[New post] Setup of SNMP v3 DTLS/TLS snmptrapd informs and snmpd trapsess in CentOS/RHEL 7 Linux – net-snmp

Devin BARTON posted: " this tutorial video succeeds my howto on snmpd setup in TLS/DTLS mode. There is the link: https://youtu.be/BTEFwYbGJ-8 In CentOS/RHEL 7 Linux we're going to setup SNMP v3 snmptrapd to accept secure TLS/DTLS informs and traps. We will also modify snmp" New post on BENISNOUS Setup of SNMP v3 DTLS/TLS snmptrapd informs and snmpd trapsess in CentOS/RHEL 7 Linux – net-snmp by Devin BARTON this tutorial video succeeds my howto on snmpd setup in TLS/DTLS mode. There is the link: In CentOS/RHEL 7 Linux we're going to setup SNMP v3 snmptrapd to accept secure TLS/DTLS informs and traps. We will also modify snmpd to generate trapsess using TLS/DTLS. List of used commands: ____________ 1) Where are we? cat /etc/centos-release 2) List installed net-snmp RPMs rpm -qa | grep net-snmp 3) Show available TLS certificates net-snmp-cert showcerts --fingerprint 4) On the manager, open /etc/snmp/snmptrapd.conf vim /etc/snmp/snmptrapd.conf 5) Add there following lines. We will have to insert real SHA1 fingerprints as retrieved in step 3 [snmp] localCert {manager certificate} certSecName 20 {agent certificate} --sn trapuser authUser log -s tsm trapuser 6) On the manager open /etc/sysconfig/snmptrapd vim /etc/sysconfig/snmptrapd 7) Add there following lines. We have to enable snmptrapd to listen on TLS/DTLS ports. Replace hostnames with your real. OPTIONS="-Lsd -p /var/run/snmptrapd.pid 127.0.0.1:162 {hostname}:162 dtlsudp:127.0.0.1:10162 tlstcp:127.0.0.1:10162 dtlsudp:{hostname}:10162 tlstcp:{hostname}:10162 -m ALL -M /opt/share/snmp/mibs:/usr/share/snmp/mibs" 8) On the manager enable snmptrapd and start it systemctl enable snmptrapd systemctl start snmptrapd 9) On the manager, monitor /var/log/messages for new SNMP messages tail -f /var/log/messages 10) On the agent generate inform message from commandline. First to DTLS port snmpinform -v 3 -u trapuser -T our_identity={agent certificate} -T their_identity={manager certificate} dtlsudp:{hostname}:10162 42 coldStart.0 It works! Message appeared in the log on the manager node. 11) Now the same with TLS port. snmpinform -v 3 -u trapuser -T our_identity={agent certificate} -T their_identity={manager certificate} tlstcp:{hostname}:10162 Works again! Message arrived too. 12) Informs works. Now the second part - trapsess - informs generated by snmpd. 13) On the agent open the /etc/snmp/snmpd.conf vim /etc/snmp/snmpd.conf 14) Add trapsess DTLS definition trapsess -T our_identity={agent certificate} -T their_identity={manager certificate} dtlsudp:{hostname}:10162 16) Restart snmpd. Start/stop of snmpd generates trap as well. Watch /var/log/messages systemctl restart snmpd source by Jaroslav Kucera simple network management protocol Devin BARTON | February 25, 2021 at 9:46 am | Categories: NETWORK ADMINISTRATIONS, snmp | URL: https://benisnous.com/?p=187550 Comment    See all comments Unsubscribe to no longer receive posts from BENISNOUS. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: https://benisnous.com/setup-of-snmp-v3-dtls-tls-snmptrapd-informs-and-snmpd-trapsess-in-centos-rhel-7-linux-net-snmp/