Execute all commands as root
tdnf install net-snmp net-snmp-devel net-snmp-perl
You will need all of them, otherwise you'll be missing scripts or MIBs.
Make sure no other snmpd daemons are running, like in a docker container.
snmpconf
then generate snmpd.conf, configure 2: Monitor Various Aspects of the Running Host. Configuraing access control is not needed, we'll add users in a later step.
Read the output, you may need to copy an snmpd.conf file to another directory.
Create a read only user (who uses rw with snmp anyway), with SHA and AES. "readonlyuser" is the username we are creating in this case, we also provide both authentication (-A) and encryption (-X) passwords and algorithms.
There is an interactive mode but it uses MD5 and DES so I don't recommend it.
net-snmp-create-v3-user -ro -A 5F2V8GAAtJfGfdqyc -X 5F2V8GAAtJfGfdqyc -a SHA -x AES readonlyuser
Check out the parameters for this command with --help, you can make it even more secure with other encryption methods than normal SHA for example. Also you're free to pick a different encryption and authentication password, that's probably even more secure.
Afterwards, edit file
/usr/share/snmp/snmpd.conf
and replace the line
rouser readonlyuser
with
rouser readonlyuser priv
That way encryption and authentication is required.
systemctl start snmpd
snmpwalk -a SHA -A 5F2V8GAAtJfGfdqyc -x AES -X 5F2V8GAAtJfGfdqyc -l authPriv -u readonlyuser localhost
should give you a tree as output. You can now use the same command line but with snmpdf
instead of snmpwalk
. That should give you information about free disk usage.
If this works,
Use tcpdump -nni any port 161
to see snmp traffic. Think about how your iptables firewall is configured. Some SNMP tools first ping, so think about allowing ICMP messages as well.
Also think about where the messages are coming from, which interface and which IP. If for example your SNMP client is running in a docker container this might be 172.x.x.x