Difference between revisions of "Simple Network Management Protocol"
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
= SNMP = | = SNMP = | ||
SNMP is the blackest of magical arts. | SNMP is among the blackest of magical arts.<br> | ||
<br> | |||
'''Changes to the configs are not committed until clean restart or SIGHUP!'''<br> | |||
== v3 User Management == | |||
=== Create | === Create === | ||
net-snmp-create-v3-user -a SHA-512 -A | <code>net-snmp-create-v3-user -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> <firstuser></code><br> | ||
<code>net-snmp-create-v3-user -a SHA-512 -A 12345678 -x AES128 -X 12345678 default</code><br> | |||
<br> | |||
=== Clone === | |||
<code>snmpusm -v3 -l priv -u <firstuser> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> localhost create <template></code><br> | |||
<code>snmpusm -v3 -l priv -u default -x SHA-512 -X 12345678 -a AES128 -A 12345678 localhost create template</code><br> | |||
<br> | |||
<code>snmpusm -v3 -l priv -u <template> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> localhost create <newuser> <clonefrom></code><br> | |||
<code>snmpusm -v3 -l priv -u template -x SHA-512 -X 12345678 -a AES128 -A 12345678 localhost create newuser template</code><br> | |||
<br> | |||
=== Test === | |||
Add new users to /etc/snmp/snmpd.conf:<br> | |||
<code>rouser <username></code><br> | |||
<code>rwuser <username></code><br> | |||
<code>snmpstatus -v3 -l priv -u <username> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> localhost</code><br> | |||
<br> | |||
=== Change Passwords === | |||
Auth:<br> | |||
<code>snmpusm -v3 -l priv -u <user> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> -Ca localhost passwd <oldauthpass> <newauthpass> <user></code><br> | |||
Encr:<br> | |||
<code>snmpusm -v3 -l priv -u <user> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> -Cx localhost passwd <oldencrpass> <newencrpass> <user></code><br> | |||
<br> | |||
=== Delete === | |||
<code>snmpusm [auth options] localhost delete <targetuser></code><br> | |||
<br> | |||
== v2c Communities == | |||
/etc/snmp/snmpd.conf:<br> | |||
<code>rocommunity PASSPHRASE [SOURCE_IP]</code><br> | |||
<code>rwcommunity PASSPHRASE [SOURCE_IP]</code><br> | |||
== Take a Walk== | |||
<code>snmpwalk -v2c -c PASSPHRASE TARGET_IP</code><br> | |||
<code>snmpwalk -v3 -l priv -u <user> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> TARGET_IP</code><br> | |||
== Custom Scripts == | |||
==== /etc/snmp/snmpd.conf ==== | |||
<code>pass .1.3.6.1.2.1.25.1.10.4 /bin/sh /opt/snmp-smart-status_sda.sh</code><br> | |||
<code>agentuser root</code> | |||
==== Debians: /lib/systemd/system/snmpd.service ==== | |||
<code>ExecStart=-u root</code> | |||
==== /opt/snmp-smart-status_sda.sh ==== | |||
<nowiki>#!/bin/bash | |||
if [ "$1" = "-g" ] | |||
then | |||
echo .1.3.6.1.2.1.25.1.10.4 | |||
echo string | |||
smartctl -H /dev/sda | grep "OK" | awk '{print $4}' | |||
fi</nowiki> | |||
== Misc == | |||
==== Enable UCD-SNMP Disk Monitoring ==== | |||
/etc/snmp/snmpd.conf:</br> | |||
<code>includeAllDisks 10%</code> | |||
Latest revision as of 20:04, 7 November 2025
SNMP
SNMP is among the blackest of magical arts.
Changes to the configs are not committed until clean restart or SIGHUP!
v3 User Management
Create
net-snmp-create-v3-user -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> <firstuser>
net-snmp-create-v3-user -a SHA-512 -A 12345678 -x AES128 -X 12345678 default
Clone
snmpusm -v3 -l priv -u <firstuser> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> localhost create <template>
snmpusm -v3 -l priv -u default -x SHA-512 -X 12345678 -a AES128 -A 12345678 localhost create template
snmpusm -v3 -l priv -u <template> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> localhost create <newuser> <clonefrom>
snmpusm -v3 -l priv -u template -x SHA-512 -X 12345678 -a AES128 -A 12345678 localhost create newuser template
Test
Add new users to /etc/snmp/snmpd.conf:
rouser <username>
rwuser <username>
snmpstatus -v3 -l priv -u <username> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> localhost
Change Passwords
Auth:
snmpusm -v3 -l priv -u <user> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> -Ca localhost passwd <oldauthpass> <newauthpass> <user>
Encr:
snmpusm -v3 -l priv -u <user> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> -Cx localhost passwd <oldencrpass> <newencrpass> <user>
Delete
snmpusm [auth options] localhost delete <targetuser>
v2c Communities
/etc/snmp/snmpd.conf:
rocommunity PASSPHRASE [SOURCE_IP]
rwcommunity PASSPHRASE [SOURCE_IP]
Take a Walk
snmpwalk -v2c -c PASSPHRASE TARGET_IP
snmpwalk -v3 -l priv -u <user> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> TARGET_IP
Custom Scripts
/etc/snmp/snmpd.conf
pass .1.3.6.1.2.1.25.1.10.4 /bin/sh /opt/snmp-smart-status_sda.sh
agentuser root
Debians: /lib/systemd/system/snmpd.service
ExecStart=-u root
/opt/snmp-smart-status_sda.sh
#!/bin/bash
if [ "$1" = "-g" ]
then
echo .1.3.6.1.2.1.25.1.10.4
echo string
smartctl -H /dev/sda | grep "OK" | awk '{print $4}'
fi
Misc
Enable UCD-SNMP Disk Monitoring
/etc/snmp/snmpd.conf:
includeAllDisks 10%