How to configure SNMPv3 on ubuntu 16.04 server
SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.
Why you want to use SNMPv3
Although SNMPv3 makes no changes to the protocol aside from the addition of cryptographic security, it looks much different due to new textual conventions, concepts, and terminology.
SNMPv3 primarily added security and remote configuration enhancements to SNMP.
Security has been the biggest weakness of SNMP since the beginning. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent.Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used.
SNMPv3 provides important security features:
Confidentiality -- Encryption of packets to prevent snooping by an unauthorised source.
Integrity -- Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism.
Authentication -- to verify that the message is from a valid source.
Install SNMP server and client on Ubuntu 16.04
Open the terminal and run the following command
sudo apt-get install snmpd snmp
After installation you need to do the following changes.
Get access to the daemon from the outside.
The default installation only provides access to the daemon for localhost. In order to get access from the outside open the file /etc/default/snmpd in your favourite editor
sudo vi /etc/default/snmpd
Change the following line
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /var/run/snmpd.pid'
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
and restart snmpd
sudo /etc/init.d/snmpd restart
Define SNMPv3 users, authentication and encryption parameters
SNMPv3 can be used in a number of ways depending on the “securityLevel” configuration parameter:
noAuthNoPriv -- No authorisation and no encryption, basically no security at all!
authNoPriv -- Authorisation is required but collected data sent over the network is not encrypted.
authPriv -- The strongest form. Authorisation required and everything sent over the network is encrypted.
The snmpd configuration settings are all saved in a file called /etc/snmp/snmpd.conf. Open this file in your editor as in:
sudo vi /etc/snmp/snmpd.conf
Add the following lines to the end of the file:
createUser user2 MD5 user2password
createUser user3 MD5 user3password DES user3encryption
rouser user1 noauth 184.108.40.206.2.1.1
rouser user2 auth 220.127.116.11.2.1
rwuser user3 priv 18.104.22.168.2.1
Note:- If you want to use your own username/password combinations you need to note that the password and encryption phrases should have a length of at least 8 characters
Also you need to do the following change so that snmp can listen for connections on all interfaces
Save your modified snmpd.conf file and restart the daemon with:
sudo systemctl restart snmpd