Hi net-snmp-coders, I’ve been working on updating the net-snmp version of software we use on Centos 7 to net-snmp 5.9. This is being required because of a vulnerability that is know in the NIST vulnerability database. We develop our own MIB groups in C and compile them in to source code repos that we pull for the site. Everything has worked great for -v2c. We are now trying to get this implemented for -v3 and running into major issues. I believe this is a configuration issues because running the following command on “net-snmp-config --create-snmpv3-user -a MD5 -A myuser12345 myuser” from this guide<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.thegeekdiary.com%2Fcentos-rhel-6-install-and-configure-snmpv3%2F&data=04%7C01%7Cjcook%40envistacom.com%7C38ac1d1419234f50efe508d8c6c52549%7C8d7424e25e1b48f699abe818cd9f5507%7C1%7C0%7C637477897349851608%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fH18R0pTYx5XrXTYoeCPOEdGF6brGEwSk5I0JGTprew%3D&reserved=0>. This creates everything here.
[root@localhost]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser adding the following line to /var/net-snmp/snmpd.conf: createUser myuser MD5 "my_password" DES "" adding the following line to /snmp/snmpd.conf: rwuser myuser This appears to be where the issue happen. When I start our compiled snmpd binary it seems to overwrite /var/net-snmp/snmpd.conf every time. Therefore I can never create our initial snmpv3 users and every time I run a snmpwalk I get. [evcLinuxAdmin@localhost ~]$ snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_ password localhost snmpwalk: Unknown user name I’ve stepped back and stripped all our C mib-group code from the build to keep it all repo only code. I did this to ensure it’s not us. Running into the same issue there I dropped back to run on the yum installed net-snmp version that is know to our yum repo created the user again following the guide from above. [user@localhost ~]$ /usr/sbin/snmpd --version NET-SNMP version: 5.7.2 Web: http://www.net-snmp.org/ Email: net-snmp-coders@lists.sourceforge.net<mailto:net-snmp-coders@lists.sourceforge.net> [root]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser adding the following line to /var/net-snmp/snmpd.conf: createUser myuser MD5 "my_password" DES "" adding the following line to /snmp/snmpd.conf: rwuser myuser Then I started the snmp service [---@localhost ~]$ service snmpd start Redirecting to /bin/systemctl start snmpd.service ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === Authentication is required to manage system services or units. Authenticating as: Password: ==== AUTHENTICATION COMPLETE === [---@localhost ~]$ Now that the system is running my snmpwalk command works for -v3 snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_password localhost I was also able to use the snmpusm command to create additional users. When using this on the 5.9 repo all I get is user not found. Jumping back to the 5.9 binary build I know the following sudo snmpd -Dread_config -H 2>&1 | grep Read | sort -u [sudo] password for evcLinuxAdmin: read_config:file: Reading configuration /etc/snmp/snmpd.conf (0) read_config:file: Reading configuration /etc/snmp/snmpd.conf (1) -------> This file has my rwuser myuser read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (0) read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (1) –> I manually added the create user info to this file for myuser and it doesn’t seem to be picking it up. [evcLinuxAdmin@localhost ~]$ snmpd -Dread_config -H 2>&1 | grep config:path | sort -u read_config:path: config path used for agentx:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp) read_config:path: config path used for agentx:/var/net-snmp (persistent path:/var/net-snmp) -->This is where everything was originally created but deleted when snmpd starts. read_config:path: config path used for snmpd:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp) read_config:path: config path used for snmpd:/var/net-snmp (persistent path:/var/net-snmp) read_config:path: config path used for snmp:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp) read_config:path: config path used for snmp:/var/net-snmp (persistent path:/var/net-snmp) At this point I think it’s a configuration parameter but I don’t see anything that would effect or cause this behavior. I didn’t see anything in the change log to suggest 5.9 was changed from 5.7. Any help you can provide would be helpful as this is needed to meet a customer deliverable. Perhaps there is a clear document out there because I have been all over the net-snmp provided documents and nothing was found to solve my problem. Thanks Justin
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
