Tuesday, 18 January 2011

Debian snmpd not listening on network interfaces

By default snmpd on Debian listens on the local loopback address only.  To fix this you don't exit the /etc/snmp/snmpd.conf (that would be far too obvious).  The file you need to edit is /etc/default/snmpd and change the following line:

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
to read
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid'

Snmpd will now listen on all network interfaces.  While setting it to be more limited by default is a good design idea for security, I have trouble understanding the separate configuration location for this especially as if you look at the init script in /etc/init.d/snmpd that starts the daemon it has a SNMPDOPTS variable used when starting the service that does not include this restriction!  Following the startup to work out what is happening seems to indicate taht the restriction does not exist.  A little note in snmpd.conf mentioning this separate defaults file would be very helpful!

No comments:

Post a comment