Solved

How do I disable SNMP on an AIX server?

Posted on 2013-02-01
14
4,524 Views
Last Modified: 2016-09-09
I need to disable SNMP on several AIX servers.
0
Comment
Question by:babyb00mer
14 Comments
 
LVL 18

Expert Comment

by:Raheman M. Abdul
Comment Utility
Try the following:

edit /etc/rc.tcpip

Comment the below:

#start /usr/sbin/rwhod "$src_running"
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
Comment Utility
Edit /rc.tcpip, comment out these lines:

start /usr/sbin/snmpd "$src_running"
start /usr/sbin/hostmibd "$src_running"
start /usr/sbin/snmpmibd "$src_running"
and (if activated)
start /usr/sbin/dpid2 "$src_running"

like this:

#start /usr/sbin/snmpd "$src_running"
#start /usr/sbin/hostmibd "$src_running"
#start /usr/sbin/snmpmibd "$src_running"
#start /usr/sbin/dpid2 "$src_running"

then issue

stopsrc -s dpid2
stopsrc -s snmpmibd
stopsrc -s hostmibd
stopsrc -s snmpd

and you're done.

Please note that you should not deactivate snmp on systems running HACMP.
PowerHA doesn't use snmp anymore, so you can deactivate it on such systems.
0
 
LVL 68

Expert Comment

by:woolmilkporc
Comment Utility
@marahman3001, "rwhod" is in no way related to snmp (although it's also considered a security risk, or at least a "time waster").
0
 
LVL 68

Expert Comment

by:woolmilkporc
Comment Utility
Sorry, comment deleted, posted in the wrong thread!
0
 
LVL 68

Expert Comment

by:woolmilkporc
Comment Utility
I just realized that you wrote "on several AIX servers".

If you prefer running commands (also via ssh) instead of editing a file do this:

/usr/sbin/chrctcp -S -d dpid2
/usr/sbin/chrctcp -S -d snmpmibd
/usr/sbin/chrctcp -S -d hostmibd
/usr/sbin/chrctcp -S -d  snmpd

This will remove the relevant entries from rc.tcpip and will also stop the services immediately.
0
 

Expert Comment

by:system engineer
Comment Utility
Hello, This might be old post. But I have same requirement and wanted to disable SNMP on AIX permanently (even after reboot).

I followed the above procedure to disable SNMP on 2 test AIX LPARs.

I disabled SNMP related daemons on test AIX LPARs by commenting  
#start /usr/sbin/snmpd "$src_running"
# Start up the snmpmibd daemon
#start /usr/sbin/hostmibd "$src_running"
#start /usr/sbin/aixmibd "$src_running"


#lssrc -a | grep -e snmp -e mib
 snmpd            tcpip                         inoperative
 aixmibd          tcpip                         inoperative
 hostmibd         tcpip                         inoperative
 snmpmibd         tcpip                         inoperative


rebooted the test AIX LPARs, But some how snmp demon/service got started.
#lssrc -a | grep tcpip
 xntpd            tcpip            6076858      active
 inetd            tcpip            6739073      active
 snmpd            tcpip            6774176      active
 muxatmd          tcpip                         inoperative
 rwhod            tcpip                         inoperative


lssrc -a | grep -e snmp -e mib
 snmpd            tcpip            6774176      active
 aixmibd          tcpip                         inoperative
 hostmibd         tcpip                         inoperative
 snmpmibd         tcpip                         inoperative

Can you please suggest on how to disable SNMP permanently on AIX (even after reboot).
Thank you.
0
 
LVL 68

Expert Comment

by:woolmilkporc
Comment Utility
Could it be that you're running some application which would start snmpd on your behalf because this application relies on it?

Are you really sure that you commented out the "start" line on both LPARs?

Did you try the "/usr/sbin/chrctcp -S -d  snmpd" method?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Expert Comment

by:system engineer
Comment Utility
Could it be that you're running some application which would start snmpd on your behalf because this application relies on it?
after the reboot, we've not started any applications. snmpd was started and active.

I can see the below java process (comes with OS installation) running after the reboot. I believe this caused SNMP to start/active ?

  root 123333 12312121   0 13:36:50      -  0:19 /var/opt/tivoli/ep/_jvm/jre/bin/java -Xmx364m -Xminf0.01 -Xmaxf0.4 -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Xbootclasspath/a:/var/opt/tivoli/ep/runtime/core/eclipse/plugins/com.ibm.rcp.base_6.2.3.20110824-0615/rcpbootcp.jar:/var/opt/tivoli/ep/lib/com.ibm.logging.icl_1.1.1.jar:/var/opt/tivoli/ep/lib/jaas2zos.jar:/var/opt/tivoli/ep/lib/jaasmodule.jar:/var/opt/tivoli/ep/lib/lwidiag.jar:/var/opt/tivoli/ep/lib/lwinative.jar:/var/opt/tivoli/ep/lib/lwinl.jar:/var/opt/tivoli/ep/lib/lwirolemap.jar:/var/opt/tivoli/ep/lib/lwisecurity.jar:/var/opt/tivoli/ep/lib/lwitools.jar:/var/opt/tivoli/ep/lib/passutils.jar:../../runtime/agent/lib/cas-bootcp.jar -Xverify:none -cp eclipse/launch.jar:eclipse/startup.jar:/var/opt/tivoli/ep/runtime/core/eclipse/plugins/com.ibm.rcp.base_6.2.3.20110824-0615/launcher.jar com.ibm.lwi.LaunchLWI

Open in new window



FYI
we are not using any monitoring tools like tivoli etc on these LPARs. we just use shells cripts.

do you think this java caused the SNMP to start ? can i just stop that java process, i don't think it will impact my LPARs ?


