Solved

Create a snmpd.conf in Linux

Posted on 2009-05-06
1
1,657 Views
Last Modified: 2012-06-21
I would like to know how to configure the snmpd.conf

I would like to limit the query by certain network addresses, can I restrict them in the snmp.conf

What is com2sec in the snmp.conf example mean?  Is it a group, a person? Can I change it

Thank you
kk44
0
Comment
Question by:KK44
1 Comment
 
LVL 23

Accepted Solution

by:
Mysidia earned 500 total points
ID: 24346658
com2sec  is a _command_  that maps a  SNMPv2   community to a  "security name"
SNMP Security name is a concept from SNMPv3  the latest version of SNMP protocol.

Most equipment is still using SNMPv2,  which doesnot support the concept of "security name"

MAPPING a  snmpv2  community to a security name, means it is _AS IF_ they used that security name.

You would typically do something like this:

#       sec.name  source          community
#define a security name 'mysecname1'  for  'mysnmpcommunity'
com2sec mysecname1  default       mysnmpcommunity

#(makes snmpv1 queries you mapped to 'mysecname1' part of 'mysecgroup1')
group mysecgroup1 v1                   mysecname1

#(the same for snmpv2 queries)
group mysecgroup1 v2c                 mysecname1

#Defines a SNMP 'view'  as the OID .1, and everything below it.
view myview1    included .1

#Gives  'mysecgroup1'   access to see the things in the SNMP view 'myview1'
# but no write or notify access.
#         group           context  model   level        prefix   read-view    write  notify
access mysecgroup1 ""          any       noauth     exact   myview1      none  none


# Note that many of the fields in the 'access'  definition are  SNMPv3-specific.



Now, you want to restrict  access to a limited number of network addresses,
then

replace

com2sec mysecname1  default       mysnmpcommunity


With

com2sec mysecname1  127.0.0.1/32       mysnmpcommunity
com2sec mysecname1  192.168.3.5/24       mysnmpcommunity2
com2sec mysecname1  172.36.15.3/22       mysnmpcommunity3


Add to your hearts content.



An alternative is to comment out all the snmpv3  lines
i.e.

instead of using 'com2sec'   'access'    'group'  and 'view' statements,

the OLD way of configuring communities is to specify them like this in
snmpd.conf


rocommunity  mycommunity1  127.0.0.1
rocommunity  mycommunity1  192.168.5.3/32
rocommunity  mycommunity2  192.168.5.4/32
rocommunity  mycommunity3  172.44.0.8/23







0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now