'How to install and configure SNMPv3 in RHEL 7, then open UDP port 161 using firewalld'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       net-snmp-users
Subject:    How to install and configure SNMPv3 in RHEL 7, then open UDP port 161 using firewalld
From:       Turritopsis Dohrnii Teo En Ming <tdtemccna () gmail ! com>
Date:       2022-06-13 13:51:00
Message-ID: CACsrZYbv15Bq5=rCaP7uOk+XR409TJ5T_HJOw7x+8A2z5pXD8w () mail ! gmail ! com
[Download RAW message or body]

Subject: How to install and configure SNMPv3 in RHEL 7, then open UDP
port 161 using firewalld

Good day from Singapore,

These are my notes on installing and configuring SNMPv3 in RHEL 7 and
then opening UDP port 161 using firewalld on 13 Jun 2022 Mon.

Step 1 - Checking if SNMP was installed and configured previously
==================================================================

# service snmpd status
Redirecting to /bin/systemctl status snmpd.service
Unit snmpd.service could not be found.

# systemctl status snmpd
Unit snmpd.service could not be found

# cd /etc/snmp
-bash: cd: /etc/snmp: No such file or directory

# find / -name snmpd.conf
No output

Step 2 - Installing net-snmp in RHEL 7
=======================================

# yum install net-snmp net-snmp-utils net-snmp-devel -y

Step 3 - Creating SNMPv3 User
=============================

# systemctl stop snmpd

# net-snmp-config --create-snmpv3-user -A [authentication password] -X
[encryption password] -a SHA -x AES [username]
adding the following line to /var/lib/net-snmp/snmpd.conf:
createUser [username] SHA [authentication password] AES [encryption password]
adding the following line to /etc/snmp/snmpd.conf:
rwuser [username]

# systemctl enable snmpd
created symlink from
/etc/systemd/system/multi-user.target.wants/snmpd.service to
/usr/lib/systemd/system/snmpd.service.

# systemctl start snmpd

Step 4 - Checking if snmpd service is listening
===============================================

# netstat -anp | grep snmpd
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 26932/snmpd
udp 0 0 0.0.0.0:161 0.0.0.0:* 26932/snmpd

Step 5 - Checking existing iptables firewall rules
==================================================

# iptables -S
-A IN_public_allow -p udp -m udp --dport 111 -m conntract --ctstate
NEW,UNTRACKED -j ACCEPT

Step 6 - Opening UDP port 161 using firewalld
==============================================

# which firewalld
/sbin/firewalld

# firewall-cmd --state
running

# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192 ens224 ens256
sources:
services: dhcpv6-client http ssh
ports: 22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp
5903/tcp 5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

# firewall-cmd --list-ports
22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp 5903/tcp
5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp

# firewall-cmd --add-port=161/udp
success

# firewall-cmd --runtime-to-permanent
success

# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192 ens224 ens256
sources:
services: dhcpv6-client http ssh
ports: 22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp
5903/tcp 5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp 161/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Step 7 - Add RHEL 7 server as a node in Solarwinds Orion platform
==================================================================

Click "Add Node"

Click "Most Devices: SNMP and ICMP"

SNMP Version: SNMPv3

SNMP Port: 161

Click "Allow 64 bit counters"

SNMPv3 Credentials

SNMPv3 Username: [username]
SNMPv3 Context: leave empty

SNMPv3 Authentication

Method: SHA1
Password: [authentication password]

Uncheck "Password is a key"

SNMPv3 Privacy / Encryption

Method: AES128
Password: [encryption password]

Uncheck "Password is a key"

Click "Test"

Result: Test Successful!

You can now see the node in Solarwinds Orion web console by clicking
Settings > Manage Nodes.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
13 Jun 2022 Monday
Blogs:
https://tdtemcerts.blogspot.com/
https://tdtemcerts.wordpress.com/


_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic