Configure SNMPv3 on CentOS 6

When you intend to monitor your devices using SNMP it’s best to use SNMP version 3 as it offers authentication and encryption. Both SNMP version 1 and 2 only use the community-string as the password and all traffic is clear text. Configuring SNMPv3 on CentOS is pretty easy, in this tutorial I’ll show you how to do it.

First install the required SNMP utilities.

# yum install net-snmp net-snmp-utils net-snmp-libs

Make sure that the SNMP daemon is not running or you will be unable to add a new user:

# service snmpd stop
Stopping snmpd:                                            [  OK  ]

Now we will create a new SNMPv3 user called “SNMPV3USER”. I will use MD5 for authentication and AES encryption, “AUTH-PASS” will be the password for authentication and “ENCRYPT-PASS” will be used for encryption:

# net-snmp-create-v3-user -ro -A AUTH-PASS -X ENCRYPT-PASS -a MD5 -x AES SNMPV3USER 

Now we can start the SNMP daemon:

# service snmpd start
Starting snmpd:                                            [  OK  ]

Make sure the SNMP daemon starts whenever you reboot your machine, you can do this with the chkconfig command:

# chkconfig snmpd on
# chkconfig | grep snmpd
snmpd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off

This ensures that it runs at runlevel 3,4 and 5. You are now ready to monitor your CentOS machine, just to be sure we can use snmpwalk to test if everything is reachable and working:

# snmpwalk -v 3 -u SNMPV3USER -a MD5 -A AUTH-PASS -l authPriv -x AES -X ENCRYPT-PASS 192.168.81.250

iso.3.6.1.2.1.1.1.0 = STRING: "Linux asterisk.networklessons.local 2.6.32-358.11.1.el6.x86_64 #1 SMP Wed Jun 12 03:34:52 UTC 2013 x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (16738) 0:02:47.38
iso.3.6.1.2.1.1.4.0 = STRING: "Root <root@localhost> (configure /etc/snmp/snmp.local.conf)"
iso.3.6.1.2.1.1.5.0 = STRING: "asterisk.networklessons.local"
iso.3.6.1.2.1.1.6.0 = STRING: "Unknown (edit /etc/snmp/snmpd.conf)"
iso.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.11.2.3.1.1
iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.15.2.1.1
iso.3.6.1.2.1.1.9.1.2.3 = OID: iso.3.6.1.6.3.10.3.1.1
iso.3.6.1.2.1.1.9.1.2.4 = OID: iso.3.6.1.6.3.1

As you can see I’m able to extract information from my CentOS server using the SNMPv3 user account that we created. You are now ready to add it to the network management software of your choice. Good luck monitoring!