Debian / Ubuntu Linux: Install and Configure snmpd Service

SNMP (Simple Network Management Protocol) is a protocol used for network management. How do I install SNMP server under Debian or Ubuntu Linux to configure various monitoring service?

The NET-SNMP project provides various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. The snmpd package contains the snmpd and snmptrapd daemons, documentation, etc.

Install snmpd

Type the following command as root, enter:
# apt-get update && apt-get install snmpd

Snmpd Configuration Files

The default configuration for snmpd is rather paranoid for security reasons. Edit /etc/snmp/snmpd.conf or run snmpconf to allow greater access. You can individually control whether or not snmpd and snmpdtrap are run by editing /etc/default/snmpd.

Configure SNMPD

Edit /etc/snmp/snmpd.conf, enter:
# vi /etc/snmp/snmpd.conf
Edit or update file as follows:

smuxsocket 127.0.0.1
rocommunity setMeHere
com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included  .1                               80
access MyRWGroup ""      any       noauth    exact  all    all    none

com2sec notConfigUser  default       mrtg
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1
view    systemview    included  .1                               80
access  notConfigGroup ""      any       noauth    exact  systemview none none

syslocation Mumbai, IN (VSNL LB3)
syscontact Vivek Gite <alert.client22@route.nixcraft.in>

See snmpd.conf(5) man page for details. Edit /etc/default/snmpd, enter:
# /etc/default/snmpd
Update it as follows:

 
# This file controls the activity of snmpd and snmptrapd
 
# MIB directories.  /usr/share/snmp/mibs is the default, but
# including it here avoids some strange problems.
export MIBDIRS=/usr/share/snmp/mibs
 
# snmpd control (yes means start daemon).
SNMPDRUN=yes
 
# snmpd options (use syslog, close stdin/out/err).
# replace 204.x.y.z with your public IP
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1 204.x.y.z'
 
# snmptrapd control (yes means start daemon).  As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run.  See snmpd.conf(5) for how to do this.
TRAPDRUN=no
 
# snmptrapd options (use syslog).
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
 
# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT=yes

Restart Snmpd Service

Type the following command:
# /etc/init.d/snmpd restart
Sample outputs:

Restarting network management services: snmpd.

Firewall Configuration

Here is a sample firewall config file:

#!/bin/sh
 
# set shell vars
PUB_IF="eth0"
SNMPD_CLIENT="85.x.y.z"
SNMPD_SERVER="203.a.b.c"
 
IPT="/sbin/iptables"
LO_IF="lo0"
 
# DROP and close everything all incoming traffic
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
 
# Allow Full Outgoing connection but no incoming stuff by default
$IPT -A INPUT -i ${PUB_IF} -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o ${PUB_IF} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
 
# Unlimited lo access
$IPT -A INPUT -i ${LO_IF} -j ACCEPT
$IPT -A OUTPUT -o ${LO_IF} -j ACCEPT
 
### Open port 161 ###
$IPT -A INPUT -i ${PUB_IF} -s ${SNMPD_CLIENT} -d ${SNMPD_SERVER} -p udp --dport 161 -j ACCEPT
 
### rest of iptables goes here ###

Test It

From local or remote system type the following command:
# snmpwalk -v 1 -c mrtg 204.x.y.z IP-MIB::ipAdEntIfIndex
Sample outputs:

IP-MIB::ipAdEntIfIndex.10.20.110.2 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.204.xx.yy.zz = INTEGER: 3

Refernces:

man pages - iptables, snmpd, snmpd.conf, apt-get

Featured Articles:

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!