Enable and configure SNMPv3 on Red Hat Enterprise Linux 8.3

Red Hat Enterprise Linux is a Linux distribution developed by Red Hat for the commercial market. Enterprise products require secured monitoring which can be easily done via SNMPv3. I´ll show you how to start with it by enabling and configuring the SNMPv3 daemon.
Enable-and-configure-SNMPv3-on-Red-Hat-Enterprise-Linux-8.3

The latest RHEL release is here. Red Hat Enterprise Linux (RHEL) 8.3 is a powerful and intelligent OS for any hybrid cloud, any cloud and any workload. It has key features – from container tools to deploy tomorrow´s technology, today. It has also SNMPv3 compatibility which gives us the opportunity to securely monitor the health state of our RHEL infrastructure.

Today, I´ll show you how you can enable and configure SNMPv3 on your RHEL. Regardless this article is based on the latest version of RHEL, you can apply the same procedure to previous versions. Before doing that, I guess you know: it is mandatory that your Red Hat Enterprise is registered to Red Hat Subscription Management.

Once you log in to Red Hat, open Terminal and type the command below to install SNMP Daemon. sudo is the SuperUser, yum is a tool for getting, installing, deleting, querying and managing software packages in Red Hat Enterprise Linux versions 5 and later. Type Y to confirm the installation.

sudo yum install net-snmp
Install SNMP Daemon

Once the SNMP is installed and automatically started, you´ll need to stop the SNMP service in order to create an SNMP v3 user. Type the command below to stop the service.

sudo service snmpd stop

Create an SNMP user that will be used to authenticate to your Red Hat server. Alongside the user creation, we´ll also define the authentification algorithm, encryption, and key. Type the following command to do it:

net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES] [username]

where [-ro] is read-only, [-A authpass] is SNMP v3 password, [-a MD5|SHA] are hash algorithm, [-X privpass] is encryption key, [-x DES|AES] are encryption algorithm and [username] is SNMPv3 user. The example from my environment is shown below.

sudo net-snmp-create-v3-user -ro -A mypassword -a SHA -X myencryptionkey -x AES jasmin
Create SNMPv3 user

Once the SNMPv3 user is created, start the SNMPv3 service by executing the command below.

sudo service snmpd start

If you want to verify if SNMPv3 is working properly, you can perform an SNMP walk by using SNMPv3 credentials and parameters. Please note you will need to have “net-snmp-utils” installed on your Red Hat before doing the SNMP walk. In case you don’t have it, you´ll be informed in Terminal.

snmpwalk -u jasmin -A mypassword -a SHA -X myencryptionkey -x AES -l authPriv 127.0.0.1 -v3
SNMP Walk

We did it. Thank you for reading this article. In case of any questions, feel free to comment or contact me.

Comments (6):

  1. Kai

    September 17, 2021 at 16:30

    Hi
    Thanks for making this post, it was great to follow.
    Can you make another where i change the rouser password?

    Reply
    • Jasmin Kahriman

      September 22, 2021 at 19:27

      Thank you, Kai. I might be doing one in a near future.

      Reply
  2. Dei

    November 9, 2021 at 17:33

    Gracias por el articulo, en el caso que se desee actualizar la version 2 a la version 3 solo se debe modificar el archivo snmpd.conf o se requiere realizar algo mas?

    Reply
    • Jasmin Kahriman

      November 12, 2021 at 06:09

      Hi Dei – You need to disable SNMP v1 and v2c in the snmp.conf file, and then follow instructions from the article to enable SNMP v3.

      Reply
  3. sunsun

    October 6, 2023 at 11:38

    smnpwalk: Timeout: No response from 127.0.0.1
    ( from logs:
    snmpd[47832]: security service 3 error parsing ScopePDU

    Firewalld is open on udp/161.

    Noticed that although SHA can be specified ( SHA SHA-256 SHA-512 etc) the keys allow with AES cannot. This is likely a problem with FIPS enabled systems like ours.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Share via
Copy link