This is the follow-up to my original post on configuring SNMP v3 in CentOS or RHEL 6. Make sure you check out that post first for some background information if you need it.
So let’s get started.
Install net-snmpIf SNMP is not yet installed on your server, execute the following shell command:
sudo yum -y install net-snmp net-snmp-utils
Create an SNMP configuration fileWhen net-snmp is installed on the machine, a sample/default file is created. So lets move that file to a new location as we are not going to use it. Execute,
sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
Next, lets create a new file from scratch:
sudo vim /etc/snmp/snmpd.conf
Hit 'i' to enter insert mode, then enter in the following text:
# Basic SNMP Community Information # Note Source IPs. Enter in your own IPs that will be allowed to communicate with the service. # It is recommended to allow localhost so you can run tests with snmpwalk. # Otherwise omit localhost if it is not needed. # You can list allowed subnets if you wish. Example below. # # Community.Name Source.IP.Allowed rocommunity public 127.0.0.1 rocommunity public 10.40.60.57 rocommunity public 192.168.1.0/24 # Optional location information syslocation MyLocation # Optional contact information syscontact Super User <email@example.com> # SNMP v3 User Information
** Note that the last line is commented out by the '#' and there is nothing in the SNMP v3 User Information section yet. Also, do NOT use "public". Define your own community name.
Save the file and exit by hitting Esc, then :wq to save and quit.
Create the SNMP v3 UserIn this example, the read only SNMP v3 user we are going to create in this example defines three things
- snmpv3user = Rename this to the user name you desire.
- snmpv3authentication = Define your user authetication key here.
- snmpv3privacy = Define your privacy key here.
sudo systemctl stop snmpd.service sudo net-snmp-create-v3-user -ro -A snmpv3authentication -a SHA -X snmpv3privacy -x AES snmpv3user sudo systemctl reload snmpd.service sudo systemctl start snmpd.service
Note the difference in how to restart services in CoreOS/RHEL v7 - It now uses systemd which takes time to get used to...
So now the core configuration for SNMP v2c communities and your v3 user are now set up. Lets finish this by creating the firewall rules to allow the monitoring traffic in/out.
Create a Firewall Rule to Allow SNMP TrafficExecute the following command,
sudo firewall-cmd --add-port=161-162/udp --zone=public --permanent
** This rule allows SNMP communication from ALL inbound IP addresses. Note that in v7 we must use "firewall-cmd" instead of iptables to make firewall rule changes.
Set SNMP to Run at Boot TimeFinally execute,
sudo chkconfig snmpd on
From this point, you can now add in your CentOS/RHEL server to your monitoring system via SNMP v2c (as defined by your community you selected), or by SNMP v3 user you created.