{"id":2380,"date":"2019-03-16T13:25:21","date_gmt":"2019-03-16T10:25:21","guid":{"rendered":"http:\/\/kifarunix.com\/?p=2380"},"modified":"2024-03-11T22:30:33","modified_gmt":"2024-03-11T19:30:33","slug":"how-to-configure-snmp-version-3-on-debian-9","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/how-to-configure-snmp-version-3-on-debian-9\/","title":{"rendered":"How to Configure SNMP version 3 on Debian 9"},"content":{"rendered":"\n<p>This guide is about how to configure SNMP version 3 on Debian 9. There are three major versions of SNMP that have so far been developed; version SNMPv1, SNMPv2c and SNMPv3. Both version 2c and 3 have improved feature performance in terms of performance, flexibility and security-wise. Our previous guide covers <a title=\"How to Configure SNMP Version 2c on Debian 9\" href=\"https:\/\/kifarunix.com\/how-to-configure-snmp-version-2c-on-debian-9\/\" target=\"_blank\" rel=\"bookmark noopener\">how to configure SNMP Version 2c on Debian 9<\/a>.<\/p>\n\n\n\n<p>If you are also looking at configuring SNMP both version 2 and 3 on Ubuntu 18.04 or CentOS 7, check our guide by following the link below;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a title=\"Install and Configure SNMP on Ubuntu 18.04 and CentOS 7\" href=\"https:\/\/kifarunix.com\/install-and-configure-snmp-ubuntu-18-04-and-centos-7\/\" target=\"_blank\" rel=\"bookmark noopener\">Install and Configure SNMP on Ubuntu 18.04 and CentOS 7<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Configuring SNMP version 3 on Debian 9<\/h2>\n\n\n\n<p>Assuming you have the necessary SNMP packages installed already, proceed to configure SNMP version 3 on Debian 9.&nbsp; However, if you have not installed the SNMP packages and the required libraries, do so by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install snmpd snmp libsnmp-dev<\/code><\/pre>\n\n\n\n<p>SNMP version 3 focuses mostly on three major security aspects of the communication between SNMP entities. It provides strong authentication, encryption data packets that enhances privacy.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configure SNMP version 3 on Debian 9<\/h2>\n\n\n\n<p>The default SNMP daemon configuration file is <code>\/etc\/snmp\/snmpd.conf<\/code>. I would recommend that you make a backup of this configuration file before you can proceed to make adjustments to it.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp \/etc\/snmp\/snmpd.conf \/etc\/snmp\/snmpd.conf.original<\/code><\/pre>\n\n\n\n<p>Define the interface IP address from which the server can be reached from remotely. Remember that ny default, SNMP daemon listens in the loopback interface.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/snmp\/snmpd.conf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n...\n#  AGENT BEHAVIOUR\n#\n\n#  Listen for connections from the local system only\n<strong>agentAddress  udp:127.0.0.1:161,udp:192.168.43.188:161\n...<\/strong>\n<\/code><\/pre>\n\n\n\n<p>To configure SNMP version 3 on Debian 9, you need to;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a username for authentication<\/li>\n\n\n\n<li>Set the authentication password<\/li>\n\n\n\n<li>Set the encryption password<\/li>\n\n\n\n<li>Define the access permissions<\/li>\n\n\n\n<li>Define the encryption algorithm<\/li>\n<\/ul>\n\n\n\n<p>The requirements can be achieved by the use of the <code>net-snmp-create-v3-user<\/code> command line tool. The syntax of this command is;<\/p>\n\n\n\n<p><code class=\"filename\">net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass][-x DES|AES] [username]<\/code><\/p>\n\n\n\n<p>Before you can set these requirements, stop the SNMP deamon service.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl stop snmpd<\/code><\/pre>\n\n\n\n<p>Next, create the username with the above requirements. Note that to enhance security, ensure that you use different passwords for authentication and encryption. The default authentication method used is MD5.