HPE Community
Operating System - HP-UX
1824345 Members
3494 Online
109669 Solutions
New Discussion юеВ

snmp question(s)

 
SOLVED
Go to solution
Peter Gillis
Super Advisor

тАО07-30-2003 08:39 PM

тАО07-30-2003 08:39 PM

snmp question(s)

Hi - HPUX 11.00, and absolute novice at this snmp stuff....
i need to work out whether or not we are really using snmp. I know I need to change the community name if we are supposed to have snmp running, but how do I which community name it should be changed to? If I am to disable the snmp process - how do I do that ?

Hope there is some help out there,
Thanks maria.
0 Kudos
Reply
7 REPLIES 7
Con O'Kelly
Honored Contributor

тАО07-30-2003 08:53 PM

тАО07-30-2003 08:53 PM

Solution

Re: snmp question(s)

Hi Maria

The main use for SNMP is Network management Software (eg HP Openview NNM).
If you're not using any Network management software, then I'd be inclined to turn it off. If anybody screams, just turn it on again.

You don't necessarily need to set a community name set if you are only doing snmp "get" operations or just sending snmp traps. A community name is only snmp terminology for a password.
You set it to whatever you like in /etc/SnmpAgent.d/snmpd.conf. But any snmp requests etc must then use this community name.

If you want to disable SNMP do the following:
# /sbin/init.d/SnmpMaster stop
Then edit /etc/rc.config.d/SnmpMaster as follows:
SNMP_MASTER_START=0

Cheers
Con
Reply
Rajeev Shukla
Honored Contributor

тАО07-30-2003 08:54 PM

тАО07-30-2003 08:54 PM

Re: snmp question(s)

Hi Maria,

To see if snmp is running or not grep for the daemon called snmpd and starting and stoping is controlled by /etc/rc.config.d/SnmpMaster (Master SNMP Agent) and SnmpHpunix and SnmpMib2 are subagents.

Now the configuration file is /etc/snmpd.conf where you define the comunity name thats is get comunity name (the system will process request of only the comunity you specify)and set comunity name is for sending traps with the specified comunity name. So depending on situation if this server will only send or receive or both you set the comunity name.
There is one more thing "trap-dest" The IP address you put will be the destination address to send the SNMP traps to.

Have a look at /etc/snmpd.conf file that explains comunity names in detail.

Rajeev
Reply
Michael Tully
Honored Contributor

тАО07-30-2003 08:58 PM

тАО07-30-2003 08:58 PM

Re: snmp question(s)

Hi Maria,

To disable snmp simply change the script values in /etc/rc.config.d/Snmp* files to '0' (zero)

The next time the system boots, no snmp processes will start

The bastion paper gives an excellent description:
http://www.hp.com/products1/unix/operating/infolibrary/whitepapers/building_a_bastion_host.pdf

Regards
Michael
Anyone for a Mutiny ?
Reply
Tim Adamson_1
Honored Contributor

тАО07-30-2003 09:04 PM

тАО07-30-2003 09:04 PM

Re: snmp question(s)

Hi Maria,

Check the /etc/rc.config.d/SnmpMaster file. There are other Snmp* files in there too. I think you will find what you are looking for in there.


cheers!
Yesterday is history, tomorrow is a mystery, today is a gift. That's why it's called the present.
0 Kudos
Reply
Peter Gillis
Super Advisor

тАО07-30-2003 09:16 PM

тАО07-30-2003 09:16 PM

Re: snmp question(s)

Thanks for your info. Michael I am unable to get the bastion paper.. cant even open up to /www.hp.com/products1... thankyou for your help anyway.
Maria.
0 Kudos
Reply
John Payne_2
Honored Contributor

тАО07-30-2003 09:38 PM

тАО07-30-2003 09:38 PM

Re: snmp question(s)

Here is a link to the bastion host paper:

http://www.atomicgears.com/papers/bastion11.html
http://secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html


Good luck with everything.

Hope it helps

John
Spoon!!!!
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

тАО08-01-2003 07:02 AM

тАО08-01-2003 07:02 AM

Re: snmp question(s)

Hi,

To verify that snmpd is indeed not running, you can perform a netstat to check if snmpd (udp port 161) is running in LISTEN mode. Alternatively if you have nmap, you can also check whether the snmpd is listening with this:

# nmap -sU -p 161 localhost

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.