Net-SNMP

From Q
Jump to navigation Jump to search

Description

Configure Net-SNMP to allow localhost/localnet queries.

Dependencies

USE-Flags

File: /etc/portage/package.use
net-analyzer/net-snmp -perl -python

Packages

Code: emerge mrtg -pv
[ebuild  N    ] net-analyzer/net-snmp-5.4.1-r3  USE="ipv6 ssl tcpd -X -diskio -doc -elf -extensible -lm_sensors -mfd-rewrites -minimal -perl -python -rpm (-selinux) -sendmail -smux" 5,003 kB

Installation

# emerge net-snmp

Configuration

Allow localhost read-only queries

File: /etc/snmp/snmpd.conf
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
com2sec local     localhost       public

# Second, map the security names into group names:

#               sec.model  sec.name
group MyROGroup v1         local
group MyROGroup v2c        local
group MyROGroup usm        local

# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80

# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
access MyROGroup ""      any       noauth    exact  all    none   none

syslocation Right here, right now.
syscontact Me <me@somewhere.org>

Allow localhost read-write and localnet read-only queries

File: /etc/portage/package.use
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
com2sec local     localhost       public
com2sec mynetwork 192.168.0.0/24  public

# Second, map the security names into group names:

#               sec.model  sec.name
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork

# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80

# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

syslocation Right here, right now.
syscontact Me <me@somewhere.org>

Finalize

# /etc/init.d/snmpd start
# rc-update add snmpd default

Testing

# snmpwalk -v 1 -c public localhost system

Further Reading

  • Squid - Configure Squid for SNMP queries
  • MRTG - Get nice graphs out of your SNMP data