6

Because I just use snmp v3 and want to disable version 1 and version 2c in snmpd.

How can I do this?

Lucas Kauffman
  • 16,880
  • 9
  • 58
  • 93
JMW
  • 1,463
  • 4
  • 19
  • 27

2 Answers2

7

Comment out the lines that start with com2sec, group, and access in snmpd.conf, e.g:

 [root@sandbox snmp]# cat snmpd.conf
 #com2sec notConfigUser  default       public
 #group   notConfigGroup v1           notConfigUser
 #group   notConfigGroup v2c           notConfigUser
 view    systemview    included   .1.3.6.1.2.1.1
 view    systemview    included   .1.3.6.1.2.1.25.1.1
 #access  notConfigGroup ""      any       noauth    exact  systemview none none
 #com2sec local     0.0.0.0/0        publicrw
 #com2sec mynetwork 0.0.0.0/0        publicro
 #group MyRWGroup  any        local
 #group MyROGroup  any        mynetwork
 view all    included  .1                               80
 view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc
 #access MyROGroup ""      any       noauth    0      all    none   none
 #access MyRWGroup ""      any       noauth    0      all    all    all
 syslocation Unknown (edit /etc/snmp/snmpd.conf)
 syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
 rwuser readonly

[root@sandbox snmp]# snmpwalk -v1 -c public localhost
Timeout: No Response from localhost

[root@sandbox snmp]# snmpwalk -v2c -c public localhost
Timeout: No Response from localhost

[root@sandbox snmp]# snmpwalk -v 3 -n '' -l authPriv -u "readonly" -A "readonly" -X "readonly" localhost IF-MIB::ifName
IF-MIB::ifName.1 = STRING: lo 
IF-MIB::ifName.2 = STRING: eth0
IF-MIB::ifName.3 = STRING: eth1
Chris Williams
  • 265
  • 2
  • 5
  • 14
chocripple
  • 2,109
  • 14
  • 9
1

it's good to run snmpwalk tests from chocripple answer before and after disabling v1, v2 https://serverfault.com/a/376693/460967

A simple solution:

  1. stop the SNMP daemon
  2. rename (move) snmpd.conf (the default config has v1, v2 enabled)
  3. create an SNMPv3 user, e.g. a r/o user (it will create a new snmpd.conf with SNMPv3 only)
  4. enable & start the SNMP daemon
systemctl stop snmpd
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
net-snmp-create-v3-user -ro -a SHA -x AES <myv3user>
systemctl enable snmpd
systemctl start snmpd
systemctl status snmpd
  1. (optionally) run snmpwalk tests to make sure that v1, v2 are off and v3 works.
BBQ
  • 31
  • 3