{"id":9985,"date":"2021-08-07T08:13:19","date_gmt":"2021-08-07T05:13:19","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9985"},"modified":"2024-03-18T18:57:11","modified_gmt":"2024-03-18T15:57:11","slug":"install-and-configure-snmp-on-rocky-linux","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-configure-snmp-on-rocky-linux\/","title":{"rendered":"Install and Configure SNMP on Rocky Linux 8\/9"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"537\" height=\"289\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/snmp.png\" alt=\"Install and Configure SNMP on Rocky Linux 8\/9\" class=\"wp-image-9988\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/snmp.png 537w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/snmp-150x81.png 150w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/snmp-300x161.png 300w\" sizes=\"(max-width: 537px) 100vw, 537px\" \/><\/figure><\/div>\n\n\n<p>Follow through this tutorial to learn how to install and configure SNMP on Rocky Linux 8\/9. <a href=\"http:\/\/www.net-snmp.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">SNMP<\/a> stands for&nbsp;<strong>S<\/strong>imple&nbsp;<strong>N<\/strong>etwork&nbsp;<strong>M<\/strong>anagement&nbsp;<strong>P<\/strong>rotocol. It is an Internet Standard protocol&nbsp;that provides an agentless method of managing and monitoring of network devices and servers for health information, system metrics such as CPU load, Physical Memory usage, number of running processes, service states or any other metric that support polling over the&nbsp;<code>SNMP<\/code>&nbsp;protocol.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-snmp-on-rocky-linux-8-9\">Installing SNMP on Rocky Linux 8\/9<\/a><ul><li><a href=\"#install-net-snmp-on-rocky-linux-8-9\">Install Net-SNMP on Rocky Linux 8\/9<\/a><\/li><li><a href=\"#running-snmp-daemon-on-rocky-linux-8-9\">Running SNMP Daemon on Rocky Linux 8\/9<\/a><\/li><li><a href=\"#configure-snmp-on-rocky-linux-8-9\">Configure SNMP on Rocky Linux 8\/9<\/a><ul><li><a href=\"#configure-system-information\">Configure System Information<\/a><\/li><\/ul><\/li><li><a href=\"#configuring-snmp-authentication\">Configuring SNMP Authentication<\/a><ul><li><a href=\"#configuring-snmp-version-2-c-community-on-rocky-linux-8-9\">Configuring SNMP Version 2c Community on Rocky Linux 8\/9<\/a><\/li><li><a href=\"#configure-snmp-daemon-connection-port\">Configure SNMP Daemon Connection Port<\/a><\/li><li><a href=\"#open-snmp-port-on-firewall-d\">Open SNMP Port on FirewallD<\/a><\/li><li><a href=\"#verify-connectivity\">Verify Connectivity<\/a><\/li><\/ul><\/li><li><a href=\"#configuring-snmp-version-3-on-rocky-linux-8-9\">Configuring SNMP Version 3 on Rocky Linux 8\/9<\/a><\/li><li><a href=\"#related-tutorials\">Related Tutorials:<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-snmp-on-rocky-linux-8-9\">Installing SNMP on Rocky Linux 8\/9<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-net-snmp-on-rocky-linux-8-9\">Install Net-SNMP on Rocky Linux 8\/9<\/h3>\n\n\n\n<p>The&nbsp;<a href=\"http:\/\/www.net-snmp.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Net-SNMP<\/a>&nbsp;is a suite of applications which provides an agent and utilities that enables retrieval of data from systems using the SNMP protocol.<\/p>\n\n\n\n<p>To install Net-SNMP (SNMP agent, SNMP daemon and other SNMP utilities) on Rocky Linux 8\/9, simply execute the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">dnf install net-snmp net-snmp-libs net-snmp-utils<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"running-snmp-daemon-on-rocky-linux-8-9\">Running SNMP Daemon on Rocky Linux 8\/9<\/h3>\n\n\n\n<p>When installed, Net-SNMP creates a SystemD service called&nbsp;<code><strong>snmpd<\/strong><\/code>. The service can be managed using the systemctl command.<\/p>\n\n\n\n<p>For example, to start and enable it to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl enable --now snmpd<\/pre>\n\n\n\n<p>To check the status;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl status snmpd<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf snmpd.service - Simple Network Management Protocol (SNMP) Daemon.