In this page I detail the configuration of SNMP services on ad01, web01, and ad01. Along with some setup notes for the new network monitoring system nmon01, a CentOS 7 system, and web01, same OS as nmon01. NOTE: All the new systems should have A and PTR records, how to do that is contained in previous lab entries. I.E SYS265-Entry for: Lab00 - Routing and Windows sections "MGMT01".

First I made sure that both of the new boxs, nmon01 and web01, network interface 1 was set to LAN.

Then I booted up web01, entered the login information found here, and used the command "nmtui" where I did the following :

(NOTE: All information in BOLD in the setup of web01 is what has to be changed for nmon01. This is possible since the process is the same for both systems just with different IPs, hostnames, etc.)

I followed the path Edit the path > selected the first option > set the following information:

• Pressed show for IPV4 Configuration
• Set "Automatic" to "Manual"
• IP Address and Netmask - 10.0.5.200/24 10.0.5.11/24 (should be entered in exactly like this)
• Gateway - 10.0.5.2
• DNS - 10.0.5.5
• Search Domain - oliver.local

I then scrolled down and clicked "OK", and navigated back to the initial nmtui screen. I then clicked on "Set system hostname" where I set it to web01-oliver nmon01-oliver > pressed ok > then exit.

I then used the following command:

• "useradd -mk /etc/skel -s /bin/bash -d /home/(username) -G wheel (username)"

on both web01 and nmon01, to add a new local admin user to the system. (NOTE: The instances of indicate to enter the username of the user and should not be left (username).

After this I used the command:

• "passwd (username)"

and set a password for that user. REMEBER THIS!!!!!!

I also disabled root SSH login doing the following on both systems:

• Edit sshd_config with the command "vi /etc/ssh/sshd_config"
• Change the line "#PermitRootLogin yes" to "PermitRootLogin no" (note the lack of #)
• Restart sshd with the command "/etc/init.d/sshd restart"
  SOURCE: https://mediatemple.net/community/products/dv/204643810/how-do-i-disable-ssh-login-for-the-root-user

I then rebooted the machine I was working on, whether that be web01 or nmon01, and when it restarted logged in with the username set above. To double check everything was working I pinged ad01, google.com, and used the command "ip a" to check my IP was what it was supposed to be.

I then installed Apache on the web01 system with the command:

• "sudo yum install httpd".

Then I started Apache with the command:

• "sudo systemctl start httpd".

To verify everything was working I ran the command: "sudo systemctl status httpd", And saw that the service was active and running.

Next I added the appropriate port to the firewall with the following command:

• "sudo firewall-cmd ––permanent ––add-port=80/tcp".

And then I reloaded the firewall with the command:

• "sudo firewall-cmd ––reload".

NOTE: Whenever web01 and nmon01 are mention from now on, it will be in the context of them being SSH'd into using PuTTY from mgmt01 using the newly created user.

Then from wks01 I went to the pfsense firewall configuration, "https://10.0.5.2" is the address in the browser, navigated to SNMP section through "Services" > "SNMP" and set the following information:

• Made sure SNMP was enabled with the check box
• Made sure the polling number was 161
• System Location: Lakeside
• System Contact: Oliver Mustoe
• Read Community String: SYS265
• Made sure that SNMP Traps was NOT enabled
• All of the SNMP modules were checked
• Made sure that the binded interface was "LAN"
• Pressed "Save"

I then installed the SNMP client on nmon01 with the command:

• "sudo yum install net-snmp-utils".

I checked that everything was working correctly by using the command "snmpwalk -Os -c SYS265 -v2c fw01-oliver system" on nmon01. This showed the SNMP values set earlier for the firewall.

Then I installed SNMPD, an SNMP Server, on web01 with the command:

• "sudo yum install net-snmp-utils net-snmp".

I then made a copy of the file "/etc/snmp/snmpd.conf", and then edited to change it from the default configuration with the command "vi /etc/snmp/snmpd.conf". The only thing that should be in the file is the following:
"com2sec myNetwork 10.0.5.0/24 SYS265
group myROGroup v2c myNetwork
view all included .1 80
access myROGroup "" any noauth exact all none none"

I then allowed the appropriate port through the firewall with the command:

• "sudo firewall-cmd ––permanent ––add-port=161/udp"

and then reloaded the firewall the same way I did above.

I checked that everything was working correctly by using the command "snmpwalk -Os -c SYS265 -v2c web01-oliver system" on nmon01. This showed the SNMP values for web01.

I installed the SNMP Service Feature on ad01 using server manager on mgmt01 by clicking "Manage" > Clicked "Add Roles and Features" > Clicked next > Made sure role-based was selected and clicked next > Selected "ad01-oliver.local.local" from the pool and clicked next > Clicked next > In the features tab scrolled down to "SNMP Service" and made sure it was selected > continued on until the confirmation screen and clicked to enable restarting the server if need be.

After that was done I installed the SNMP Service Feature on mgmt01 using server manager on mgmt01 by clicking "Manage" > Clicked "Add Roles and Features" > Clicked next > Made sure role-based was selected and clicked next > Selected "mgmt01-oliver.local.local" from the pool and clicked next > Clicked next > In the features tab scrolled down to "Remote Server Administration Tools" and expanded it > expanded "Feature Administration Tools" > selected "SNMP Tools" > continued on until the confirmation screen and installed.

After all of this I opened a PowerShell session on ad01 from mgmt01, right click ad01 in server manager and select "Windows PowerShell", and entered the following command for Remote Computer Management to work:

• "Set-NetFirewall Rule -DisplayGroup "Remote Even Log Management" -Enabled True"

I then opened a Remote Computer Management session on ad01, right click ad01 in server manager and select "Computer Management", expanded "Services and Applications" > selected Services> scrolled down to "SNMP Service" where I set the following in the "Security" tab:

• Made sure "Send authentication trap" was selected
• Added "SYS265" to the accepted community names section as read only
• Changed to accept SNMP packets from certain hosts instead of any host
• Added "nmon01-oliver" to the accepted list

I then applied the settings, pressed apply, and exited by pressing OK. I then restarted the SNMP service with the button right under the name labeled "restart".

I checked that everything was working correctly by using the command "snmpwalk -Os -c SYS265 -v2c ad01-oliver system" on nmon01. This showed the SNMP values for ad01.

As a final check I ran a tcpdump on web01 on it's primary interface, port 161, capturing 10 packets and then dumping them in ASCII format with the command: "sudo tcpdump -i ens192 port 161 -c10 -AAA". I then ran the snmpwalk command from above against web01, which should show results on web01 that in clear text shows the community string.