waldek
/
linux_course_doc
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

adds v3 info

This commit is contained in:
waldek 2021-07-12 11:13:09 +02:00
parent dfc751af50
commit e0744bd134
1 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
modules/qualifying/learning_centralized_system_monitoring.md
View File

@ -378,3 +378,40 @@ If for some reason you configured your Linux kernel to only do ipv4, you'll need
If you restart the service with `sudo systemctl restart snmpd.service` you're client should be contactable by your server!
![success](./assets/cacti_11.png)
### Securing the connection to the client
There are different versions of SNMP and it is highly recommended to run *only* the v3.
It offers encryption and authentication for servers who try to connect to clients.
In order to run v3 you need to install additional packages.
The main tool you need to add users is called `net-snmp-create-v3-user` and it can be installed by running the following command `sudo apt install libsnmp-dev`.
Once this command completes you'll have the necessary programs to add user accounts to your snmpd client.
You can only run this program when the snmpd service is stopped.
```
➜ ~ git:(master) ✗ sudo net-snmp-create-v3-user
Apparently at least one snmpd demon is already running.
You must stop them in order to use this command.
➜ ~ git:(master) ✗ sudo systemctl stop snmpd.service
➜ ~ git:(master) ✗ sudo net-snmp-create-v3-user
Enter a SNMPv3 user name to create:
student
Enter authentication pass-phrase:
student2021
Enter encryption pass-phrase:
[press return to reuse the authentication pass-phrase]
student2021
adding the following line to /var/lib/snmp/snmpd.conf:
createUser student MD5 "student2021" DES student2021
adding the following line to /usr/share/snmp/snmpd.conf:
rwuser student
➜ ~ git:(master) ✗ sudo systemctl start snmpd.service
```
Now we need to change the authentication settings in the web GUI of cacti.
Go to the `Management->devices` list and choose your client.
Change the version to version 3, put in the login and password and you're good to go.
If all of this is working it's time to stop offering version 1 and version 2.
This is again done on the **client** in the `/etc/snmp/snmpd.conf` file.
Locate the line starting with `rocommunity` and comment them out.
Restart the service and now you're only offering v3 connections!