STRING: wmunguiam@blogspot.com

2 comments:

  1. Can anyone recommend the well-priced MSP system for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central remote pc access
    ? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!

    ReplyDelete