{"id":4491,"date":"2022-06-23T19:35:00","date_gmt":"2022-06-24T00:35:00","guid":{"rendered":"https:\/\/www.incredigeek.com\/home\/?p=4491"},"modified":"2022-06-23T16:17:37","modified_gmt":"2022-06-23T21:17:37","slug":"hardening-snmp-on-debian","status":"publish","type":"post","link":"https:\/\/www.incredigeek.com\/home\/hardening-snmp-on-debian\/","title":{"rendered":"Hardening SNMP on Debian"},"content":{"rendered":"\n<p>Hardening SNMP on Debian by disabling SNMP v1 and v2c, and configuring SNMP v3.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Modify \/etc\/snmp\/snmpd.conf<\/h2>\n\n\n\n<p>First we&#8217;ll want to open up the \/etc\/snmp\/snmpd.conf file and comment out all lines that begin with <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>rocommunity<\/li><li>view<\/li><li>rouser authPriv  &lt;&#8211; &#8220;This may be the last line by default, we don&#8217;t need it&#8221;<\/li><\/ul>\n\n\n\n<p>Alternatively, you can copy and paste the following sed commands instead of manually editing the file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo sed -i 's\/^rocommunity\/# rocommunityc\/g' \/etc\/snmp\/snmpd.conf\nsudo sed -i 's\/^view\/# view\/g' \/etc\/snmp\/snmpd.conf\nsudo sed -i 's\/^rouser authPriv\/# rouser authPriv\/g' \/etc\/snmp\/snmpd.conf<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Create SNMP v3 User<\/h2>\n\n\n\n<p>We can create a SNMP v3 user with the following command.  There it will ask you for the username and passwords.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo net-snmp-create-v3-user -ro -a SHA-512 -x AES<\/pre>\n\n\n\n<p>You may receive an error about not being able to touch \/snmp\/snmpd.conf.  I am not sure why Debian is attempting to create that file.  Take the &#8220;rouser snmpuser&#8221; line and add it to the end of the \/etc\/snmp\/snmpd.conf config.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2022\/06\/image-8.png\"><img loading=\"lazy\" decoding=\"async\" width=\"744\" height=\"275\" src=\"https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2022\/06\/image-8.png\" alt=\"\" class=\"wp-image-4494\" srcset=\"https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2022\/06\/image-8.png 744w, https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2022\/06\/image-8-300x111.png 300w, https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2022\/06\/image-8-500x185.png 500w\" sizes=\"auto, (max-width: 744px) 100vw, 744px\" \/><\/a><figcaption>Debian SNMP Error<\/figcaption><\/figure>\n\n\n\n<p>Now we can start SNMPD<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo systemctl start snmpd<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Troubleshooting<\/h2>\n\n\n\n<p><strong>My created user is not working! <\/strong> This could result from two different issues.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>It appears that Debian\/SNMP doesn&#8217;t like pass phrases with special characters.  You can try using a different password or escaping the special characters in &#8220;\/var\/lib\/snmp\/snmpd.conf&#8221; file before starting SNMPD.<\/li><li>The user didn&#8217;t get added to \/etc\/snmp\/snmpd.conf  To fix, add &#8220;rouser snmpuser&#8221; (Change snmpuser to your snmp username) to the bottom of the config file.<\/li><\/ol>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hardening SNMP on Debian by disabling SNMP v1 and v2c, and configuring SNMP v3. Modify \/etc\/snmp\/snmpd.conf First we&#8217;ll want to open up the \/etc\/snmp\/snmpd.conf file and comment out all lines that begin with rocommunity view rouser authPriv &lt;&#8211; &#8220;This may &hellip; <a href=\"https:\/\/www.incredigeek.com\/home\/hardening-snmp-on-debian\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[130,1],"tags":[51,133,261,360],"class_list":["post-4491","post","type-post","status-publish","format-standard","hentry","category-snmp","category-uncategorized","tag-debian","tag-snmp-2","tag-snmp-v3","tag-snmpv3"],"_links":{"self":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/comments?post=4491"}],"version-history":[{"count":2,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4491\/revisions"}],"predecessor-version":[{"id":4496,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4491\/revisions\/4496"}],"wp:attachment":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/media?parent=4491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/categories?post=4491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/tags?post=4491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}