Skip to main content

Security Server

Configure the SNMP agent on Security Server

Configuring the SNMP agent on the Bitdefender Security Server will make the communication and information delivery to your SNMP manager possible.

Simple Network Management Protocol (SNMP) is used for collecting information from network devices such as servers, hubs, switches and routers on an Internet Protocol network. It is designed to have minimal transport requirements and to continue working when most other network applications fail. SNMP is collecting information such as CPU and RAM usage, server load, and traffic status on a network interface.

The SNMP agent is a program that is packaged within the network element. Enabling the agent allows it to collect the management information database from the device locally and makes it available to the SNMP manager, when it is queried for.

In typical uses of SNMP, one or more administrative computers called Managers have the task of monitoring or managing a group of hosts or devices on a computer network. Each managed system executes a software component called an Agent, which reports information via SNMP to the Manager.

This section explains how to configure the SNMP agent on Bitdefender Security Server to make possible the communication and information delivery to your SNMP manager.

Note

The SNMP package is present on the Security Server Multi-Platform starting with version 6.1.68.7705.

To configure the SNMP agent on the Security Server, you must follow these steps:

  1. Log in to Security Server via SSH, using the root credentials or another user with administrative privileges, if set.

    Important

    The default password for root is sve. We recommend changing it as soon as possible.

  2. Make sure no SNMP daemon process is running, and if it is, you must terminate it by using the following command:

    root@bitdefender-sva:~# service snmpd stop

  3. Create backup for the /etc/snmp/snmpd.conf file using the following command:

    cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak$

  4. Open the /etc/snmp/snmpd.conf file using a text editor and configure the SNMP daemon to listen on both a local host and an interface IP. By default, the SNMP agent on is set to allow connections originating only from the local host. Search for the line containing the agentaddress and configure it as follows:

    sudo nano /etc/snmp/snmp.conf
#agentaddress  127.0.0.1,[::1]
agentAddress udp:127.0.0.1:161,udp:your_interface_IP:161

    Note

    You can also change the transport protocol over TCP or SSH tunneling, but you must make sure it’s supported by your monitoring appliance. For example, Cacti can’t handle SNMP over TCP.

  5. To create the SNMP v3 user, add the following line in the /etc/snmp/snmpd.conf file :

    createUser snmpadmin SHA "your_auth_pass" AES "your_privacy_pass"

    Only the following authentication types can be used:

    • MD5

    • SHA

    • SHA-512

    • SHA-384

    • SHA-256

    • SHA-224

    Note

    Not all SHA variations are fully supported on all monitoring tools. You must use the DES and AES privacy protocols.

    The minimum passphrase length is 8 characters. If the privacy passphrase is not specified, the authentication passphrase is selected by default.

  6. Add the user directive, rouser or rwuser, to allow read-only or read-write access, by adding the following line in the /etc/snmp/snmpd.conf file :

    rouser snmpadmin authpriv

    The SNMP v3 agent supports the following set of security levels as defined in the official The RFC Series USM MIB (RFC 2574) documentation:

    • noAuthNoPriv - communication without authentication and privacy

    • authNoPriv - communication with authentication and without privacy

    • authPriv - communication with authentication and privacy

  7. Start the SNMP daemon and check if the user was added in the /var/lib/snmp/snmpd.conf file by using the following command:

    root@bitdefender-sva:~#service snmpd start

    This is a sample of the snmpd.conf file:

    root@bitdefender-sva:~# pgrep snmpd
202826
root@bitdefender-sva:~# service snmpd status
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
     Loaded: loaded (/lib/systemd/system/snmpd.service; disabled; vendor preset: enabled)
     Active: active (running) since Mon 2024-01-15 22:09:27 UTC; 11h ago
    Process: 202815 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)
   Main PID: 202826 (snmpd)
      Tasks: 1 (limit: 2258)
     Memory: 3.7M
     CGroup: /system.slice/snmpd.service
             └─202826 /usr/sbin/snmpd -LOw -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f -p /run/snmpd.pid
root@bitdefender-sva:~# netstat -nlpu | grep snmp
udp        0      0 10.18.139.1:161         0.0.0.0:*                           202826/snmpd        
udp        0      0 127.0.0.1:161           0.0.0.0:*                           202826/snmpd        
#
# net-snmp (or ucd-snmp) persistent data file.
#
############################################################################
# STOP STOP STOP STOP STOP STOP STOP STOP STOP 
#
#          **** DO NOT EDIT THIS FILE ****
#
# STOP STOP STOP STOP STOP STOP STOP STOP STOP 
############################################################################
#
# DO NOT STORE CONFIGURATION ENTRIES HERE.
# Please save normal configuration tokens for snmpd in SNMPCONFPATH/snmpd.conf.
# Only "createUser" tokens should be placed here by snmpd administrators.
# (Did I mention: do not edit this file?)
#

