For developing and testing my own products (MonitorONE G2), I’m constantly looking for devices that support the SNMP protocol. The majority of the equipment available supports SNMPv1 (which is the base SNMP implementation specified in rfc1157), fewer also support SNMPv2 (which adds the “GetBulk” and “Inform” operations) but very few supports SNMPv3!

SNMPv3 is an important step forward with respect to improved security. SNMPv1 and 2 send collected data unencrypted, as readable text, over the network.

Of course not all this data is top-secret however there are times that you simply don’t want to share certain information with others. Especially when this information is send over the public Internet.

As mentioned, I had a hard time finding equipment that supports SNMPv3. Fortunately I’m a big fan of the Linux OS and although I’m not the “kernel hacker type”, I can pretty well find my way around in this beautiful and flexible OS. Because the information on getting SNMPv3 up and running on Linux is somewhat fragmented on the Internet, I decided to write this simple how to. The info below describes the steps of getting SNMPv3 installed and ready for use on a clean installation of Ubuntu (12.04/14.04 LTS). Ubuntu uses the net-SNMP package.

1. Installing SNMP (daemon and agent)

net-SNMP comes in two flavours: a server-side agent (snmpd) and a client-site application (snmp). To install both, simply logon into your server, open a terminal and enter the following on the command-line:

sudo apt-get install snmp snmpd

2. Define SNMPv3 users, authentication and encryption parameters.

SNMPv3 can be used in a number of ways depending on the “securityLevel” configuration parameter:

  1. noAuthNoPriv – No authorisation and no encryption, basically no security at all!
  2. authNoPriv – Authorisation is required but collected data sent over the network is not encrypted.
  3. authPriv – The strongest form. Authorisation required and everything sent over the network is encrypted.

The snmpd configuration settings are all saved in a file called /etc/snmp/snmpd.conf. Open this file in your editor (I use joe) as in:

sudo joe /etc/snmp/snmpd.conf

Add the following lines to the end of the file (choose your own usernames and passwords)

createUser user1
createUser user2 MD5 user2password
createUser user3 MD5 user3password DES user3encryption
rouser user1 noauth
rouser user2 auth
rwuser user3 priv

PS. The password and encryption phrases should have a length of at least 8 characters!

By default, the SNMP daemon is only accessible locally (localhost) on the same server. This is of course for security reasons. To make snmpd accessible from the outside change the “AGENT BEHAVIOUR” section into:

#  Listen for connections from the local system only
#agentAddress  udp:
#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161

Save your modified snmpd.conf file and restart the SNMP daemon with:

sudo /etc/init.d/snmpd restart

3. Testing the configuration with the installed net-SNMP client “snmpget”

In step1 we already installed the snmp client. In the examples below the first line is what I entered and the italic lines are the responses. “Platinum” is the name of my test server!

Let’s begin testing with user1 by entering:

snmpget -v 3 -u user1 -l NoauthNoPriv platinum
iso. = STRING: "Linux Platinum 3.2.0-60-generic #91-Ubuntu SMP Wed Feb 19 03:54:44 UTC 2014 x86_64"

Trying to access an OID outside gives:

snmpget -v 3 -u user1 -l NoauthNoPriv platinum
iso. = No Such Object available on this agent at this OID

The same with user2 gives:

snmpget -v 3 -u user2 -l NoauthNoPriv platinum
Error in packet
 Reason: authorizationError (access denied to that object)

Of course we added user2 with Authentication in mind so lets use it:

snmpget -v 3 -u user2 -l authNoPriv -a MD5 -A user2password platinum
iso. = STRING: "Linux Platinum 3.2.0-60-generic #91-Ubuntu SMP Wed Feb 19 03:54:44 UTC 2014 x86_64"

…and another test:

snmpget -v 3 -u user2 -l authNoPriv -a MD5 -A user2password platinum
iso. = INTEGER: 12

Finally add some encryption:

snmpget -v 3 -u user3 -l authPriv -a MD5 -A user3password -x DES -X user3encryption platinum .
iso. = STRING: "Linux Platinum 3.2.0-60-generic #91-Ubuntu SMP Wed Feb 19 03:54:44 UTC 2014 x86_64"