1824345 Members
3494 Online
109669 Solutions
New Discussion юеВ

snmp question(s)

 
SOLVED
Go to solution
Peter Gillis
Super Advisor

snmp question(s)

Hi - HPUX 11.00, and absolute novice at this snmp stuff....
i need to work out whether or not we are really using snmp. I know I need to change the community name if we are supposed to have snmp running, but how do I which community name it should be changed to? If I am to disable the snmp process - how do I do that ?

Hope there is some help out there,
Thanks maria.
7 REPLIES 7
Con O'Kelly
Honored Contributor
Solution

Re: snmp question(s)

Hi Maria

The main use for SNMP is Network management Software (eg HP Openview NNM).
If you're not using any Network management software, then I'd be inclined to turn it off. If anybody screams, just turn it on again.

You don't necessarily need to set a community name set if you are only doing snmp "get" operations or just sending snmp traps. A community name is only snmp terminology for a password.
You set it to whatever you like in /etc/SnmpAgent.d/snmpd.conf. But any snmp requests etc must then use this community name.

If you want to disable SNMP do the following:
# /sbin/init.d/SnmpMaster stop
Then edit /etc/rc.config.d/SnmpMaster as follows:
SNMP_MASTER_START=0

Cheers
Con
Rajeev  Shukla
Honored Contributor

Re: snmp question(s)

Hi Maria,

To see if snmp is running or not grep for the daemon called snmpd and starting and stoping is controlled by /etc/rc.config.d/SnmpMaster (Master SNMP Agent) and SnmpHpunix and SnmpMib2 are subagents.

Now the configuration file is /etc/snmpd.conf where you define the comunity name thats is get comunity name (the system will process request of only the comunity you specify)and set comunity name is for sending traps with the specified comunity name. So depending on situation if this server will only send or receive or both you set the comunity name.
There is one more thing "trap-dest" The IP address you put will be the destination address to send the SNMP traps to.

Have a look at /etc/snmpd.conf file that explains comunity names in detail.

Rajeev
Michael Tully
Honored Contributor

Re: snmp question(s)

Hi Maria,

To disable snmp simply change the script values in /etc/rc.config.d/Snmp* files to '0' (zero)

The next time the system boots, no snmp processes will start

The bastion paper gives an excellent description:
http://www.hp.com/products1/unix/operating/infolibrary/whitepapers/building_a_bastion_host.pdf

Regards
Michael
Anyone for a Mutiny ?
Tim Adamson_1
Honored Contributor

Re: snmp question(s)

Hi Maria,

Check the /etc/rc.config.d/SnmpMaster file. There are other Snmp* files in there too. I think you will find what you are looking for in there.


cheers!
Yesterday is history, tomorrow is a mystery, today is a gift. That's why it's called the present.
Peter Gillis
Super Advisor

Re: snmp question(s)

Thanks for your info. Michael I am unable to get the bastion paper.. cant even open up to /www.hp.com/products1... thankyou for your help anyway.
Maria.
John Payne_2
Honored Contributor

Re: snmp question(s)

Here is a link to the bastion host paper:

http://www.atomicgears.com/papers/bastion11.html
http://secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html


Good luck with everything.

Hope it helps

John
Spoon!!!!
Steven Sim Kok Leong
Honored Contributor

Re: snmp question(s)

Hi,

To verify that snmpd is indeed not running, you can perform a netstat to check if snmpd (udp port 161) is running in LISTEN mode. Alternatively if you have nmap, you can also check whether the snmpd is listening with this:

# nmap -sU -p 161 localhost

Hope this helps. Regards.

Steven Sim Kok Leong