Contents
Monitoring of servers is very important in any IT environment. It’s important to know when a device is down before people start calling you or that a hard drive is full before the operating system stops responding. It allows you as a system admin to be proactive about the state of your network. Cacti needs SNMP to be up and running to be able to monitor properly.
The following describes the steps needed to get SNMP running in Ubuntu.
Install SNMP daemon
sudo apt-get update sudo apt-get install snmpd
Install SNMP mibs
This downloads another package called snmp-mibs-downloader which contains information about the mib to get a translation into a more human readable format.
sudo apt-get install snmp snmp-mibs-downloader
Modify the configuration files
Modify the following file
sudo nano /etc/snmp/snmpd.conf
with the following information (Customize for your environment)
Modify the agentAddress
# Listen for connections from the local system only agentAddress udp:127.0.0.1:161 # Listen for connections on all interfaces (both IPv4 *and* IPv6) #agentAddress udp:161,udp6:[::1]:161
to
# Listen for connections from the local system only #agentAddress udp:127.0.0.1:161 # Listen for connections on all interfaces (both IPv4 *and* IPv6) #agentAddress udp:161,udp6:[::1]:161 agentAddress 161 rocommunity public syslocation "Boyds, MD" syscontact info@example.net
Modify the following file
sudo nano /etc/default/snmpd
Change from:
# Don't load any MIBs by default. # You might comment this lines once you have the MIBs downloaded. export MIBS=
To:
# Don't load any MIBs by default. # You might comment this lines once you have the MIBs downloaded. export MIBS=/usr/share/mibs
Modify the following file
sudo nano /etc/snmp/snmp.conf
comment out the line containing “mibs:” from
mibs :
to
#mibs :
Restart the SNMP daemon.
sudo service snmpd restart
To check that things are working you can ‘walk’ the MIB tree by doing the following
snmpwalk -v2c -c public localhost system
You’ll see a lot of information scroll by with information that is used by cacti.
Notes on SNMP security
SNMP is widely known to be insecure. In SNMP versions 1, 2, and 2c the community strings used for authentication are communicated in cleartext over the network and can potentially be captured. Then used to conduct subsequent attacks against other internal network infrastructure.SNMP V3 improved the situation by essentially using the community string as a password for the device. However, successfully implementing SNMPv3 is not for the faint of heart.Our recommendations are:- Have your community string set read only (as above) so that no one can affect that settings on your infrastructure.
- Use your EC2 security group settings to block access to port 161
- Don’t have monitoring setup across the open internet. Setup a VPN to monitor hosts/devices outside AWS.