Today I’m setting up snmpd on a new [to me] host. It’s a Dell R730. Previously, my documentation for this was a bit jumbled. It was written in 2015 and contains a few updates and corrections. It was hard to follow, even for me.
This new post is an update of that one.
I got some help from Ryan Steinmetz who suggested I use this approach.
First, we install net-snmp:
pkg install net-snmp
I added this to /etc/rc.conf:
snmpd_enable="YES" snmpd_flags="-a -r" snmpd_conffile="/usr/local/etc/snmpd.conf"
The configuration file is pretty simple. I started with the supplied example:
[20:36 r730-03 dvl ~] % sudo cp -i /usr/local/share/snmp/snmpd.conf.example /usr/local/etc/snmpd.conf overwrite /usr/local/etc/snmpd.conf? (y/n [n]) y
I made only this change:
$ diff -ruN /usr/local/share/snmp/snmpd.conf.example /usr/local/etc/snmpd.conf --- /usr/local/share/snmp/snmpd.conf.example 2017-11-16 04:42:33.000000000 +0000 +++ /usr/local/etc/snmpd.conf 2017-12-07 16:08:35.380256000 +0000 @@ -12,7 +12,7 @@ # # Listen for connections from the local system only -agentAddress udp:127.0.0.1:161 +agentAddress udp:10.0.0.1:161 # Listen for connections on all interfaces (both IPv4 *and* IPv6) #agentAddress udp:161,udp6:[::1]:161
Where 10.0.0.1 is the IP Address that snmpd should listen on.
Next, a wee bit of the documentation:
% net-snmp-create-v3-user --help Usage: net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass] [-a MD5|SHA] [-x DES|AES] [username]
Now for the formula (you must modify foo and
to real passwords; don’t use these one; also change roDVL).
[20:39 r730-03 dvl ~] % sudo service snmpd stop Stopping snmpd. Waiting for PIDS: 3478. [20:39 r730-03 dvl ~] % sudo net-snmp-config --create-snmpv3-user -ro -x AES -a SHA -A 'foo' -X 'bar' roDVL adding the following line to /var/net-snmp/snmpd.conf: createUser roDVL SHA "foo" AES "bar" adding the following line to /share/snmp/snmpd.conf: rouser roDVL touch: /share/snmp/snmpd.conf: No such file or directory /usr/local/bin/net-snmp-create-v3-user: cannot create /share/snmp/snmpd.conf: No such file or directory
Oh yes, we need to create that directory. That’s shown up before.
Let’s play their silly game:
[20:46 r730-03 dvl ~] % sudo mkdir -p /share/snmp [20:46 r730-03 dvl ~] %
And try again:
[20:46 r730-03 dvl ~] % sudo net-snmp-config --create-snmpv3-user -ro -x AES -a SHA -A 'foo' -X 'bar' roDVL adding the following line to /var/net-snmp/snmpd.conf: createUser roDVL SHA "foo" AES "bar" adding the following line to /share/snmp/snmpd.conf: rouser roDVL [20:46 r730-03 dvl ~] %
Now, move that newly created file into place (note that it’s slightly different from the above suggestion because the code is assuming non-FreeBSD standards.
[20:46 r730-03 dvl ~] % sudo mv /share/snmp/snmpd.conf /usr/local/share/snmp/snmpd.conf [20:48 r730-03 dvl ~] %
[20:49 r730-03 dvl ~] % sudo service snmpd start Starting snmpd.
This should just work.
shell security issue
NOTE: you might want to delete the above from your shell history…. no sense leaving those passwords sitting there.
Notes about quotes
I found wonkiness if you have to put quotes around the -X parameter… observe the output of the net-snmp-config and keep that in mind.
To test that you have the correct passwords, try this:
snmpwalk -v3 -l authPriv -u dvlro -a SHA -A supersecretauth -x AES -X supersecretXX yourhost.example.org HOST-RESOURCES-MIB::hrSystemNumUsers
You should see something like this:
HOST-RESOURCES-MIB::hrSystemNumUsers.0 = Gauge32: 2