πŸ“‘ Installing and Configuring SNMPv3 on Linux

SNMP (Simple Network Management Protocol) is widely used for monitoring network devices, servers, and system metrics.
In this guide, we will set up SNMPv3 on a Linux system with authentication and encryption, ensuring a secure monitoring environment.

If you prefer not to read the entire guide, you can run this script to enable SNMPv3 with authentication using MD5 as the authentication protocol and CBC-DES for encryption.

sudo curl -o snmpconfig.sh https://raw.githubusercontent.com/l3ox64/go-blog/refs/heads/main/script/smpdconfig.sh && chmod +x snmpconfig.sh && ./snmpconfig.sh

πŸ›  Prerequisites

Before you begin, ensure you have:

  • A Linux server (Debian-based, e.g., Ubuntu)
  • Root access to the server
  • Basic knowledge of SNMP

πŸš€ Step 1: Update the System and Install SNMP

First, update the package repository and install SNMP and SNMPD:

sudo apt update
sudo apt install -y snmp snmpd

πŸ“„ Step 2: Backup Existing Configuration

Before modifying the SNMP configuration, it’s best to create a backup of the existing configuration file:

if [ -f /etc/snmp/snmpd.conf ]; then
    sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.backup.$(date +%F_%T)
fi

✏️ Step 3: Configure SNMPv3

Replace the default SNMP configuration with the following secure settings:

sudo tee /etc/snmp/snmpd.conf > /dev/null <<EOF
###########################################################################
#
# snmpd.conf - SNMP Configuration for Net-SNMP Agent
#
###########################################################################

# System Information
sysLocation    admin
sysContact     [email protected]
sysServices    72

###########################################################################
# Agent Operating Mode
master  agentx
agentaddress 0.0.0.0:161,[::1]

###########################################################################
# Access Control Setup

# Views - Allows access to more system information
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1

# SNMPv3 User with authentication and encryption
rouser authPrivUser authpriv -V systemonly

# Custom Configurations
includeAllDisks 90%
includeAllInterfaces
extend temp /usr/bin/sensors
mem 90%
load    12 10 5

# Include additional configuration files
includeDir /etc/snmp/snmpd.conf.d
EOF

πŸ”‘ Step 4: Create an SNMPv3 User

  1. Stop the SNMP service before creating the user:

    sudo systemctl stop snmpd

  2. Generate a new SNMPv3 user with authentication & encryption:

    USERNAME="admin"
AUTH_PASS=$(openssl rand -base64 12)  # Generate a random authentication password
PRIV_PASS=$(openssl rand -base64 12)  # Generate a random encryption password
sudo net-snmp-create-v3-user -ro -A "$AUTH_PASS" -X "$PRIV_PASS" "$USERNAME"

  3. Restart SNMP service and enable it at boot:

    sudo systemctl start snmpd
sudo systemctl enable snmpd

πŸ— Automating the Installation

To automate this setup, you can use the following Bash script:

#!/bin/bash
set -euo pipefail

if [[ $EUID -ne 0 ]]; then
  echo "[ERROR] This script must be run as root." >&2
  exit 1
fi

echo "[INFO] Updating the system..."
apt update

echo "[INFO] Installing SNMP and SNMPD..."
apt install -y snmp snmpd

if [ -f /etc/snmp/snmpd.conf ]; then
  BACKUP="/etc/snmp/snmpd.conf.backup.$(date +%F_%T)"
  echo "[INFO] Backing up existing configuration to $BACKUP"
  cp /etc/snmp/snmpd.conf "$BACKUP"
fi

echo "[INFO] Updating SNMP configuration file..."
cat > /etc/snmp/snmpd.conf <<'EOF'
sysLocation    admin
sysContact     [email protected]
sysServices    72
master  agentx
agentaddress 0.0.0.0:161,[::1]
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1
rouser authPrivUser authpriv -V systemonly
includeAllDisks 90%
includeAllInterfaces
extend temp /usr/bin/sensors
mem 90%
load    12 10 5
includeDir /etc/snmp/snmpd.conf.d
EOF

echo "[INFO] Stopping SNMP service..."
systemctl stop snmpd

USERNAME="admin"
AUTH_PASS=$(openssl rand -base64 12)
PRIV_PASS=$(openssl rand -base64 12)

if ! command -v net-snmp-create-v3-user &>/dev/null; then
  echo "[ERROR] net-snmp-create-v3-user not found." >&2
  exit 1
fi

net-snmp-create-v3-user -ro -A "$AUTH_PASS" -X "$PRIV_PASS" "$USERNAME"

echo "[INFO] Restarting SNMP service..."
systemctl start snmpd
systemctl enable snmpd

echo "SNMPv3 User: $USERNAME"
echo "Auth Password: $AUTH_PASS"
echo "Priv Password: $PRIV_PASS"
echo "[INFO] Configuration completed!"

πŸ“ Testing the SNMPv3 Setup

You can verify that SNMPv3 is running correctly with:

snmpwalk -v3 -u admin -l authPriv -A AUTH_PASSWORD -X PRIV_PASSWORD localhost 1.3.6.1.2.1.1

(Replace AUTH_PASSWORD and PRIV_PASSWORD with the generated credentials.)

If everything is configured correctly, you should see system information returned by SNMP.

🎯 Conclusion

Now you have a secure SNMPv3 setup on Linux with authentication and encryption.
This guide ensures a fully automated setup using a script and helps prevent security risks associated with SNMPv1 and SNMPv2.

πŸ“Œ Need help? Feel free to comment below or reach out! πŸš€