Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Configuring SNMP Agents on Linux for Remote Monitoring Infrastructure

Tech 1

Installing Net-SNMP Packages

For RHEL/CentOS/Fedora systems:

sudo yum install net-snmp net-snmp-utils -y

For Ubuntu/Debian systems:

sudo apt-get install snmpd snmp-mibs-downloader -y

Securing Agent Communications

Backup the original configuration before modification:

sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.default
sudo chmod 600 /etc/snmp/snmpd.conf

Edit the daemon configuration file to implement access controls:

sudo nano /etc/snmp/snmpd.conf

Replace default security entries with specific collector authorization:

# Define read-only community with source restriction
rocommunity secret_observium 10.0.5.50

# Agent binding configuration
agentAddress udp:161,udp6:[::1]:161

# System metadata
sysLocation "Datacenter Rack 15, Unit 4"
sysContact "noc@infrastructure.local"

Enable full MIB tree visibility:

view   broadview   included   .1
view   broadview   included   .1.3.6.1.2.1.25
access  notConfigGroup  ""  any  noauth  exact  broadview  none  none

System Resource Monitoring

Add process surveillance directives:

# Critical system processes
proc init
proc rsyslogd
proc sshd 8 1

Configure filesystem monitoring with percentage thresholds:

disk / 90%
disk /tmp 80%
disk /var/log 85%

Define processer load thresholds (1min, 5min, 15min):

load 6 4 3

Daemon Lifecycle Management

Activate and restart the SNMP service:

Modern systems (systemd):

sudo systemctl daemon-reload
sudo systemctl restart snmpd
sudo systemctl enable snmpd
sudo netstat -tulnp | grep snmpd

Legacy init-based systems:

sudo /etc/init.d/snmpd restart
sudo chkconfig snmpd on

Network Security Policies

iptables Implementation:

Insert a specific rule allowing the monitoring stasion:

sudo iptables -I INPUT 1 -p udp -s 10.0.5.50 --dport 161 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo /sbin/service iptables save

firewalld Implementation:

Create a dedicated service zone:

sudo firewall-cmd --permanent --new-service=snmp-collector
sudo firewall-cmd --permanent --service=snmp-collector --add-port=161/udp
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.5.50" service name="snmp-collector" accept'
sudo firewall-cmd --reload
sudo firewall-cmd --list-rich-rules

Validation Procedures

Test OID retrieval from the monitoring host:

snmpget -v2c -c secret_observium target.host.local 1.3.6.1.2.1.1.3.0

Perform comprehensive MIB walk:

snmpwalk -v2c -c secret_observium target.host.local system

Verify daemon listening status:

ss -lun | grep 161
Tags: SNMPLinux
Back to List

Prev: Resolving 'mpicc: No such file or directory' Compilation Error

Next: Vue Task Scheduling and Batch Updates

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top