diff --git a/howTo.txt b/howTo.txt new file mode 100644 index 0000000..775dcc7 --- /dev/null +++ b/howTo.txt @@ -0,0 +1,102 @@ +### SNMPWALK HELP #### +snmpwalk -v2c -c rouser987 ip_hostname +snmpwalk -v3 -l authPriv -u rouser987 -a SHA -A "pass1" -x AES -X "pass2" ip_hostname + +# IF USING CENTOS +yum install -y net-snmp + +# IF USING DEBIAN +apt install -y snmpd + +systemctl start snmpd +systemctl stop snmpd +systemctl enable snmpd + +cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig +echo "" > /etc/snmp/snmpd.conf +curl -o /etc/snmp/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro +chmod +x /etc/snmp/distro +nano /etc/snmp/snmpd.conf + + +# IF SERVER REMOTE # +agentaddress udp:16161 + +rouser rouser987 + +syslocation VMENV | LOCATION +syscontact EMAIL +sysname CHANGENAMEHERE + +#Distro Detection +extend .1.3.6.1.4.1.2021.7890.1 distro /etc/snmp/distro +#Hardware Detection (uncomment to enable) +extend .1.3.6.1.4.1.2021.7890.2 hardware '/bin/cat /sys/devices/virtual/dmi/id/product_name' +extend .1.3.6.1.4.1.2021.7890.3 manufacturer '/bin/cat /sys/devices/virtual/dmi/id/sys_vendor' +#extend .1.3.6.1.4.1.2021.7890.4 serial '/bin/cat /sys/devices/virtual/dmi/id/product_serial' +# END REMOTE + +# IF SERVER LOCAL # +agentaddress udp:161 + +rouser rouser987 + +syslocation VMENV | LOCATION +syscontact EMAIL +sysname CHANGENAMEHERE + +#Distro Detection +extend .1.3.6.1.4.1.2021.7890.1 distro /etc/snmp/distro +#Hardware Detection (uncomment to enable) +extend .1.3.6.1.4.1.2021.7890.2 hardware '/bin/cat /sys/devices/virtual/dmi/id/product_name' +extend .1.3.6.1.4.1.2021.7890.3 manufacturer '/bin/cat /sys/devices/virtual/dmi/id/sys_vendor' +#extend .1.3.6.1.4.1.2021.7890.4 serial '/bin/cat /sys/devices/virtual/dmi/id/product_serial' +# END LOCAL + + +# no longer needed, replaced with the below +## nano /var/lib/net-snmp/snmpd.conf + +# no longer needed, replaced with the below +## createUser rouser987 SHA "rd1" AES "password2" + +# IF USING CENTOS This creates a random password1 and password 2. I like to log the output somewhere that way I have the info if I need it later # +echo "createUser rouser987 SHA \""$(tr -cd '[:alnum:]' < /dev/urandom | fold -w50 | head -n1)"\" AES \""$(tr -cd '[:alnum:]' < /dev/urandom | fold -w50 | head -n1)"\"" | tee -a /var/lib/net-snmp/snmpd.conf + +# IF USING DEBIAN This creates a random password1 and password 2. I like to log the output somewhere that way I have the info if I need it later # +echo "createUser rouser987 SHA \""$(tr -cd '[:alnum:]' < /dev/urandom | fold -w50 | head -n1)"\" AES \""$(tr -cd '[:alnum:]' < /dev/urandom | fold -w50 | head -n1)"\"" | tee -a /var/lib/snmp/snmpd.conf +systemctl start snmpd + +#### IF THERE'S FIREWALL-CMD #### +# IF IT'S A LOCAL SERVER # +nano /etc/firewalld/services/snmp.xml + +# Paste the below in the file + + + SNMP + SNMP protocol + + + +firewall-cmd --reload + +firewall-cmd --zone=public --add-service snmp --permanent + +# IF IT'S A REMOTE SERVER # +firewall-cmd --permanent --zone=public --add-rich-rule=' + rule family="ipv4" + source address="LOCALIP" + port protocol="udp" port="16161" accept' + +# ON LOCAL AND REMOTE # +firewall-cmd --reload + +#### IF THERE'S IPTABLES #### +# IF IT'S LOCAL +iptables -A INPUT -p udp --dport 161 -j ACCEPT +# Then save the rules however you would do it + +# IF IT'S REMOTE +iptables -A INPUT -p udp -s LOCALIP --dport 16161 -j ACCEPT +# Then save the rules however you would do it \ No newline at end of file