hi guys
I've configured snmp on some linux
snmpd.conf
rocommunity com_read x.x.x.10
rwcommunity com_write x.x.x.10
Now one of my coworkers asked to do the same that he does on windows for my linux....
But I have no idea how to configure that basically when SNMP is configure there is a tab that says
Accept SNMP packets from these hosts
localhost
x.x.x.217
x.x.x.218
since we don't want this window to accept SNMP from any host
so my question how can I configure this on my linux hosts to accept SNMP packets from specific hosts.
Thanks a lot
I attached the SNMP Win Conf (snmp windows.doc)
any idea guys?
I was thinking maybe using hosts.allow/deny
but I am not sure how to use it
hosts.allow
snmpd: 192.168.1.2 192.168.1.3
basically I want any kind of connection to my server but SNMP only 6 servers
how should I ply with hosts.deny/allow or SNMP to do this?
Are you using Net-SNMP? You can try something like:
rocommunity SOME_NAME
<...>
com2sec some_user localhost SOME_NAME
com2sec some_user x.x.x.217 SOME_NAME
com2sec some_user x.x.x.218 SOME_NAME
1 Like
is com2sec a static variable to define my 6 hosts?
some_user: What would be?
SOME_NAME: any name specifying?
sorry too many questions
hi again
by the way I have to configure this SNMP stuff on a firewall that is part of a SNMP project
so they want to allow only some hosts to send SNMP packets a across this Linux firewall
Since I still don't get how to do it on SNMP like in Windows
I was thinking using hosts.allow and deny like this
hosts.allow
snmpd : 192.168.2.1 192.168.2.2 192.168.2.3
hosts.deny
snmpd : ALL
but I read this
# Never configure TCP Wrappers on firewall host.
# Put TCP Wrappers behind a firewall systems as TCP Wrappers is no substitute for netfilter or pf firewall.
on
Explain Linux / UNIX TCP Wrappers / Find Out If Program Compiled With TCP Wrappers
so any guidance on SNMP way?
thanks a lot
SNMP has its own protocol, both for data inquiry and security.
In POSIX unix there are several files to control all of this. Net-SNMP, although I've never used it, has ways to implement all of this stuff.
By default SNMP uses UDP on port 161. You can create a 'community', with clearly defined access levels.
Instead of this forum, read the Orielly Book
Essential SNMP - O'Reilly Media
SNMP protocol is a product of DARPA (US dept of defense). This means it verges on idiotic as it was conceived by bureaucrats. And a meaningful undertstanding of what you are asking is way beyond the scope of a forum.
Example: the answer to each of your questions varies by version of SNMP - 1, 2, or 3.
Wait til you read about MIB files. There is a whole book just on the mib2c utility.
My Solaris conf files for snmp (and there can be more than one) are huge, and are maintained by special scripts.
There is no simple shortcut to all of this stuff. Sorry. Without the right background it is easy to mess things up. IMO.
1 Like