How to install and configure SNMPv3 in RHEL 7, then open UDP port 161 using firewalld

Subject: How to install and configure SNMPv3 in RHEL 7, then open UDP port 161 using firewalld


Good day from Singapore,


These are my notes on installing and configuring SNMPv3 in RHEL 7 and then opening UDP port 161 using firewalld on 13 Jun 2022 Mon.


Step 1 - Checking if SNMP was installed and configured previously

==================================================================


# service snmpd status

Redirecting to /bin/systemctl status snmpd.service

Unit snmpd.service could not be found.


# systemctl status snmpd

Unit snmpd.service could not be found


# cd /etc/snmp

-bash: cd: /etc/snmp: No such file or directory


# find / -name snmpd.conf

No output


Step 2 - Installing net-snmp in RHEL 7

=======================================


# yum install net-snmp net-snmp-utils net-snmp-devel -y


Step 3 - Creating SNMPv3 User

=============================


# systemctl stop snmpd


# net-snmp-config --create-snmpv3-user -A [authentication password] -X [encryption password] -a SHA -x AES [username]

adding the following line to /var/lib/net-snmp/snmpd.conf:

createUser [username] SHA [authentication password] AES [encryption password]

adding the following line to /etc/snmp/snmpd.conf:

rwuser [username]


# systemctl enable snmpd

created symlink from /etc/systemd/system/multi-user.target.wants/snmpd.service to /usr/lib/systemd/system/snmpd.service.


# systemctl start snmpd


Step 4 - Checking if snmpd service is listening

===============================================


# netstat -anp | grep snmpd

tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 26932/snmpd

udp 0 0 0.0.0.0:161 0.0.0.0:* 26932/snmpd


Step 5 - Checking existing iptables firewall rules

==================================================


# iptables -S

-A IN_public_allow -p udp -m udp --dport 111 -m conntract --ctstate NEW,UNTRACKED -j ACCEPT


Step 6 - Opening UDP port 161 using firewalld

==============================================


# which firewalld

/sbin/firewalld


# firewall-cmd --state

running


# firewall-cmd --list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: ens192 ens224 ens256

sources:

services: dhcpv6-client http ssh

ports: 22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp 5903/tcp 5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp

protocols:

masquerade: no

forward-ports:

source-ports:

icmp-blocks:

rich rules:


# firewall-cmd --list-ports

22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp 5903/tcp 5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp


# firewall-cmd --add-port=161/udp

success


# firewall-cmd --runtime-to-permanent

success


# firewall-cmd --list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: ens192 ens224 ens256

sources:

services: dhcpv6-client http ssh

ports: 22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp 5903/tcp 5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp 161/udp

protocols:

masquerade: no

forward-ports:

source-ports:

icmp-blocks:

rich rules:


Step 7 - Add RHEL 7 server as a node in Solarwinds Orion platform

==================================================================


Click "Add Node"


Click "Most Devices: SNMP and ICMP"


SNMP Version: SNMPv3


SNMP Port: 161


Click "Allow 64 bit counters"


SNMPv3 Credentials


SNMPv3 Username: [username]

SNMPv3 Context: leave empty


SNMPv3 Authentication


Method: SHA1

Password: [authentication password]


Uncheck "Password is a key"


SNMPv3 Privacy / Encryption


Method: AES128

Password: [encryption password]


Uncheck "Password is a key"


Click "Test"


Result: Test Successful!


You can now see the node in Solarwinds Orion web console by clicking Settings > Manage Nodes.


Regards,


Mr. Turritopsis Dohrnii Teo En Ming

Targeted Individual in Singapore

13 Jun 2022 Monday

Blogs:

https://tdtemcerts.blogspot.com/

https://tdtemcerts.wordpress.com/





REFERENCES

===========


[1] https://sourceforge.net/p/net-snmp/mailman/message/37666722/


[2] https://www.mail-archive.com/net-snmp-users@lists.sourceforge.net/msg33384.html


[3] https://marc.info/?l=net-snmp-users&m=165512830424931&w=2


[4] https://markmail.org/search/?q=teo%20en%20ming#query:teo%20en%20ming%20order%3Adate-backward+page:1+mid:hrpzt5uqogk6n4b6+state:results













Comments

Post a Comment

Popular posts from this blog

How the Singapore Government cheated my family of a HDB flat (Draft 22 Aug 2023)

Subject: How the Singapore Government cheated my family of a HDB flat (Draft 22 Aug 2023) It is a Well-Known Fact that government(s) invented mental illness to punish and torture people (and their families) who criticise the government or say bad things about the government. The Singapore Government rewarded my mother with a mental illness (schizophrenia). By leveraging mind control technology, the Singapore Government is able to make my mother hear voices in her head and trick her into believing that her neighbors are scolding her and targeting her everyday. Yes, the Singapore Government resorted to using this trickery. My mother firmly believes that her neighbors are scolding her and targeting her everyday. So we sold off our 1st HDB flat at Bedok North Street 3 and purchased another HDB flat at Yishun without careful consideration, planning and advice. When we moved to the HDB flat at Yishun, my mother still firmly believes that her neighbors are scolding her and targeting her every...
Read more

[DRAFT 26 SEP 2022] HDB refuses to reduce monthly rental fees of my rental flat despite many appeals

Subject: [DRAFT 26 SEP 2022] HDB refuses to reduce monthly rental fees of my rental flat despite many appeals DRAFT 26 SEP 2022 FOR IMMEDIATE RELEASE My name is Mr. Turritopsis Dohrnii Teo En Ming. I am 44 years old. I am a Targeted Individual (TI) living in Singapore. A Targeted Individual is a person who is persecuted, targeted, marked and blacklisted by the government. After graduation from the National University of Singapore in Dec 2006, I started working in Defense Science and Technology Agency (DSTA) as an IT Engineer. But I offended Singapore Minister Mentor Lee Kuan Yew in the year 2007. When I was having a private conversation with my manager Mr. Loh Choon Fah in his office, I said: "When Lee Kuan Yew is gone, Singapore would be more democratic.". This is how I offended Singapore strongman Lee Kuan Yew. Within a few months, I started hearing threatening and menacing voices from the Singapore government. Hearing voices is also known as schizophrenia (mental illness)....
Read more