How To Install SNMP on Fedora 43

15 minutes read

Network monitoring forms the backbone of reliable system administration. SNMP (Simple Network Management Protocol) enables administrators to collect vital performance metrics, monitor device health, and receive real-time alerts from servers and network equipment. This universal protocol works seamlessly across vendors and platforms, making it an essential tool for managing infrastructure.

Fedora 43 users can leverage SNMP to track CPU utilization, memory consumption, disk space, network bandwidth, and running processes. Whether you’re managing a single server or overseeing an entire data center, implementing SNMP monitoring provides visibility into system performance. This comprehensive guide walks you through installing and configuring both SNMPv2c and SNMPv3 on Fedora 43, with detailed security practices and troubleshooting solutions.

By the end of this tutorial, you’ll have a fully functional SNMP setup ready to integrate with monitoring platforms like Nagios, Zabbix, or LibreNMS. Let’s begin with understanding what SNMP is and how it operates.

Table of Contents

What is SNMP?

Simple Network Management Protocol is an application-layer protocol designed for managing and monitoring network-connected devices. SNMP operates on a client-server model where management stations (clients) query agents (servers) for information stored in a Management Information Base (MIB). The MIB is essentially a hierarchical database containing system variables that can be queried or modified.

The protocol architecture consists of three key components. SNMP agents run on monitored devices and collect local system information. SNMP managers send requests to agents and process responses. The Management Information Base organizes data into a tree structure using Object Identifiers (OIDs) to uniquely identify each piece of information.

Common monitoring scenarios include tracking CPU load, measuring available RAM, monitoring network interface statistics, checking disk usage, and counting active processes. SNMP excels at these tasks because it’s lightweight, uses minimal bandwidth, and maintains broad compatibility across operating systems and hardware platforms.

The protocol communicates over UDP port 161 for standard queries and UDP port 162 for trap notifications. Traps are asynchronous messages that agents send to managers when specific events occur, such as service failures or threshold breaches. This event-driven approach reduces network overhead compared to constant polling.

Net-SNMP is the de facto SNMP implementation for Linux distributions. This open-source package provides both the daemon (snmpd) for running an agent and utilities (snmpwalk, snmpget, snmpset) for querying and testing SNMP functionality.

Understanding SNMP Versions

SNMP has evolved through three major versions, each addressing limitations of its predecessor. Choosing the appropriate version depends on your security requirements and network environment.

SNMPv1 debuted in 1988 as the original protocol specification. It uses community strings as passwords, transmitting them in plain text across the network. Authentication relies solely on these shared secrets, making SNMPv1 vulnerable to packet sniffing and replay attacks. The protocol supports 32-bit counters, which can overflow on high-speed interfaces processing large amounts of data. While still functional, SNMPv1 lacks the security features necessary for modern production environments.

SNMPv2c arrived in 1993 with performance improvements. The “c” denotes community-based authentication, meaning it retained the community string model from version 1. Key enhancements include 64-bit counters that prevent overflow on gigabit and faster interfaces, and the GetBulk operation that retrieves multiple OID values in a single request. This bulk retrieval significantly reduces network traffic when collecting extensive data sets. However, SNMPv2c still transmits community strings in clear text, maintaining the security vulnerabilities of its predecessor.

SNMPv3 launched in 1998 as the security-focused iteration. It introduced the User-based Security Model (USM) with authentication and privacy protocols. Authentication uses HMAC-MD5 or HMAC-SHA algorithms to verify message integrity and sender identity. Privacy employs DES or AES encryption to protect data confidentiality during transmission. SNMPv3 also implements protection against message replay, masquerade, modification, and disclosure attacks. These security features make SNMPv3 the recommended choice for production deployments and any environment handling sensitive information.

For internal testing or isolated network segments, SNMPv2c provides adequate functionality with simpler configuration. Production servers, especially those accessible from broader networks, should always use SNMPv3 with both authentication and encryption enabled.

Prerequisites

Before beginning the installation process, ensure your system meets these requirements:

A Fedora 43 installation with root or sudo privileges is essential. You’ll need to execute system commands and modify configuration files. An active internet connection allows package downloads from Fedora repositories. Basic familiarity with the command-line interface helps you navigate directories and edit text files.

