SNMP (Simple Network Management Protocol) is a protocol widely used in network management to monitor the health and welfare of network equipment, computer equipment and other devices. Net-SNMP software used in this document is a set of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and / or IPv6.

Required Software.

* Net-snmp-5.0.9
* Net-snmp-utils-5.0.9

Snmpd is a service that is installed so regularly default on most distributions, but is not enabled on system startup services. Package net-snmp-utils installed so rarely default, so you can run the following to install the necessary software:
Systems using yum:

yum-y install net-snmp net-snmp-utils

Systems using up2date:

up2date-i net-snmp net-snmp-utils

Procedures
Configuration file.

The file / etc / snmp / snmpd.conf installed by default is a real mess of comments and options of all kinds. The best practice will be closing a file clean and new content.

cd / etc / snmp
mv snmpd.conf snmpd.conf-OLD
snmpd.conf touch

Access control lists.

It must create access control lists (ACLs) for the file / etc / snmp / snmpd.conf and help to define who will have access to the snmpd service. In one of these lists will be given access permission to read and write whatever it takes and the other read-only. For security reasons only the 127.0.0.1 interface will read the writing. Permission is granted read only access to a network or an IP on the other access control list (ACL).

So could add a couple of lines like the following:

127.0.0.1/32 Cl4v3 local com2sec-d3-Acc3s0
com2sec miredlocal 192.168.1.0/24 Cl4v3-d3-Acc3s0

In the above the first line means that there will be an access control list called ‘local’, corresponding only 127.0.0.1/32 by allocating Cl4v3-d3-Acc3s0 as password. The second line does the same thing by defining the 192.168.1.0/24 network. You can define what you like until it is the root password, this is because this key is transmitted over the network as plaintext (ie unencrypted).
Definition of groups.

It will create two groups: MyRWGroup and MyROGroup. The first is a group that was later assigned read / write permissions and the second is a group which was later assigned read-only permissions. For each group are assigned three lines that specify the type of access will be allowed at any given time a particular group. That is, associated with MyRWGroup local MyROGroup to miredlocal.

# Local group is given read / write
MyRWGroup group local v1
MyRWGroup group local v2c
MyRWGroup group local usm

# Miredlocal the group is assigned Read Only
MyROGroup group v1 miredlocal
MyROGroup v2c group miredlocal
MyROGroup group usm miredlocal

Branches permitted.

It specifies the branches that will allow us to see through the service. The most common, for example, be used with MRTG, is this:

# # Name incl / excl subtree mask (optional)
view all included .1 80

Assign permissions to groups.

You must specify that the two groups have permissions, MyROGroup and MyRWGroup. Of special interest are the last columns.

# # Group context sec.model sec.level prefix read write notif
MyROGroup access “” any noauth exact all none none
MyRWGroup access “” any noauth exact all all all

Parameters for information.

Two parameters are defined for information purposes when using client applications such as MRTG include some information about that system is being accessed.

Linux Server sysLocation SERVIDOR.algun-SU-dominio.net
syscontact Administrator (fulano@algun-dominio.net)

A real example.

The example shown below is used in every PC that has the author at home and office. Just replace redlocal enough for what you consider appropriate and to replace 192.168.1.0/24 IP network or from which a client requires access snmp, like MRTG.

# Access control lists (ACLs)
# # Sec.name source community (aka password)
127.0.0.1/32 Cl4v3 local com2sec-d3-Acc3s0
com2sec miredlocal 192.168.1.0/24 Cl4v3-d3-Acc3s0

# ACL is assigned to the group read / write
MyRWGroup group local v1
MyRWGroup group local v2c
MyRWGroup group local usm

# ACL is assigned read-only group
MyROGroup group v1 miredlocal
MyROGroup v2c group miredlocal
MyROGroup group usm miredlocal

# Branches MIB which are allowed to see
# # Name incl / excl subtree mask (optional)
view all included .1 80

# Set permissions to read and write
# # Group context sec.model sec.level prefix read write notif
MyROGroup access “” any noauth exact all none none
MyRWGroup access “” any noauth exact all all all

# System Contact Information
Linux Server amdk6.linuxparatodos.com.mx sysLocation
syscontact Administrator (fulano@algun-dominio.net)

If necessary add more computers to access the snmp service, just have to do the following:

1.

Add an ACL with a unique name. Example:

com2sec micueva 192.168.1.251 Cl4v3-d3-Acc3s0

2.

Add a game rule that assigns the group, in this case micueva, with the following:

otrogrupo group local v1
otrogrupo group local v2c
otrogrupo group local usm

3.

Add a line which states that permission will otrogrupo group. In this example, will be read only:

MyROGroup access “” any noauth exact all none none

Start the service and add it to the system boot services

Start the SNMP service and add it to the rest of the services that start with the system:

service snmpd start
chkconfig snmpd on

Checks.

Assuming it is a sign as Cl4v3 password-d3-Acc3s0 in a system with IP address 192.168.1.254, to test whether the configuration works, just have to run the two following commands to verify that return information about the consultation system.

snmpwalk-v 1 192.168.1.254-c-d3-Cl4v3 system Acc3s0
snmpwalk-v 1 192.168.1.254-c-d3-Cl4v3 interfaces Acc3s0