Friday, July 31, 2009

Configuring SNMPv3 on Linux

The two large differences between SNMPv3 and SNMPv2 (or v1, for that matter), are that:

1. it supports authentication via userid and password., and
2. it supports encryption

v1 and v2 don't support either of these. Their only means of authentication is via a "community string", which is basically like a password, but since it's always transferred over the network in the clear, it's not considered very secure.

On to the configuration:

First, read this post: http://www.linickx.com/archives/246/snmp-v3-on-redhat-linux

It gives you the basics, but leaves out one VERY critical step. Specifically:

You must now edit the line created in /etc/snmp/snmpd.conf. Specifically, I changed it from:

rwuser MYUSER

to

rwuser MYUSER priv .1

This allows this user full access to all SNMP data. You can use a more specific OID to limit access to a specific portion of the MIB tree.

No comments: