Skip to main content
Skip table of contents

Supporting Authenticated SNMP Support Without Net-SNMP Access to Epoch of RPM Database


Purpose

This document describe how Support Authenticated SNMP Support Without Net-SNMP Access to Epoch of RPM Database.

Introduction

To support authenticated SNMP support where net-snmp does not allow access to epoch of RPM database, a custom script is needed. 

SNMP v1 and v2c is unencrypted, so values (including community names) from queries and responses sent to and from the SNMP-monitored device can be read by someone with access to the network.

SNMP v3 and v2c both provide the same data and although v3 has a slight performance overhead because it encrypts the traffic. The ease of management of using the same protocol across the network makes a very strong case for using only SNMP v3.

Caution!

SNMP should be considered as sensitive data so this should only be allowed on trusted networks and using SNMP v3 since SNMP v1 and v2 is unencrypted.

Configuration

Requirements

Only the following distributions are handled by this script:

  • RHEL
  • CentOS

Script

Caution!

It is important to limit the write access to this script as the agentuser can configured to run as root every time a request is made. By default the user snmp is used. Also note that its path is obtainable over SNMP.


BASH 
#!/bin/sh 
distro=$(grep -Eo '^ID=\"[A-Za-z\.]+\"' /etc/os-release 2>/dev/null)
if [ $? -ne 0 ]
then
     distro="unknown" 
else
     distro=`echo $distro | sed 's/ID=\"\(.*\)\"/\1/g'` 
fi 
echo $distro 
/bin/rpm -qa –qf '%{NAME}|%{EPOCH}:%{VERSION}|%{RELEASE}|%{SOURCERPM}\n' 
exit $?


Setup

To make this script available over SNMP: 

  1. Copy the script in the Script section and save it as /etc/snmp/o24-rpm.sh

  2. Make the script write protected and executable.

    BASH 
    # chmod a-w,o+rx /etc/snmp/o24-rpm.sh

  3. Edit the /etc/snmp/snmpd.conf file and add the extend directive by enter the following:

    BASH 
    extend o24-rpm-db /etc/snmp/o24-rpm.sh

  4. Restart the SNMP daemon:

    BASH 
    $ sudo service snmpd restart

    To verify that everything is working, perform the snmpwalk command where user is your username and pass is your password as shown in the example below:

    BASH 
    snmpwalk -v 3 -a MD5 -x DES -u ’user’ -A ’pass’ -X ’pass’ \ -l authPriv localhost \ .1.3.6.1.4.1.8072.1.3.2.4.1.2.10.111.50.52.45.114.112.109.45.100.98

    Which translate into:

    BASH 
    NET-SNMP-EXTEND-MIB::nsExtendOutLine."o24-rpm-db"




    Copyright

    © 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

    Trademark

    Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close