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>net-snmp-create-v3-user -ro -A SecUREDpass -a SHA -X StRongPASS -x AES snmpreadonly<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>adding the following line to \/var\/lib\/snmp\/snmpd.conf:\n   createUser snmpreadonly SHA \"SecUREDpass\" AES StRongPASS\nadding the following line to \/usr\/share\/snmp\/snmpd.conf:\n   rouser snmpreadonly<\/code><\/pre>\n\n\n\n<p>To interactively run the <code>net-snmp-create-v3-user<\/code>, you would simply run it as;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>net-snmp-create-v3-user -x AES -a SHA<\/code><\/pre>\n\n\n\n<p>Start SNMP daemon and enable it to run on system reboot<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl start snmpd\nsystemctl enable snmpd<\/code><\/pre>\n\n\n\n<p>Configure firewalling accordingly to ensure that connection to UDP port on the server can be reached from the monitoring host.<\/p>\n\n\n\n<p>You can now verify that all is well. To perform the local verification, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>snmpwalk -v3 -a SHA -A SecUREDpass -x AES -X StRongPASS -l authPriv -u snmpreadonly localhost | head -10<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\niso.3.6.1.2.1.1.1.0 = STRING: \"Linux debian 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64\"\niso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10\niso.3.6.1.2.1.1.3.0 = Timeticks: (6984) 0:01:09.84\niso.3.6.1.2.1.1.4.0 = STRING: \"Me &lt;me@example.org&gt;\"\niso.3.6.1.2.1.1.5.0 = STRING: \"debian\"\niso.3.6.1.2.1.1.6.0 = STRING: \"Sitting on the Dock of the Bay\"\niso.3.6.1.2.1.1.7.0 = INTEGER: 72\niso.3.6.1.2.1.1.8.0 = Timeticks: (0) 0:00:00.00\niso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.11.3.1.1\niso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.15.2.1.1\n<\/code><\/pre>\n\n\n\n<p>To perform the verification of the same from the remote monitoring host, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>snmpwalk -v3 -a SHA -A hacker100 -x AES -X hacker101 -l authPriv -u snmpreadonly 192.168.43.188 | head -10<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\niso.3.6.1.2.1.1.1.0 = STRING: \"Linux debian 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64\"\niso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10\niso.3.6.1.2.1.1.3.0 = Timeticks: (1436) 0:00:14.36\niso.3.6.1.2.1.1.4.0 = STRING: \"Me &lt;me@example.org&gt;\"\niso.3.6.1.2.1.1.5.0 = STRING: \"debian\"\niso.3.6.1.2.1.1.6.0 = STRING: \"Sitting on the Dock of the Bay\"\niso.3.6.1.2.1.1.7.0 = INTEGER: 72\niso.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01\niso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.11.3.1.1\niso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.15.2.1.1\n<\/code><\/pre>\n\n\n\n<p>Well, you nailed it. If you are using Nagios SNMP monitoring plugins, check_snmp, check our guide previous on how to poll the requiests with SNMP version 3 by following the link below.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/nagios-snmp-monitoring-of-linux-hosts-on-alienvault-usm-ossim\/\" target=\"_blank\" rel=\"noopener\">Nagios SNMP Monitoring of Linux Hosts<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This guide is about how to configure SNMP version 3 on Debian 9. There are three major versions of SNMP that have so far been<\/p>\n","protected":false},"author":1,"featured_media":9988,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,72,347],"tags":[5263,5264,276,350],"class_list":["post-2380","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-monitoring","category-snmp","tag-configure-snmp-v3-on-debian","tag-debian-snmp-version-3","tag-snmp","tag-snmp-v3","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2380"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=2380"}],"version-history":[{"count":3,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2380\/revisions"}],"predecessor-version":[{"id":21128,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2380\/revisions\/21128"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9988"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=2380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=2380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=2380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}