Documentation

Configuring Linux prerequisites

Do you need help?

1. Objective

SNMP configuration of a Linux device.

2. Debian, Ubuntu

2.1 SNMP installation

root@localhost # apt-get install snmp snmpd

2.2 Configuration

Edit the SNMP configuration file :

root@localhost # nano /etc/snmp/snmpd.conf

Make a backup of the file before modification

Allow read access to SNMP data.

#AGENT BEHABIOUR#

agentAddress udp:161


#ACCESS CONTROL#

rocommunity  localhost
rocommunity

Then edit the file /etc/default/snmpd :

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'

replacing 127.0.0.1 with the IP address of the network interface used to communicate with the target device. To avoid filtering at this level, simply remove the IP address.

Save the configuration file and restart the service:

root@localhost # /etc/init.d/snmpd restart

3. Red Hat Enterprise Linux 3,4 and 7

3.1 Enabling SNMP access and trap forwarding for Red Hat Enterprise Linux versions 3 and 4

The OpenIPMI driver supported on Red Hat Enterprise Linux® versions 3 and 4 has a dependency on the version of Net-SNMP that is included with those Linux distributions. IBM® Director Core Services requires a different Net-SNMP version, 5.2.1. Installation of Net-SNMP 5.2.1 without removing the existing Net-SNMP version is required for IBM Director SNMP access and trap forwarding without compromising OpenIPMI services.

Complete the following steps to enable SNMP access and trap forwarding for monitored systems running Red Hat Enterprise Linux versions 3 and 4:

1. Download the net-snmp-5.2.1.tar.gz file from the Net-SNMP Web site at www.net-snmp.org/download.html.

2. Build and install the Net-SNMP libraries using the following steps.

Notes:

This procedure does not perform a full installation of Net-SNMP, but installs only the Net-SNMP libraries, which are required for IBM Director Core Services SNMP functions.
Refer to the INSTALL and README files included in the net-snmp-5.2.1.tar.gz package for additional installation information.

Untar the source files by running the following command .

tar -xvzf net-snmp-5.2.1.tar.gz

Change to the source directory and run the following command.

cd net-snmp-5.2.1

Build the Net-SNMP libraries with default options. Run the following commands.

./configure --with-defaults

make

Install the Net-SNMP libraries only, to /usr/local/lib. run the following command. ..

make installlibs

To enable trap forwarding, edit the /etc/init.d/dacimlist file and uncomment the following two lines two lines in the SNMP End Consumer section.

LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH

Note: The configuration changes will not take effect until you restart the cimlistener daemon in step 7.

To enable SNMP access, edit the /etc/init.d/dasnmp file and uncomment the following two lines in the section regarding the location of the net-snmp libraries.

LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH

Configure the SNMP daemon that ships with Red Hat Enterprise Linux to support AgentX agents. For details, see the documentation on the Net-SNMP Web Site.

Create the file /usr/local/share/snmp/snmpd.conf to specify trapsink and trapcommunity settings. You might have to create the directory. This file should contain only settings for trapcommunity and trapsink.

a) Specify a trap community value by adding a line containing the word trapcommunity followed by a space and the trapcommunity value, as in the following example.

trapcommunity public

b) Specify a trapsink value for each destination to which IBM Director will send SNMP traps. Add a line containing the word trapsink followed by a space and the trapsink value, as in the following example.

trapsink 192.168.1.1

Restart the cimlistener daemon by typing the following commands and pressing . after each:

/etc/init.d/dacimlist stop/etc/init.d/dacimlist start

Restart the IBM Director AgentX subagent by typing the following commands and pressing . after each:

/etc/init.d/dasnmp stop
/etc/init.d/dasnmp start

3.2 Installing SNMP for Red Hat Enterprise Linux 7

Red Hat Enterprise Linux 7 includes the Net-SNMPwhich offers a flexible and extensible agent or simple network management protocol (SNMP). This agent and its associated utilities can be used to provide performance data from a large number of systems on a variety of tools that support queries via the SNMP.

For example, to install the SNMP agent daemon and SNMP clients used in the rest of this section, type the following at a shell prompt as a user root :

~]# yum install net-snmp net-snmp-libs net-snmp-utils

For more information on how to install new packages on Red Hat Enterprise Linux, please see the Section 8.2.4, "Installing packages.

