Simple Network Management Protocol
SNMP
SNMP is among the blackest of magical arts.
Changes to the configs are not committed until clean restart or SIGHUP!
v3 User Management
Create
net-snmp-create-v3-user -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> <firstuser>
net-snmp-create-v3-user -a SHA-512 -A 12345678 -x AES128 -X 12345678 default
Clone
snmpusm -v3 -l priv -u <firstuser> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> localhost create <template>
snmpusm -v3 -l priv -u default -x SHA-512 -X 12345678 -a AES128 -A 12345678 localhost create template
snmpusm -v3 -l priv -u <template> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> localhost create <newuser> <clonefrom>
snmpusm -v3 -l priv -u template -x SHA-512 -X 12345678 -a AES128 -A 12345678 localhost create newuser template
Test
Add new users to /etc/snmp/snmpd.conf:
rouser <username>
rwuser <username>
snmpstatus -v3 -l priv -u <username> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> localhost
Change Passwords
Auth:
snmpusm -v3 -l priv -u <user> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> -Ca localhost passwd <oldauthpass> <newauthpass> <user>
Encr:
snmpusm -v3 -l priv -u <user> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> -Cx localhost passwd <oldencrpass> <newencrpass> <user>
Delete
snmpusm [auth options] localhost delete <targetuser>
v2c Communities
/etc/snmp/snmpd.conf:
rocommunity PASSPHRASE [SOURCE_IP]
rwcommunity PASSPHRASE [SOURCE_IP]
Take a Walk
snmpwalk -v2c -c PASSPHRASE TARGET_IP
snmpwalk -v3 -l priv -u <user> -a <authmode> -A <authpass> -x <encrmode> -X <encrpass> TARGET_IP
Custom Scripts
/etc/snmp/snmpd.conf
pass .1.3.6.1.2.1.25.1.10.4 /bin/sh /opt/snmp-smart-status_sda.sh
agentuser root
Debians: /lib/systemd/system/snmpd.service
ExecStart=-u root
/opt/snmp-smart-status_sda.sh
#!/bin/bash
if [ "$1" = "-g" ]
then
echo .1.3.6.1.2.1.25.1.10.4
echo string
smartctl -H /dev/sda | grep "OK" | awk '{print $4}'
fi
Misc
Enable UCD-SNMP Disk Monitoring
/etc/snmp/snmpd.conf:
includeAllDisks 10%