usmUser 1 3 0x80001f88805b165469ceee666500000000 "snmpadmin" "snmpadmin" NULL .1.3.6.1.6.3.10.1.1.7 0x40b337c3ce06edf6b4fd0ebbbdac5dee06fd4fc67c0b1372b9f76a94ed5cc31234d09edc9c03b59a5b8e89676e501ba6a59f>
usmUser 1 3 0x80001f88805b165469ceee666500000000 "snmpadmin2" "snmpadmin2" NULL .1.3.6.1.6.3.10.1.1.3 0x4707b03a201c155bfabeedce29b16a3e11351661 .1.3.6.1.6.3.10.1.2.4 0x4707b03a201c155bfabeedce29b16a3e >
usmUser 1 3 0x80001f88805b165469ceee666500000000 "snmpadmin3" "snmpadmin3" NULL .1.3.6.1.6.3.10.1.1.3 0x4707b03a201c155bfabeedce29b16a3e11351661 .1.3.6.1.6.3.10.1.2.4 0x4707b03a201c155bfabeedce29b16a3e >
usmUser 1 3 0x80001f88805b165469ceee666500000000 "snmpadmin4" "snmpadmin4" NULL .1.3.6.1.6.3.10.1.1.7 0xa1b0e4c0c34c8af1a395d65a71578468f18bfadd2b5cac1477a0f0817925e01d9178bc4b74b3ad7e91c3f9ef6600176221>
setserialno 582543615

    Note

    Once you add the user, if you change the password from the /etc/snmp/snmpd.conf file, the change is not reflected in the /var/lib/snmp/snmpd.conf file and authentication failures will occur. In addition, you must not manually edit the /var/lib/snmp/snmpd.conf file.

  8. Install SNMPwalk, using the apt install snmp command to test the connection. Make sure there are no other network access related issues while checking if the feature works.

    You can now test if the SNMP v3 feature is working by connecting to it from a different machine.

    The following are examples of connection tests when the password is correct or incorrect:

    • using a correct password:

      username@work:~$ snmpwalk -v3 -a SHA-512 -A "password" -x AES -X "password" -l authPriv -u snmpadmin4 SVA_IP | head
iso.3.6.1.2.1.1.1.0 = STRING: "Linux bitdefender-sva 5.4.0-167-generic #184-Ubuntu SMP Tue Oct 31 09:21:49 UTC 2023 x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (1599) 0:00:15.99
iso.3.6.1.2.1.1.4.0 = STRING: "Me <[email protected]>"
iso.3.6.1.2.1.1.5.0 = STRING: "bitdefender-sva"
iso.3.6.1.2.1.1.6.0 = STRING: "Sitting on the Dock of the Bay"
iso.3.6.1.2.1.1.7.0 = INTEGER: 72
iso.3.6.1.2.1.1.8.0 = Timeticks: (7) 0:00:00.07
iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.10.3.1.1
iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.11.3.1.1

    • using an incorrect password:

      username@work:~$ snmpwalk -v3 -a SHA-512 -A "password" -x AES -X " password" -l authPriv -u snmpadmin4 SVA_IP | head
snmpwalk: Authentication failure (incorrect password, community or key)

    Some SNMP packages and network monitoring tools have restrictions related to the use of special characters in passwords. The most common list is: (, ), ;, !, |, $, <, >, ', ", `, \, {, }.

    The following is an example of an error displayed by the SNMPwalk feature installed on an Ubuntu machine:

    root@administrator-virtual-machine:/home/administrator# snmpwalk -v3 -a SHA -A "!@#4QWEr" -x AES -X "!@#4QWEr" -l authPriv -u snmpadmin SVA_IP | head
bash: !@#4QWEr: event not found

  9. (Optional) To install to install the Management Information Base (MIB) modules for Ubuntu 20.04, you must first uncomment the following repositories, found in the /etc/apt/sources.list.d/ubuntu.list file:

    • deb http://us.archive.ubuntu.com/ubuntu focal main restricted

    • deb http://us.archive.ubuntu.com/ubuntu focal-updates main restricted

    • deb http://us.archive.ubuntu.com/ubuntu focal universe

    • deb http://us.archive.ubuntu.com/ubuntu focal-updates universe

    • deb http://us.archive.ubuntu.com/ubuntu focal multiverse

    • deb http://us.archive.ubuntu.com/ubuntu focal-updates multiverse

    • deb http://us.archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse

    • deb http://us.archive.ubuntu.com/ubuntu focal-security main restricted

    • deb http://us.archive.ubuntu.com/ubuntu focal-security universe

    • deb http://us.archive.ubuntu.com/ubuntu focal-security multiverse

    Run the following commands commands to install the modules:

    apt-get update
apt -y install snmp-mibs-downloader

    Important

    You must recomment the repositories after this step to prevent unnecessary packages from being installed.

  10. Terminate the SNMP daemon process by running the following command:

    root@bitdefender-sva:~# service snmpd stop

  11. Add the Security Server into your network monitoring tool and enable it.

  12. Comment the mibs line from the /etc/snmp/snmp.conf file, like in the following example:

    root@bitdefender-sva:/etc/snmp# cat snmp.conf
# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loading them by commenting out the following line.
#mibs :

# If you want to globally change where snmp libraries, commands and daemons
# look for MIBS, change the line below. Note you can set this for individual
# tools with the -M option or MIBDIRS environment variable.
#
# mibdirs /usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf

  13. Start the SNMDP agent using the following command:

    root@bitdefender-sva:~#service snmpd start

By default, the SNMPD service starts manually. To start the service automatically when the Security Server restarts, run the following commands:

# systemctl enable snmpd
# systemctl start snmpd
In this section: