SNMP on Debian

After running through several rather unreadable “help” pages on the internet I found the two most important settings in de snmpd.conf file which actually allowed me to access the machine from the network.

agentAddress, which is by default set to only allow local connections but on line 17 there is a pre-made setting which allows access from anywhere.

And “rocommunity secret 10.0.0.0/16” on line 57 which allows you to set up a community from which one could connect to the SNMP server, for example: “rocommunity secret 10.1.1.100/32”

###############################################################################
#
#  AGENT BEHAVIOUR
#
#  Listen for connections from the local system only
#agentAddress  udp:127.0.0.1:161
#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161
###############################################################################
#
#  ACCESS CONTROL
#
                                                 #  system + hrSystem groups only
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1
                                                 #  Full access from the local host
#rocommunity public  localhost
                                                 #  Default access to basic system info
 rocommunity public  default    -V systemonly
                                                 #  Full access from an example network
                                                 #     Adjust this network address to match your local
                                                 #     settings, change the community string,
                                                 #     and check the 'agentAddress' setting above
rocommunity secret  10.1.1.100/32
                                                 #  Full read-only access for SNMPv3
 rouser   authOnlyUser
                                                 #  Full write access for encrypted requests
                                                 #     Remember to activate the 'createUser' lines above
#rwuser   authPrivUser   priv
#  It's no longer typically necessary to use the full 'com2sec/group/access' configuration
#  r[ou]user and r[ow]community, together with suitable views, should cover most requirements

Leave a Reply

Your email address will not be published.