Are you really sure that you commented out the "start" line on both LPARs?

Yes, am pretty sure that we've commented on both the LPARs.
 
# Start up the Simple Network Management Protocol (SNMP) daemon
#start /usr/sbin/snmpd "$src_running"
# Start up the snmpmibd daemon
#start /usr/sbin/snmpmibd "$src_running"

Open in new window



Did you try the "/usr/sbin/chrctcp -S -d  snmpd" method?

I've not tried this method. just 2 servers. I just wanted to comment it on rc.tcpip file. (instead of removing, we can use it later if needed)

please suggest. thank you.
0
 
LVL 68

Expert Comment

by:woolmilkporc
Comment Utility
This Java process is the IBM Systems Director Common Agent (cas_agent) which, as you correctly stated, comes with the OS.
To stop this process you should run "stopsrc -s cas_agent"
I'm rather sure that this agent does not start/use snmp, however.
Anyway, if you don't have an IBM Systems Director Server at your site you can uninstall the agent with

/opt/ibm/director/bin/diruninstall

Are there any snmpd startup console messages during reboot?
Run "alog -t console -o | more" to check.
1
 

Expert Comment

by:system engineer
Comment Utility
Thank you...

I think we've stopped cas_agent on some of the servers earlier by stopping the daemon and commenting the entry on inittab file. I believe that would be sufficient instead of uninstalling cas_agent.
what do you think ?

Are there any snmpd startup console messages during reboot?


   
      0 Wed Apr 20 14:66:21 EDT 2016 Multi-user initialization completed
         0 Wed Apr 20 14:66:21 EDT 2016 Checking for srcmstr active...         0 Wed Apr 20 14:66:21 EDT 2016 complete
         0 Wed Apr 20 14:66:21 EDT 2016 Starting tcpip daemons:
         0 Wed Apr 20 14:66:26 EDT 2016 0414-049 The syslogd Subsystem has been started. Subsystem PID is 2424008.
         0 Wed Apr 20 14:66:26 EDT 2016 0414-049 The portmap Subsystem has been started. Subsystem PID is 6964688.
         0 Wed Apr 20 14:66:26 EDT 2016 0414-049 The inetd Subsystem has been started. Subsystem PID is 6469014.
         0 Wed Apr 20 14:66:26 EDT 2016 0414-049 The xntpd Subsystem has been started. Subsystem PID is 2886998.
         0 Wed Apr 20 14:66:26 EDT 2016 Finished starting tcpip daemons.
         0 Wed Apr 20 14:66:26 EDT 2016 Starting NFS services:
         0 Wed Apr 20 14:66:26 EDT 2016 0414-049 The hrd Subsystem has been started. Subsystem PID is 6690160.
         0 Wed Apr 20 14:66:26 EDT 2016 0414-049 The biod Subsystem has been started. Subsystem PID is 2942666.
         0 Wed Apr 20 14:66:29 EDT 2016 0414-049 The nfsd Subsystem has been started. Subsystem PID is 4422128.
         0 Wed Apr 20 14:66:29 EDT 2016 0414-049 The rpc.mountd Subsystem has been started. Subsystem PID is 4849814.
         0 Wed Apr 20 14:66:29 EDT 2016 0414-049 The rpc.statd Subsystem has been started. Subsystem PID is 6962600.
         0 Wed Apr 20 14:66:29 EDT 2016 0414-049 The rpc.lockd Subsystem has been started. Subsystem PID is 4199426.
         0 Wed Apr 20 14:66:29 EDT 2016 Completed NFS services.
         0 Wed Apr 20 14:66:62 EDT 2016 Could not load host key: /etc/ssh/ssh_host_ecdsa_key
         0 Wed Apr 20 14:66:62 EDT 2016 0414-049 The ctrmc Subsystem has been started. Subsystem PID is 4608604.
         0 Wed Apr 20 14:66:46 EDT 2016 Starting The LWI Nonstop Profile..

Open in new window



I believe you are correct. cas_agent does not use snmp. SNMP was activated on boot even after disabling the cas_agent on inittab. (uninstalling the director would be good, but I just removed the entries from inittab)

platform_agent:2:once:/usr/bin/startsrc -s platform_agent >/dev/null 2>&1

Open in new window


The above entry caused SNMP activation. I believe xntpd (NTP) is not depends on SNMP ?
And cim_sys subsystem is started even after dsiabling iton inittab. do you want me to uninstall director ? any other idea ?

Thank you.
0
 

Expert Comment

by:system engineer
Comment Utility
never mind, everything is working as expected. Thanks again.
0
 
LVL 68

Expert Comment

by:woolmilkporc
Comment Utility
Why this, all of a sudden?
0
 

Expert Comment

by:system engineer
Comment Utility
Please don't take me wrong.
 Actually I had a question on stopping cim_sys daemon permanently. for some reason , it was started on reboot (even after removing from inittab);

everything seems to be working as expected on LPAR now after disabling SNMP, cim_sys and other unused daemons like platform_agent, etc
and based on some online articles,  I understood that NTP is not dependent on SNMP.  I got some clarification related my questions.

thank you.
0
 

Expert Comment

by:Mark .
Comment Utility
I installed a new server, AIX 7.1 ML4
On a KVM switch
The main console always has this entry as the last thing showing and I never get a login:

Starting The LWI Nonstop Profile...

I don't think  it's the KVM switch as I have other servers using KVMs with no issues.

I just can't figure out what this is and why it's basically locking the console

Any ideas?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now