{"id":4486,"date":"2022-06-23T12:30:00","date_gmt":"2022-06-23T17:30:00","guid":{"rendered":"https:\/\/www.incredigeek.com\/home\/?p=4486"},"modified":"2022-06-23T12:05:15","modified_gmt":"2022-06-23T17:05:15","slug":"hardening-snmp-on-centos-redhat-fedora-etc","status":"publish","type":"post","link":"https:\/\/www.incredigeek.com\/home\/hardening-snmp-on-centos-redhat-fedora-etc\/","title":{"rendered":"Hardening SNMP on CentOS\/RedHat\/Fedora Etc."},"content":{"rendered":"\n

These steps should be similar across Red Hat type distros.<\/p>\n\n\n\n

Before we proceed, lets stop SNMP<\/p>\n\n\n\n

sudo systemctl stop snmpd<\/pre>\n\n\n\n
<\/p>\n\n\n\n
Disable SNMP Versions 1 and 2c<\/h2>\n\n\n\n
First we are going to disable SNMP v1 and v2c<\/p>\n\n\n\n
You can manually edit the \/etc\/snmp\/snmpd.conf file and comment out or delete every line starting with com2sec, group, access.  Or you can run the following sed commands to change it for you.<\/p>\n\n\n\n
sudo sed -i 's\/^com2sec\/# com2sec\/g' \/etc\/snmp\/snmpd.conf
sudo sed -i 's\/^group\/# group\/g' \/etc\/snmp\/snmpd.conf
sudo sed -i 's\/^access\/# access\/g' \/etc\/snmp\/snmpd.conf<\/pre>\n\n\n\n
<\/p>\n\n\n\n
https:\/\/serverfault.com\/questions\/376688\/how-to-disable-version-1-and-version-2c-in-snmpd<\/a><\/p>\n\n\n\n
Create SNMP Version 3 User<\/h2>\n\n\n\n
Follow the prompts to create a SNMP v3 user.<\/p>\n\n\n\n
sudo net-snmp-create-v3-user -ro -a SHA -x AES<\/pre>\n\n\n\n
<\/p>\n\n\n\n
Start SNMP<\/p>\n\n\n\n
sudo systemctl start snmpd<\/pre>\n\n\n\n
You should be good to go. <\/p>\n\n\n\n
If you are running a firewall, you will need to allow an exception for SNMP, UDP port 161.  You may also need to allow an SELinux exception.  Check out the last portion of both these articles.<\/p>\n\n\n\n
\n
Setting up SNMP V3 on CentOS<\/a><\/blockquote>