Access to firewall configuration is necessary since SNMP requires opening specific UDP ports. Fedora 43 ships with firewalld enabled by default. If you plan to test SNMP remotely, having a second machine with SNMP utilities installed proves helpful for validation.

The installation and configuration process typically completes in 15 to 20 minutes. Gather your desired community strings or SNMPv3 credentials before starting to streamline the setup.

Step 1: Update Your System

System updates ensure you’re installing packages against the latest security patches and bug fixes. Open a terminal and execute the update command:

sudo dnf update -y

The -y flag automatically confirms installation prompts. DNF will download and install available updates for all packages on your system. This process may take several minutes depending on how many packages require updating and your connection speed.

If kernel updates are applied, rebooting your server ensures the new kernel loads properly:

sudo reboot

After reboot, verify your system is running Fedora 43:

cat /etc/fedora-release

You should see output confirming Fedora release 43. Now your system is prepared for SNMP package installation.

Step 2: Install SNMP Packages

Fedora provides SNMP functionality through the Net-SNMP suite. Two packages are required for complete functionality.

The net-snmp package contains the SNMP daemon that runs as a background service. This daemon responds to incoming SNMP queries and provides system information to monitoring tools.

The net-snmp-utils package includes command-line utilities for testing and querying SNMP agents. Tools like snmpwalk, snmpget, and snmpset allow you to validate your configuration and troubleshoot issues.

Install both packages with a single command:

sudo dnf install net-snmp net-snmp-utils -y

DNF resolves dependencies automatically and installs required libraries. The installation creates the /etc/snmp/ directory for configuration files and places the snmpd daemon at /usr/sbin/snmpd.

Verify the installation succeeded by checking the snmpd version:

snmpd -v

You should see version information displaying NET-SNMP version details. The utilities package can be verified similarly:

snmpwalk -v

This confirms both packages installed correctly and are ready for configuration.

Step 3: Backup the Original Configuration File

The default snmpd.conf file contains extensive comments and example configurations. Creating a backup preserves this reference material and provides a rollback point if configuration errors occur.

The main configuration file resides at /etc/snmp/snmpd.conf. Create a backup copy:

sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak

For environments with multiple administrators or frequent configuration changes, consider adding timestamps to backups:

sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.$(date +%F)

This creates a backup file with the current date appended, like snmpd.conf.2025-11-01. Maintaining dated backups helps track configuration evolution over time.

If you need to restore the original configuration, simply copy the backup back:

sudo cp /etc/snmp/snmpd.conf.bak /etc/snmp/snmpd.conf

With your backup secured, you can confidently modify the configuration file.

Step 4: Configure SNMP for SNMPv2c (Basic Setup)

SNMPv2c works well for internal networks where traffic encryption isn’t mandatory. This version offers simplicity while maintaining good performance for monitoring tasks.

Open the configuration file in your preferred text editor:

sudo nano /etc/snmp/snmpd.conf

The default file contains numerous commented lines. For a clean configuration, you can clear the file or comment out existing content. Add the following basic configuration:

# System Information
syslocation DataCenter-Building-A-Rack-12
syscontact [email protected]
sysname fedora43-server

# Agent Address
agentAddress udp:161

# Community String Configuration
rocommunity mysecretstring 192.168.1.0/24
# rocommunity: read-only community
# mysecretstring: your custom community name (change this!)
# 192.168.1.0/24: allowed network range

Let’s break down these directives:

syslocation identifies the physical location of your server. Use specific details like building names, floor numbers, and rack positions. This information helps during troubleshooting and inventory management.

syscontact specifies administrator contact information. Include an email address or ticketing system where monitoring alerts should be directed.

sysname sets a descriptive hostname for the SNMP agent. This helps identify the server in monitoring dashboards.

agentAddress defines where the SNMP daemon listens. udp:161 listens on all interfaces at the default SNMP port. To restrict listening to a specific IP address, use udp:192.168.1.100:161.

rocommunity creates a read-only community string. The first parameter is the community string (password), and the second restricts access to a specific network or IP address. Replace “mysecretstring” with a complex, unique string. Never use default values like “public” in production.

