Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎10-17-2016 06:34 AM Edited on ‎05-26-2022 07:20 AM By Anonymous

Article Id 197620

Technical Note: [Accelops KB] How to configure snmp v3 for Linux

Description

Summary of Article

This article will provide steps to allow you to configure snmp v3 for Linux.  As long as you are on the latest version of net-snmp, this will work for you.

NOTE: some linux administrative experience will help you here - Depending on the version of SNMP and version of linux, your location for snmpd.conf may exist in the following for [ /var/lib/snmp/snmpd.conf ]:  /var/snmp/ ; /var/lib/snmp/ ; /var/lib/net-snmp/ ; or /var/net-snmp/

 

Steps rwcommunity/rocommunity or com2sec

  1. service snmpd stop
  2. vi /etc/snmp/snmpd.conf
    • Before editing /etc/snmp/snmpd.conf, make a backup of this configuration file
    • This is VERY important as this file is vital to have so your snmp daemon has credentials to utilize
  3. Add the following to the end of the file: rouser <snmpv3user>
    • Fill in the name with your username
    • Do not leave the "< >" tags
  4. Save the file
  5. vi /var/lib/snmp/snmpd.conf
    • Before editing /var/lib/snmp/snmpd.conf, make a backup of this configuration file
    • This is VERY important as this file is vital to make snmp daemon run properly
  6. Go to the end of this file, add the following line:
    • createUser <snmpv3user>        MD5 <snmpv3md5password> DES <snmpv3despassword>
      • Make absolutely sure that nothing else is edited here
      • Make sure that the snmpv3user is replaced with the same user in step 3
      • Do not leave the "< >" tags
      • If you want to utilize SHA or AES, make the appropriate changes above
  7. Save the file
  8. service snmpd start
  9. cat /var/lib/snmp/snmpd.conf
    • If this works, restarting snmpd will have no errors, also the entry that you created under /var/lib/snmp/snmpd.conf will be removed
  10. snmpwalk -v 3 -u <snmpv3user> -l authpriv <IP> -a MD5 -A <snmpv3md5password> -x DES -X <snmpv3despassword> .
    • You will see your snmpwalk if this works, if there are any errors after this please reference net-snmp for further instructions

Additional Information

An easier method would be to install net-snmp-devel on your linux machine

Follow these steps if you have already installed net-snmp-devel on your linux server/client

  1. service snmpd stop
  2. net-snmp-config --create-snmpv3-user -ro -A <MD5passwordhere> -X <DESpasswordhere> -x DES -a MD5 <SNMPUSERNAME>
  3. service snmpd start
  4. Test by following step 10 from above.

 

Labels:
895
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.