I’m writing this more to remember this for myself than any other reason. I’ve had to do this a couple times, and every time I seem to forget the important steps. So here it is.
Install the Necessary Packages
This is probably the easy step. Make sure that your Fedora installation is up to date and then install the SNMP packages.
sudo yum install net-snmp
You can also install the utilities, such as snmpwalk, which will help with testing:
sudo yum install net-snmp-utils
That should get you everything you need.
Edit the snmpd.conf file
Longest part of the config now.
I usually default to using SNMP v2 for my personal or internal networks. There’s some security benefits to using SNMP v3, but it’s also more complicated to configure.
The configuration file is located at /etc/snmp/snmpd.conf and has a bunch of details in there. Here’s a cut down and sanitized working version of the snmpd.conf that I’m using on one of my systems:
#Update [COMMUNITY] here with your preferred string rwcommunity [COMMUNITY] default disk / 100 master on #Update [USER] here with your system username, preferably not root agentuser [USER] agentAddress udp:161 #Update with location (string) if you want syslocation Unknown #Update with name and email if wanted syscontact Root <root@localhost> #I don't know what these do and I'm too afraid to ask view systemview included .184.108.40.206.2.1.1 view systemview included .220.127.116.11.18.104.22.168.1 #Update [COMMUNITY] here with your preferred string access [COMMUNITY] "" any noauth exact systemview none none dontLogTCPWrappersConnects yes
Restart SNMP And Test Locally
You’ve got SNMP installed. You’ve got the config edited. Now it’s time to get this process running and make sure it works.
Make sure that SNMP is set to start automatically:
sudo chkconfig snmpd on
Start the process:
sudo service snmpd start
Optionally restart the process if it is already running:
sudo service snmp restart
SNMP should now be running on the system locally.
Note that because SNMP uses UDP, you can’t confirm that the service is running by checking that the port is responding. There will be no response from the port unless everything is correct. Best way to do this is to test SNMP using a utility, first testing locally on the box, then opening it to the wider network and testing again.
Check that this is responding with a long list of nonsense to confirm that you’re actually able to access it correctly using the community string:
snmpwalk -v2c -c [community] localhost
If that doesn’t work then SNMP isn’t working. To check the status of the service use the following command:
systemctl status snmpd.service
Allow External Access
Time to punch some holes in the firewall.
By default, Fedora doesn’t allow external connections to SNMP. If you do a packet capture on the interface before adding firewall rules you’ll get an “administratively denied” message on the packets.
SNMP runs on UDP port 161. The latest Fedora releases use firewall-cmd to alter the firewall rules. Note that rules are ephemeral and deleted each reboot unless specified as permanent. This following command will open SNMP to any address that can reach the box:
sudo firewall-cmd --permanent --add-port=161/udp
Restart the SNMP service and try connecting from another device on the network using SNMPWALK and updating “localhost” for the remote IP of the box.
That should work.