SNMPD is the service running SNMP on a managed entity. SNMP comes in 3 versions. Version 1, the one we are going to use here is not secured, therefore we are going to make sure that only localhost is going to be able to access it.
People opening the service to the outside should make sure that trusted hosts can access the service either though the use of iptables or through the use of /etc/hosts.allow.
1.1. Installing the SNMP server
The only package which is required on the server site is snmpd, the SNMP daemon.
To install it type:
$ sudo apt-get install snmpd
snmpd is now installed but we still have to tweak it a little bit to make it work as we want.
1.2. Configuring SNMPD
The first thing we want to make sure is that snmpd is only going to wait for connections on localhost. To do this, edit file /etc/default/snmpd and make sure those values are set:
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′
If you want your server to listen on all interfaces, remove the 127.0.0.1 bit.
This setting will make sure that the service will be started and that the service is going to bind to localhost.
Finally, we are going to configure snmpd in such a way that it will only return datas to trusted host for a specific community.
Edit /etc/snmp/snmpd.conf and make sure that com2sec it only set to:
com2sec readonly localhost mycommunity
If you want a remote machine to be able to gather information for the community mycommunity, make sure you replace localhost by mynetwork, where mynetwork can be of the form: 220.127.116.11 or 18.104.22.168/16.
1.3. Checking SNMP configuration:
We are going to use the snmpwalk utility to verify that the server is working as wanted.
Here we want snmp to reply only to localhost for the community mycommunity.
$ snmpwalk -Os -c mycommunity -v 1 localhost system
Should return a lot of output and:
snmpwalk -Os -c public -v 1 localhost system
Timeout: No Response from localhost