\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/snmpd.service; enabled; vendor preset: disabled)\n   Active: active (running) since Mon 2023-11-13 17:28:00 UTC; 2min 6s ago\n Main PID: 12269 (snmpd)\n    Tasks: 1 (limit: 10910)\n   Memory: 4.6M\n   CGroup: \/system.slice\/snmpd.service\n           \u2514\u250012269 \/usr\/sbin\/snmpd -LS0-6d -f\n\nNov 13 17:27:59 localhost.localdomain systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....\nNov 13 17:28:00 localhost.localdomain snmpd[12269]: NET-SNMP version 5.8\nNov 13 17:28:00 localhost.localdomain systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..\n<\/code><\/pre>\n\n\n\n<p>To restart SNMP daemon;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart snmpd<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-snmp-on-rocky-linux-8-9\">Configure SNMP on Rocky Linux 8\/9<\/h3>\n\n\n\n<p>Once the installation of Net-SNMP is done, proceed to configure it to enable you to remotely poll your system metrics.<\/p>\n\n\n\n<p>The default configuration file of the Net-SNMP agent daemon is is&nbsp;<code><strong>\/etc\/snmp\/snmpd.conf<\/strong><\/code>. The file is highly commented and thus, we will only make a few changes. As a result, make a copy of the original file before you can proceed.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">cp \/etc\/snmp\/snmpd.conf{,orig}<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-system-information\">Configure System Information<\/h4>\n\n\n\n<p>By default, Net-SNMP provides basic information such the&nbsp;<strong>hostname, the location, the administrator contact information<\/strong>&nbsp;about the system. This information is provided by the values of the objects&nbsp;<code><strong>sysName<\/strong><\/code>,&nbsp;<code><strong>sysLocation<\/strong><\/code>&nbsp;and&nbsp;<code><strong>sysContact<\/strong><\/code>&nbsp;respectively.<\/p>\n\n\n\n<p>To list the default system information using SNMP, simply use&nbsp;<strong><code>snmpwalk<\/code><\/strong>&nbsp;command with the default version 2 community string,&nbsp;<strong><code>public<\/code><\/strong>. Ensure that SNMP daemon is running before you can run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">snmpwalk -v2c -c public localhost system<\/pre>\n\n\n\n<p>You can even try using the server IP;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">snmpwalk -v2c -c public 192.168.60.19 system<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 4.18.0-477.10.1.el8_8.x86_64 #1 SMP Tue May 16 11:38:37 UTC 2023 x86_64\nSNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10\nDISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (35610) 0:05:56.10\nSNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure \/etc\/snmp\/snmp.local.conf)\nSNMPv2-MIB::sysName.0 = STRING: localhost.localdomain\nSNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit \/etc\/snmp\/snmpd.conf)\nSNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance\nSNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance\nSNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance\nSNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB\nSNMPv2-MIB::sysORID.5 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup\nSNMPv2-MIB::sysORID.6 = OID: TCP-MIB::tcpMIB\nSNMPv2-MIB::sysORID.7 = OID: IP-MIB::ip\nSNMPv2-MIB::sysORID.8 = OID: UDP-MIB::udpMIB\nSNMPv2-MIB::sysORID.9 = OID: SNMP-NOTIFICATION-MIB::snmpNotifyFullCompliance\nSNMPv2-MIB::sysORID.10 = OID: NOTIFICATION-LOG-MIB::notificationLogMIB\nSNMPv2-MIB::sysORDescr.1 = STRING: The SNMP Management Architecture MIB.\nSNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.\nSNMPv2-MIB::sysORDescr.3 = STRING: The management information definitions for the SNMP User-based Security Model.\nSNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities\nSNMPv2-MIB::sysORDescr.5 = STRING: View-based Access Control Model for SNMP.\nSNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing TCP implementations\nSNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing IP and ICMP implementations\nSNMPv2-MIB::sysORDescr.8 = STRING: The MIB module for managing UDP implementations\nSNMPv2-MIB::sysORDescr.9 = STRING: The MIB modules for managing SNMP Notification, plus filtering.\nSNMPv2-MIB::sysORDescr.10 = STRING: The MIB module for logging SNMP Notifications.\nSNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORUpTime.4 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORUpTime.5 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORUpTime.6 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORUpTime.7 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORUpTime.8 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORUpTime.9 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORUpTime.10 = Timeticks: (0) 0:00:00.00\n<\/code><\/pre>\n\n\n\n<p>To update the system information, simply open the SNMPD configuration file,&nbsp;<code>\/etc\/snmp\/snmpd.conf<\/code>&nbsp;and adjust the values of the above objects;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">vim \/etc\/snmp\/snmpd.conf<\/pre>\n\n\n\n<p>Note that the value of the&nbsp;<code><strong>sysName<\/strong><\/code>&nbsp;object is set to system hostname by default. Hence,&nbsp;<code><strong>sysLocation<\/strong><\/code>&nbsp;and&nbsp;<code><strong>sysContact<\/strong><\/code>&nbsp;can be set in the configuration file under&nbsp;<strong><code>System contact information<\/code><\/strong>&nbsp;section.<\/p>\n\n\n\n<p>Comment these default lines below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#syslocation Unknown (edit \/etc\/snmp\/snmpd.conf)<br>#syscontact Root &lt;root@localhost&gt; (configure \/etc\/snmp\/snmp.local.conf)<\/code><\/pre>\n\n\n\n<p>Such that it may look like as shown in the configuration below;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n###############################################################################\n# System contact information\n#\n\n# It is also possible to set the sysContact and sysLocation system\n# variables through the snmpd.conf file:\n\n# Comment the default lines below\n#syslocation Unknown (edit \/etc\/snmp\/snmpd.conf)\n#syscontact Root &lt;root@localhost&gt; (configure \/etc\/snmp\/snmp.local.conf)\n<strong>syslocation Serverfarm, DC2, Rack 3\nsyscontact Kifarunix-Admin &lt;admin@kifarunix-demo.com&gt;<\/strong>\n<\/code><\/pre>\n\n\n\n<p>Update the information as appropriately as you wish.<\/p>\n\n\n\n<p>Save and exit the configuration file and reload SNMPD to effect the changes.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl reload snmpd<\/pre>\n\n\n\n<p>Verify the changes;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">snmpwalk -v2c -c public localhost system<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>SNMPv2-MIB::sysDescr.0 = STRING: Linux rockylinux 5.14.0-284.11.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Tue May 9 17:09:15 UTC 2023 x86_64\nSNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10\nDISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (39938) 0:06:39.38\n<strong>SNMPv2-MIB::sysContact.0 = STRING: Kifarunix-Admin <admin@kifarunix-demo.com>\nSNMPv2-MIB::sysName.0 = STRING: rockylinux\nSNMPv2-MIB::sysLocation.0 = STRING: Serverfarm, DC2, Rack 3<\/strong>\nSNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00\n...\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configuring-snmp-authentication\">Configuring SNMP Authentication<\/h3>\n\n\n\n<p>SNMP supports three versions of SNMP protocol;&nbsp;<code>version 1<\/code>,&nbsp;<code>2c<\/code>&nbsp;and&nbsp;<code>3<\/code>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Both version 1 and 2c provides authentication using&nbsp;<code><em>community string<\/em><\/code>, a shared secret between the agent and the client that is passed in clear text over the network.<\/li>\n\n\n\n<li>Version 3 supports user authentication and message encryption using a variety of protocols and is thus a bit more secure.