Saturday, March 5, 2016

SNMP Configuration in CentOS or RHEL 7


This is the follow-up to my original post on configuring SNMP v3 in CentOS or RHEL 6. Make sure you check out that post first for some background information if you need it.

So let’s get started.

Install net-snmp

If SNMP is not yet installed on your server, execute the following shell command:

sudo yum -y install net-snmp net-snmp-utils

Create an SNMP configuration file

When net-snmp is installed on the machine, a sample/default file is created. So lets move that file to a new location as we are not going to use it. Execute,

sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig

Next, lets create a new file from scratch:

sudo vim /etc/snmp/snmpd.conf

Hit 'i' to enter insert mode, then enter in the following text:

# Basic SNMP Community Information
# Note Source IPs. Enter in your own IPs that will be allowed to communicate with the service.
# It is recommended to allow localhost so you can run tests with snmpwalk.
# Otherwise omit localhost if it is not needed.
# You can list allowed subnets if you wish. Example below.
#
#           Community.Name  Source.IP.Allowed
rocommunity public          127.0.0.1
rocommunity public          10.40.60.57
rocommunity public          192.168.1.0/24

# Optional location information
syslocation MyLocation

# Optional contact information
syscontact Super User <myemail@domain.com>

# SNMP v3 User Information

** Note that the last line is commented out by the '#' and there is nothing in the SNMP v3 User Information section yet. Also, do NOT use "public". Define your own community name.

Save the file and exit by hitting Esc, then :wq to save and quit.

Create the SNMP v3 User

In this example, the read only SNMP v3 user we are going to create in this example defines three things
  • snmpv3user = Rename this to the user name you desire.
  • snmpv3authentication = Define your user authetication key here.
  • snmpv3privacy = Define your privacy key here.
Execute the following commands in order to create your user:

sudo systemctl stop snmpd.service
sudo net-snmp-create-v3-user -ro -A snmpv3authentication -a SHA -X snmpv3privacy -x AES snmpv3user
sudo systemctl reload snmpd.service
sudo systemctl start snmpd.service

** This specific user, with these specific options, is set up with SHA authentication and AES 128 bit privacy.

Note the difference in how to restart services in CoreOS/RHEL v7 - It now uses systemd which takes time to get used to...

So now the core configuration for SNMP v2c communities and your v3 user are now set up. Lets finish this by creating the firewall rules to allow the monitoring traffic in/out.

Create a Firewall Rule to Allow SNMP Traffic

Execute the following command,

sudo firewall-cmd --add-port=161-162/udp --zone=public --permanent

** This rule allows SNMP communication from ALL inbound IP addresses. Note that in v7 we must use "firewall-cmd" instead of iptables to make firewall rule changes.

Set SNMP to Run at Boot Time

Finally execute,

sudo chkconfig snmpd on

From this point, you can now add in your CentOS/RHEL server to your monitoring system via SNMP v2c (as defined by your community you selected), or by SNMP v3 user you created.

- Joe