LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to open communication between RHEL server & snmp (udp port 161) (https://www.linuxquestions.org/questions/linux-security-4/how-to-open-communication-between-rhel-server-and-snmp-udp-port-161-a-4175586024/)

Hiroshi 08-01-2016 01:58 PM
How to open communication between RHEL server & snmp (udp port 161)
 
Hey Gurus, I'm implementing Solarwinds (snmp udp port 161) as my monitoring tool. I take the following steps:

1- # iptables -A INPUT -p udp --dport 161 -j ACCEPT
# /sbin/service iptables save

2- I edit /etc/hosts.allow and add the IP for the Solarwinds server as follows: snmpd: 129.105.106.0

These two steps usually does the trick, but in some cases it does not. Other than these two steps, what other files need to be edited for this communication to start.

Many thanks in advance for your excellent work.

MensaWater 08-01-2016 03:46 PM
You'd have to start snmpd on the server so it is LISTENing on port 161.

Running "lsof -i :161" would show you if any ports are LISTENing (or otherwise active) on that port.

Running "service snmpd status" on RHEL6 and below would show you whether the snmpd init script has been started. On RHEL7 you'd run "systemctl status snmpd". Substitute "start" for "status" to run the daemons.

Note: Some things might require other services. e.g. on Dell servers we install Dell's Open Manage and our monitoring interrogates MIBs that provides.

Hiroshi 08-01-2016 04:24 PM
snmpd is also running. Is there anything else you can think of that can be blocking the traffic (other than iptables, hosts.deny, or snmpd)?

[root@bartlett-p etc]# service snmpd status
snmpd (pid 1103) is running...
[root@bartlett-p etc]#

Habitual 08-01-2016 05:00 PM
On the Solarwinds server, run this:
Code:
sudo tcpdump -nn -i eth0 src 129.105.106.0 and port 514
and wait to "see" any traffic from 129.105.106.0

Habitual 08-01-2016 06:50 PM
Quote:
Originally Posted by Hiroshi (Post 5584226)
Hey Gurus, I'm implementing Solarwinds (snmp udp port 161) as my monitoring tool. I take the following steps:

1- # iptables -A INPUT -p udp --dport 161 -j ACCEPT
# /sbin/service iptables save

2- I edit /etc/hosts.allow and add the IP for the Solarwinds server as follows: snmpd: 129.105.106.0
Doesn't this also require an
Code:
snmpd:ALL
in /etc/hosts.deny?

Where are you getting your info?

MensaWater 08-03-2016 02:26 PM
I just realized you wrote:
iptables -A INPUT -p udp --dport 161 -j ACCEPT

The "-A" adds to end of chain.

On RHEL5 and RHEL6 the end of the input chain is usually:
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

That causes it to ignore any other rules in the chain after that line. Typically the best way to do this is to use "-I" for insert instead. You also have to specify the line number with -I.

If you run "iptables -nL --line-numbers" you should see all the rules with the line numbers. Use "-D" to delete any rules in INPUT chain beneath the above REJECT line then use the "-I" with appropriate line number to insert the rule somehwere above the REJECT line.

By the way you can restrict the rule to a specific IP (e.g. that of your Solar Winds server) to prevent others from accessing the SNMP on this RHEL server.


All times are GMT -5. The time now is 01:56 PM.