Subject: How to install and configure SNMPv3 in RHEL 7, then open UDP port 161 using firewalld
Good day from Singapore, These are my notes on installing and configuring SNMPv3 in RHEL 7 and then opening UDP port 161 using firewalld on 13 Jun 2022 Mon. Step 1 - Checking if SNMP was installed and configured previously ================================================================== # service snmpd status Redirecting to /bin/systemctl status snmpd.service Unit snmpd.service could not be found. # systemctl status snmpd Unit snmpd.service could not be found # cd /etc/snmp -bash: cd: /etc/snmp: No such file or directory # find / -name snmpd.conf No output Step 2 - Installing net-snmp in RHEL 7 ======================================= # yum install net-snmp net-snmp-utils net-snmp-devel -y Step 3 - Creating SNMPv3 User ============================= # systemctl stop snmpd # net-snmp-config --create-snmpv3-user -A [authentication password] -X [encryption password] -a SHA -x AES [username] adding the following line to /var/lib/net-snmp/snmpd.conf: createUser [username] SHA [authentication password] AES [encryption password] adding the following line to /etc/snmp/snmpd.conf: rwuser [username] # systemctl enable snmpd created symlink from /etc/systemd/system/multi-user.target.wants/snmpd.service to /usr/lib/systemd/system/snmpd.service. # systemctl start snmpd Step 4 - Checking if snmpd service is listening =============================================== # netstat -anp | grep snmpd tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 26932/snmpd udp 0 0 0.0.0.0:161 0.0.0.0:* 26932/snmpd Step 5 - Checking existing iptables firewall rules ================================================== # iptables -S -A IN_public_allow -p udp -m udp --dport 111 -m conntract --ctstate NEW,UNTRACKED -j ACCEPT Step 6 - Opening UDP port 161 using firewalld ============================================== # which firewalld /sbin/firewalld # firewall-cmd --state running # firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 ens224 ens256 sources: services: dhcpv6-client http ssh ports: 22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp 5903/tcp 5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: # firewall-cmd --list-ports 22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp 5903/tcp 5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp # firewall-cmd --add-port=161/udp success # firewall-cmd --runtime-to-permanent success # firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 ens224 ens256 sources: services: dhcpv6-client http ssh ports: 22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp 5903/tcp 5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp 161/udp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: Step 7 - Add RHEL 7 server as a node in Solarwinds Orion platform ================================================================== Click "Add Node" Click "Most Devices: SNMP and ICMP" SNMP Version: SNMPv3 SNMP Port: 161 Click "Allow 64 bit counters" SNMPv3 Credentials SNMPv3 Username: [username] SNMPv3 Context: leave empty SNMPv3 Authentication Method: SHA1 Password: [authentication password] Uncheck "Password is a key" SNMPv3 Privacy / Encryption Method: AES128 Password: [encryption password] Uncheck "Password is a key" Click "Test" Result: Test Successful! You can now see the node in Solarwinds Orion web console by clicking Settings > Manage Nodes. Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore 13 Jun 2022 Monday Blogs: https://tdtemcerts.blogspot.com/ https://tdtemcerts.wordpress.com/ _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users