For read-write access (use cautiously), add:

rwcommunity writestring 192.168.1.50

This allows SNMP set operations from the specified IP address. Read-write access poses security risks since it permits remote configuration changes.

To restrict which OIDs are accessible, configure views:

view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25
rouser myuser noauth -V systemview

Save the file by pressing Ctrl+O, then exit with Ctrl+X if using nano.

Your SNMPv2c configuration is now complete. The daemon is ready to start and respond to queries using your community string.

Step 5: Configure SNMP for SNMPv3 (Secure Setup)

SNMPv3 provides enterprise-grade security through authentication and encryption. Production servers handling sensitive data should always implement SNMPv3.

Before creating SNMPv3 users, ensure the SNMP daemon is stopped. The user creation utility modifies files that snmpd must read during startup:

sudo systemctl stop snmpd

Create an SNMPv3 user with the net-snmp-create-v3-user utility. This tool simplifies user configuration by automatically generating proper configuration entries:

sudo net-snmp-create-v3-user -ro -A MyAuthPass2025 -a SHA -X MyPrivPass2025 -x AES snmpadmin

Let’s examine each parameter:

-ro creates a read-only user. For monitoring purposes, read-only access provides adequate functionality while minimizing security risks.

-A MyAuthPass2025 sets the authentication password. Use a strong password with at least 8 characters, though 12 or more characters are recommended for production. This password verifies user identity.

-a SHA selects the authentication protocol. SHA offers better security than MD5 and should be your default choice.

-X MyPrivPass2025 sets the privacy (encryption) password. This should differ from the authentication password and follow the same strength requirements.

-x AES chooses the encryption algorithm. AES provides stronger encryption than DES and is the recommended option.

snmpadmin is the username for this SNMPv3 account. Choose descriptive names that indicate the user’s purpose or associated monitoring system.

The utility creates configuration entries in /var/lib/net-snmp/snmpd.conf and /etc/snmp/snmpd.conf. These files store encrypted credentials that snmpd reads during startup.

To create multiple users with different privilege levels:

sudo net-snmp-create-v3-user -ro -A ReadAuthPass -a SHA -X ReadPrivPass -x AES readonly
sudo net-snmp-create-v3-user -A WriteAuthPass -a SHA -X WritePrivPass -x AES readwrite

The second user omits the -ro flag, granting read-write privileges.

For SNMPv3 configuration, you can also manually edit /etc/snmp/snmpd.conf to add additional security settings:

rouser snmpadmin authpriv

This line grants the snmpadmin user read-only access requiring both authentication and privacy.

Your SNMPv3 setup provides encrypted, authenticated access to monitoring data. This security model protects against eavesdropping and unauthorized access.

Step 6: Start and Enable SNMP Service

With configuration complete, start the SNMP daemon and enable it to launch automatically at system boot.

Start the service immediately:

sudo systemctl start snmpd

Enable automatic startup at boot time:

sudo systemctl enable snmpd

You can combine both operations into a single command:

sudo systemctl enable --now snmpd

The --now flag starts the service immediately after enabling it.

Verify the service is running properly:

sudo systemctl status snmpd

Look for “active (running)” in green text, indicating the daemon is operational. The output also displays recent log entries and the process ID (PID).

If the status shows “failed” or “inactive”, check the system logs for error messages:

sudo journalctl -u snmpd -n 50 --no-pager

This displays the last 50 log entries for the snmpd service. Common errors include configuration syntax mistakes or port binding issues.

Confirm snmpd is listening on UDP port 161:

sudo ss -tulpn | grep 161

You should see output showing snmpd listening on *:161 or your specified address. The SNMP daemon is now running and ready to accept queries.

Step 7: Configure Firewall Rules

Firewall configuration is critical for SNMP functionality. Without proper rules, monitoring systems cannot reach your SNMP agent.

SNMP uses UDP port 161 for queries and UDP port 162 for trap notifications. Both ports must be accessible from your monitoring network.