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configuring-snmp-version-2-c-community-on-rocky-linux-8-9\">Configuring SNMP Version 2c Community on Rocky Linux 8\/9<\/h4>\n\n\n\n<p>As stated above, SNMP v2 provides access using a permission directive, a community string and the source Address. The source address can be IP of the Nagios Server (SNMP server). This directive should be set in the format;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><em>directive<\/em> <em>community<\/em> [<em>source<\/em> [<em>OID<\/em>]]<\/pre>\n\n\n\n<p>where directive can be&nbsp;<code>rocommunity<\/code>&nbsp;(provides read-only access) or&nbsp;<code>rwcommunity<\/code>&nbsp;(provides read-write access), OID is the optional SNMP tree to provide access to.<\/p>\n\n\n\n<p>To configure SNMP v2c, for example, to allow a<strong><code>&nbsp;read-only<\/code><\/strong>&nbsp;access from a&nbsp;<strong><code>specific source host<\/code><\/strong>, like the monitoring servers such as Nagios, to system objects using the community string,&nbsp;<strong><code>monsvronly<\/code><\/strong>, simply enter the line below in the snmpd config file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">rocommunity monsvronly 192.168.58.8<\/pre>\n\n\n\n<p>You can use the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">echo -e \"# SNMP version 2c community\\nrocommunity monsvronly 192.168.58.8\" &gt;&gt; \/etc\/snmp\/snmpd.conf<\/pre>\n\n\n\n<p>Where&nbsp;<code><strong>192.168.58.8<\/strong><\/code>&nbsp;is the IP of the remote server allowed to access SNMP on our server.<\/p>\n\n\n\n<p>To allow from localhost, add the line;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rocommunity monsvronly 127.0.0.1<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-snmp-daemon-connection-port\">Configure SNMP Daemon Connection Port<\/h4>\n\n\n\n<p>By default, SNMP daemon agent receives requests on&nbsp;UDP port&nbsp;161. SNMPd however does not open this port by default.<\/p>\n\n\n\n<p>To configure SNMPd to listen on a loopback and an IP interface over UDP port 161, you need to edit the snmpd systemd start-up script,&nbsp;<code>\/lib\/systemd\/system\/snmpd.service<\/code>&nbsp;as shown below;<\/p>\n\n\n\n<p>Replace the line:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ExecStart=\/usr\/sbin\/snmpd $OPTIONS -f<\/pre>\n\n\n\n<p>With;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ExecStart=\/usr\/sbin\/snmpd $OPTIONS -f <strong>udp:127.0.0.1:161 udp:192.168.60.19:161<\/strong><\/code><\/pre>\n\n\n\n<p>Where&nbsp;<code><strong>192.168.60.19<\/strong><\/code>&nbsp;is the server interface IP.<\/p>\n\n\n\n<p>By running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sed -i '\/$OPTIONS -f\/ s\/$\/ udp:127.0.0.1:161 udp:192.168.56.9:161\/' \/lib\/systemd\/system\/snmpd.service<\/pre>\n\n\n\n<p>Such that you configuration looks like;<\/p>\n\n\n\n<pre id=\"block-113913a7-da3d-4f92-9717-8ea1b66daf16\" class=\"wp-block-preformatted\">cat \/lib\/systemd\/system\/snmpd.service<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n[Unit]\nDescription=Simple Network Management Protocol (SNMP) Daemon.\nAfter=syslog.target network-online.target\n\n[Service]\nType=notify\nEnvironment=OPTIONS=\"-LS0-6d\"\nEnvironmentFile=-\/etc\/sysconfig\/snmpd\nExecStart=\/usr\/sbin\/snmpd $OPTIONS -f udp:127.0.0.1:161 udp:192.168.60.19:161\nExecReload=\/bin\/kill -HUP $MAINPID\n\n[Install]\nWantedBy=multi-user.target\n<\/code><\/pre>\n\n\n\n<p>Save the configuration file and reload systemd units;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl daemon-reload<\/pre>\n\n\n\n<p>Restart SNMP daemon.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart snmpd<\/pre>\n\n\n\n<p>Verify that the UDP port 161 is open.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ss -alun | grep 161<\/pre>\n\n\n\n<pre class=\"scroll-sz\"><code>UNCONN 0      0      192.168.60.19:161        0.0.0.0:*          \nUNCONN 0      0          127.0.0.1:161        0.0.0.0:*\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"open-snmp-port-on-firewall-d\">Open SNMP Port on FirewallD<\/h4>\n\n\n\n<p>If firewalld is running, run the commands below to open SNMPd port<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port=161\/udp --permanent\nfirewall-cmd --reload<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"verify-connectivity\">Verify Connectivity<\/h4>\n\n\n\n<p>Test connectivity from the allowed remote host.<\/p>\n\n\n\n<p>Check if the UDP port is reachable on the server.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>nc -uvz 192.168.60.19 161<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>Ncat: Version 7.70 ( https:\/\/nmap.org\/ncat )\n<strong>Ncat: Connected to 192.168.60.19:161.\nNcat: UDP packet sent successfully<\/strong>\nNcat: 1 bytes sent, 0 bytes received in 2.03 seconds.<\/code><\/pre>\n\n\n\n<p>Test that you can query the SNMP objects on the server using the&nbsp;<code>snmpwalk<\/code>&nbsp;and read the first 10 lines of the output.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>snmpwalk -v2c -c monsvronly 192.168.60.19 | head -10<\/code><\/pre>\n\n\n\n<p>Ensure you are running the command above from the allowed host.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nSNMPv2-MIB::sysDescr.0 = STRING: Linux rockylinux 4.18.0-305.10.2.el8_4.x86_64 #1 SMP Tue Jul 20 20:34:55 UTC 2021 x86_64\nSNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10\nDISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (486) 0:00:04.86\nSNMPv2-MIB::sysContact.0 = STRING: Kifarunix-Admin &lt;admin@kifarunix-demo.com&gt;\nSNMPv2-MIB::sysName.0 = STRING: rockylinux\nSNMPv2-MIB::sysLocation.0 = STRING: Serverfarm, DC2, Rack 3\nSNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01\nSNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance\nSNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance\nSNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance\n...\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configuring-snmp-version-3-on-rocky-linux-8-9\">Configuring SNMP Version 3 on Rocky Linux 8\/9<\/h3>\n\n\n\n<p>SNMP v3 uses a&nbsp;<code>username<\/code>,&nbsp;<code>permission<\/code>,&nbsp;<code>security level<\/code>,&nbsp;<code>authentication<\/code>&nbsp;and&nbsp;<code>privacy passphrases<\/code>&nbsp;to allow access.<\/p>\n\n\n\n<p>As a result, you need to create user for authenticating. When created, the user is added to the following configuration files;&nbsp;<code>\/etc\/snmp\/snmpd.conf<\/code>&nbsp;and&nbsp;<code>\/var\/lib\/net-snmp\/snmpd.conf<\/code>.<\/p>\n\n\n\n<p>Before you can proceed, make a copy of the original configuration file just like we did above.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp \/etc\/snmp\/snmpd.conf \/etc\/snmp\/snmpd.conf.bak<\/code><\/pre>\n\n\n\n<p>Comment the snmp V2 configuration lines added above;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i '\/^rocommunity\/ s\/^\/#\/' \/etc\/snmp\/snmpd.conf<\/code><\/pre>\n\n\n\n<p>Stop SNMP daemon<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl stop snmpd<\/code><\/pre>\n\n\n\n<p>Create a read-only authentication user using the&nbsp;<code>net-snmp-create-v3-user<\/code>&nbsp;command. The command syntax is;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><code>net-snmp-create-v3-user &#91;-ro] &#91;-A authpass] &#91;-a MD5|SHA] &#91;-X privpass]&#91;-x DES|AES] &#91;username]<\/code><\/code><\/pre>\n\n\n\n<p>For example;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">net-snmp-create-v3-user -ro -A STrP@SSWRD -a SHA -X STr0ngP@SSWRD -x AES snmpadmin<\/pre>\n\n\n\n<p>Sample command output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>adding the following line to \/var\/lib\/net-snmp\/snmpd.conf:\n   createUser snmpadmin SHA \"STrP@SSWRD\" AES \"STr0ngP@SSWRD\"\nadding the following line to \/etc\/snmp\/snmpd.conf:\n   rouser snmpadmin<\/code><\/pre>\n\n\n\n<p>Start SNMP daemon<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl start snmpd<\/code><\/pre>\n\n\n\n<p>Enable SNMP daemon to run on system reboot.