Run the Net-SNMP daemon

The package net-snmp contains snmpdthe SNMP agent daemon. This section provides information on how to start, stop, and restart the snmpd.

To run the service snmpd in the current session, please enter the following at the shell prompt as a user root :

systemctl start snmpd.service

To configure the service to be started automatically at boot time, use the following command:

systemctl enable snmpd.service

Configuring Net-SNMP

To change the configuration of the Net-SNMP agent daemon, please modify the configuration file /etc/snmp/snmpd.conf. The default file snmpd.conf included with Red Hat Enterprise Linux 7 contains a lot of feedback and can serve as a good starting point for agent configuration.

For more information on the configuration guidelines available, please visit the snmpd.conf(5). In addition, there is a utility in the net-snmp named snmpconfwhich can be used interactively to generate a valid agent configuration.

The Net-SNMP agent daemon supports all three versions of the SNMP protocol. The first two versions (1 and 2c) provide simple authentication using a community chain. This string is a secret shared between the agent and any client utility. However, the string is transmitted in clear text over the network, and is therefore not considered secure. SNMP version 3 supports user authentication and message encryption using a variety of protocols. The Net-SNMP agent also supports tunneling with SSH, TLS authentication with X.509 certificates, and Kerberos authentication.

Configuring an SNMP Version 2c community

To set up a SNMP version 2c communityplease use the rocommunity or rwcommunity in the configuration file /etc/snmp/snmpd.conf. The format of the guidelines is as follows:

directive community [source [IDO]]

... with community corresponding to the community string to be used, source is an IP address or subnet, and IDO is the SNMP tree to which access should be provided. Thus, the following directive provides read-only access to the tree system to a customer using the commonality chain "redhat" on the local machine:

rocommunity redhat 127.0.0.1 .1.3.6.1.2.1.1

To test the configuration, please use the command snmpwalk with the options -v and -c.

~]# snmpwalk -v2c -c redhat localhost system SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (101376) 0:16:53.76 SNMPv2-MIB::sysContact.0 = STRING: UNIX Admin  SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain SNMPv2-MIB::sysLocation.0 = STRING: Datacenter, Row 4, Rack 3[truncated output]

Configuring an SNMP Version 3 user

To set up a SNMP version 3 userplease use the command net-snmp-create-v3-user. This command adds entries to the /var/lib/net-snmp/snmpd.conf and /etc/snmp/snmpd.conf which create the user and provide access to the user. Note that the net-snmp-create-v3-user can only be executed when the agent is not running. The following example creates the user "admin" with the password "redhatsnmp" :

~]# systemctl stop snmpd.service ~]# net-snmp-create-v3-user Enter a SNMPv3 user name to create: admin Enter authentication pass-phrase: redhatsnmp Enter encryption pass-phrase: [press return to reuse the authentication pass-phrase] adding the following line to /var/lib/net-snmp/snmpd.conf: createUser admin MD5 "redhatsnmp" DES adding the following line to /etc/snmp/snmpd.conf: rwuser admin ~]# systemctl start snmpd.service

The Directive rwuser (or rouser when the command line option -ro is provided) added by net-snmp-create-v3-user à /etc/snmp/snmpd.conf has a format similar to the rwcommunity and rocommunity :

directive user [noauth|auth|priv] [IDO]

... when user is a username and IDO is the SNMP tree to which access should be provided. By default, the Net-SNMP agent daemon allows only authenticated requests (the auth). The option noauth allows you to allow unauthenticated requests, and the priv applies the use of encryption. The option authpriv specifies that requests must be authenticated and responses must be encrypted.

Thus, the following line offers the user "admin" read and write access to the entire tree:

rwuser admin authpriv .1

To test the configuration, please create a directory .snmp/ in the user's home directory, and a configuration file named snmp.conf in this directory (~/.snmp/snmp.conf) with the following lines:

defVersion 3
defSecurityLevel authPriv
defSecurityName admin
defPassphrase redhatsnmp

The order snmpwalk will use these authentication parameters when requests are made to the agent:

~]$ snmpwalk -v3 localhost system SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64[truncated output]