Very nice SNMP+solaris security document: http://ist.uwaterloo.ca/security/howto/2000-10-04/learned.html
Info about SNMP communities: http://www.hn.edu.cn/book/NetWork/NetworkingBookshelf_2ndEd/snmp/ch02_02.htm
I set up 600-configure-snmp in autoinstall.
Two part SNMP FAQ: http://www.faqs.org/faqs/snmp-faq/
Using the version of snmp that comes with Fedora Core 3 to enumerate bingy's SNMP-accessible data: snmpwalk -v 1 bingy.nac.uci.edu . -c xxxxxxxx Using -v 2c or -v 3 both give timeouts, leading me to conclude that the Sun SNMP only does SNMPv1
SNMPv3 is finally supposed to have some kind of reasonable security built into it. Net-SNMP supports v1, v2c and v3.
With Solaris 9 SNMP, you can define ACL's of IP addresses by specifying "managers =" or "managers" with a list of hostnames. You don't need curly braces, and commas break things - just separate the hostnames with spaces. Be sure to include the hostname of the machine that the SNMP daemons are running on in the ACL, or no other hosts (?) will be able to get access either.
Restarting Solaris 9 SNMP: I tried /etc/init.d/init.snmpdx stop followed by start, but this is not sufficient for some things. I also tried killing and restarting the two processes that had "snmp" in their names, but this was insufficient as well, specifically for changing ACL's.
Rumor has it that some SNMP daemons will only allow up to 5 hostnames per "managers =" section or "managers" section, but you can (?) specify more than one managers keyword.
RHEL 3: chkconfig snmpd on chkconfig snmptrapd off service snmpd restart File configs are in 600-configure-snmp
IRIX: chkconfig -f snmpd on -not- chkconfig -f snmp on, despite the name of the init.d script File configs are in 600-configure-snmp Probably need to install eoe.sw.netman on new installs, and all our existing IRIX hosts via srsh, using "inst"
Copied from a question and response to that question I posed on the net snmp users mailing list: On Tue, 2005-05-31 at 23:03, Dan Stromberg wrote: > My question then is, how different are the following versions of net snmp, > as far as what config files to edit, and what to put in them? The config files for those three versions should be pretty similar. Certainly, a 5.0.9 config file will work with both 5.1.2 and 5.2.1 Going backwards might throw up some problems, depending on what directives you've used. But we've always tried to keep backward compatability, so once a directive has been introduced, it should keep working. The main exception that springs to mind is the "exec" directive, when given an explicit root OID. The 5.2.x line introduces a replacement "extend" directive, which works in a similar way, but with a new (and improved) MIB structure. The old "exec" directive is still supported for now, but will issue a warning. In due course, we will probably drop this from the default build (though probably not altogether).
Is there any particular reason you are aiming at the (obsolete) SMUX extension protocol, rather than the newer AgentX ?