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable snmpd<\/code><\/pre>\n\n\n\n<p>Configure inbound Firewall rules to UDP port 161 as we did above.<\/p>\n\n\n\n<p>Test to verify that everything is working as expected.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>snmpwalk -v3 -a SHA -A STrP@SSWRD -x AES -X STr0ngP@SSWRD -l authPriv -u snmpadmin localhost | head<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nSNMPv2-MIB::sysDescr.0 = STRING: Linux rockylinux 4.18.0-305.10.2.el8_4.x86_64 #1 SMP Tue Jul 20 20:34:55 UTC 2021 x86_64\nSNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10\nDISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1775) 0:00:17.75\nSNMPv2-MIB::sysContact.0 = STRING: Kifarunix-Admin &lt;admin@kifarunix-demo.com&gt;\nSNMPv2-MIB::sysName.0 = STRING: rockylinux\nSNMPv2-MIB::sysLocation.0 = STRING: Serverfarm, DC2, Rack 3\nSNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance\nSNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance\nSNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance\n<\/code><\/pre>\n\n\n\n<p>Verify from remote host;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>snmpwalk -v3 -a SHA -A STrP@SSWRD -x AES -X STr0ngP@SSWRD -l authPriv -u snmpadmin 192.168.60.19 | head<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nSNMPv2-MIB::sysDescr.0 = STRING: Linux rockylinux 4.18.0-305.10.2.el8_4.x86_64 #1 SMP Tue Jul 20 20:40:55 UTC 2021 x86_64\nSNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10\nDISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (22366) 0:03:43.66\nSNMPv2-MIB::sysContact.0 = STRING: Kifarunix-Admin &lt;admin@kifarunix-demo.com&gt;\nSNMPv2-MIB::sysName.0 = STRING: rockylinux\nSNMPv2-MIB::sysLocation.0 = STRING: Serverfarm, DC2, Rack 3\nSNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00\nSNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance\nSNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance\nSNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance\n<\/code><\/pre>\n\n\n\n<p>Magnificent!!! SNMP is configured!<\/p>\n\n\n\n<p>You can now poll your system metrics from your remote monitoring server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"related-tutorials\">Related Tutorials:<\/h3>\n\n\n\n<p>&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/nagios-snmp-monitoring-of-linux-hosts-on-alienvault-usm-ossim\/\" target=\"_blank\">Nagios SNMP Monitoring of Linux Hosts on AlienVault USM\/OSSIM<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/install-and-configure-snmp-on-debian-10-buster\/\" target=\"_blank\">Install and Configure SNMP on Debian 10 Buster<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/how-to-configure-snmp-version-3-on-debian-9\/\" target=\"_blank\">How to Configure SNMP version 3 on Debian 9<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Follow through this tutorial to learn how to install and configure SNMP on Rocky Linux 8\/9. SNMP stands for&nbsp;Simple&nbsp;Network&nbsp;Management&nbsp;Protocol. It is an Internet Standard protocol&nbsp;that<\/p>\n","protected":false},"author":1,"featured_media":9988,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,72],"tags":[3936,3935,3934,3587,1049,350,3937],"class_list":["post-9985","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-monitoring","tag-configure-snmp-v2c-rocky-linux-8","tag-configure-snmp-v3-rocky-linux-8","tag-install-snmp-rocky-linux-8","tag-rocky-linux-8","tag-snmp-v2c","tag-snmp-v3","tag-snmpd","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9985"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=9985"}],"version-history":[{"count":5,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9985\/revisions"}],"predecessor-version":[{"id":21700,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9985\/revisions\/21700"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9988"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=9985"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=9985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=9985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}