I bought mwl's "SNMP Mastery" book over a year ago. Finally got time to read it through.
Installed package net-mgmt/net-snmp and discovered the release notes for the package are plain wrong. mwl's book loosely covers sereral operating systems so the configuration file paths are not 100% accurate. When the book says "/etc" you really want to look in "/usr/local/etc". Not too surprising.
The directories named in the man page look accurate.
The release notes suggest this (which caused snmpd to not start) for /etc/rc.conf:
The program could not bind to port 161. My theory is snmpd was reading one of the snmpd.conf files twice and attempting to bind to port 161 a second time - and failing.
Instead, I did this for /etc/rc.conf:
The main configuration is at '/usr/local/share/snmp/snmpd.conf' - which is the default. No extra line to '/etc/rc.conf' needed. I edited one line here for my purposes which was to bind to localhost.
The database is at /var/net-snmp/snmpd.conf (which should be 600 root only accessible).
To bootstrap a new V3 user, I added lines to '/usr/local/etc/snmp/snmpd.conf' (which should also be 600 root only accessible):
At this point I could run 'service snmpd start'.
As a normal, non-root user - hypothetical name 'ordinary' - I created a ~/.snmp/hosts/localhost.conf file with connection info.
Verified the user using 'snmpstatus localhost'. Running 'snmpwalk localhost' was like a drink from a firehose.
I've not messed with traps or AgentX. To audit my work, I ran nmap to verify port 161 was the only new port open for udp only. I'm glad I checked because I found tcp port 199 was open and bound to all interfaces. Not what I expected. Stopping snmpd confirmed snmpd was the listener on the 'smux' port. I mitigated this with one line added to '/usr/local/share/snmp/snmpd.conf':
That moved the listener to localhost which was good enough for my purposes.
To clean up, I removed the two lines from '/usr/local/etc/snmp/snmpd.conf' (snmpd added them to its database when restarted) and added one line to '/usr/local/share/snmp/snmpd.conf':
Putting this out here for some scrutiny from more experienced eyes.
Installed package net-mgmt/net-snmp and discovered the release notes for the package are plain wrong. mwl's book loosely covers sereral operating systems so the configuration file paths are not 100% accurate. When the book says "/etc" you really want to look in "/usr/local/etc". Not too surprising.
The directories named in the man page look accurate.
The release notes suggest this (which caused snmpd to not start) for /etc/rc.conf:
Code:
snmpd_enable="YES"
snmpd_flags="-a"
snmpd_conffile="/usr/local/share/snmp/snmpd.conf /etc/snmpd.conf"The program could not bind to port 161. My theory is snmpd was reading one of the snmpd.conf files twice and attempting to bind to port 161 a second time - and failing.
Instead, I did this for /etc/rc.conf:
Code:
snmpd_enable="YES"
snmpd_flags="-a -A"The main configuration is at '/usr/local/share/snmp/snmpd.conf' - which is the default. No extra line to '/etc/rc.conf' needed. I edited one line here for my purposes which was to bind to localhost.
Code:
agentAddress udp:127.0.0.1:161The database is at /var/net-snmp/snmpd.conf (which should be 600 root only accessible).
To bootstrap a new V3 user, I added lines to '/usr/local/etc/snmp/snmpd.conf' (which should also be 600 root only accessible):
Code:
createUser ordinary SHA-256 '*** auth phrase **' AES128 '*** priv phrase ***'
rwuser ordinaryAt this point I could run 'service snmpd start'.
As a normal, non-root user - hypothetical name 'ordinary' - I created a ~/.snmp/hosts/localhost.conf file with connection info.
Code:
defVersion 3
defaultPort 161
defSecurityName "ordinary"
defAuthType SHA-256
defAuthPassphrase "*** auth phrase ***"
defPrivType AES128
defPrivPassphrase "*** priv phrase ***"
defSecurityLevel authPrivVerified the user using 'snmpstatus localhost'. Running 'snmpwalk localhost' was like a drink from a firehose.
I've not messed with traps or AgentX. To audit my work, I ran nmap to verify port 161 was the only new port open for udp only. I'm glad I checked because I found tcp port 199 was open and bound to all interfaces. Not what I expected. Stopping snmpd confirmed snmpd was the listener on the 'smux' port. I mitigated this with one line added to '/usr/local/share/snmp/snmpd.conf':
Code:
smuxsocket localhost:199That moved the listener to localhost which was good enough for my purposes.
To clean up, I removed the two lines from '/usr/local/etc/snmp/snmpd.conf' (snmpd added them to its database when restarted) and added one line to '/usr/local/share/snmp/snmpd.conf':
Code:
rwuser ordinaryPutting this out here for some scrutiny from more experienced eyes.