Fedora 43 uses firewalld as the default firewall manager. Add rules to allow SNMP traffic:

sudo firewall-cmd --permanent --add-port=161/udp

This permanently allows incoming traffic on UDP port 161. For SNMP traps:

sudo firewall-cmd --permanent --add-port=162/udp

The --permanent flag saves rules across reboots. Apply the new configuration:

sudo firewall-cmd --reload

Verify the rules were added successfully:

sudo firewall-cmd --list-ports

You should see 161/udp and 162/udp in the output.

For enhanced security, restrict SNMP access to specific source networks using rich rules:

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="161" protocol="udp" accept'

This allows SNMP queries only from the 192.168.1.0/24 network. Replace this with your monitoring system’s network address.

If your system uses iptables instead of firewalld, apply these rules:

sudo iptables -A INPUT -p udp -m udp --dport 161 -j ACCEPT
sudo iptables -A INPUT -p udp -m udp --dport 162 -j ACCEPT

Save iptables rules to persist across reboots:

sudo iptables-save | sudo tee /etc/sysconfig/iptables

Your firewall now permits SNMP traffic while maintaining security for other services.

Step 8: Test SNMP Configuration Locally

Local testing validates your configuration before attempting remote connections. This approach isolates potential issues and confirms the daemon is responding correctly.

For SNMPv2c, use snmpwalk to query the local system:

snmpwalk -v2c -c mysecretstring localhost

Replace “mysecretstring” with your configured community string. The command should return extensive output listing SNMP OIDs and their values:

SNMPv2-MIB::sysDescr.0 = STRING: Linux fedora43-server 6.x.x-xxx.fc43.x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (12345) 0:02:03.45

To query specific system information:

snmpwalk -v2c -c mysecretstring localhost system

This limits output to system-related OIDs, making results easier to read.

For SNMPv3 testing, use the authentication and encryption parameters:

snmpwalk -v3 -a SHA -A MyAuthPass2025 -x AES -X MyPrivPass2025 -l authPriv -u snmpadmin localhost

The -l authPriv parameter specifies the security level requiring both authentication and privacy. Successful execution returns system data similar to SNMPv2c output.

Test retrieving specific values with snmpget:

snmpget -v2c -c mysecretstring localhost SNMPv2-MIB::sysName.0

This returns just the system name value.

Common error messages and solutions:

Timeout errors indicate the daemon isn’t responding. Verify snmpd is running with systemctl status snmpd.

Authentication failures mean incorrect credentials. Double-check your community string or SNMPv3 passwords match your configuration.

“No Such Object” errors suggest the requested OID isn’t accessible. Review your view configuration or try querying a different OID tree.

Successful local testing confirms your SNMP configuration is functional. You’re ready to test from remote systems.

Step 9: Test SNMP from Remote Server

Remote testing validates that firewall rules are correct and the daemon accepts external queries. You’ll need a second machine with SNMP utilities installed.

From your remote system, query the Fedora server using its IP address. For SNMPv2c:

snmpwalk -v2c -c mysecretstring 192.168.1.100 system

Replace 192.168.1.100 with your Fedora server’s IP address. Successful execution displays system information from the remote host.

For SNMPv3 remote queries:

snmpwalk -v3 -a SHA -A MyAuthPass2025 -x AES -X MyPrivPass2025 -l authPriv -u snmpadmin 192.168.1.100

If queries timeout, troubleshoot systematically:

First, verify network connectivity:

ping 192.168.1.100

If ping fails, check network configuration and routing.

Second, confirm the remote machine can reach port 161:

nc -zvu 192.168.1.100 161

Connection success indicates the port is reachable. Connection refused or timeout suggests firewall blocking.

Third, verify your source IP address is allowed in the snmpd.conf community or firewall rules. Check the server’s firewall logs:

sudo journalctl -u firewalld -n 50 | grep DROP

Dropped packets indicate firewall blocking.

Review snmpd access control lists if specific IPs should be restricted. The configuration file’s community definitions control source access:

sudo grep rocommunity /etc/snmp/snmpd.conf

Ensure your remote IP falls within the allowed range.

Once remote queries succeed, your SNMP implementation is fully operational and ready for integration with monitoring platforms.

Security Best Practices for SNMP

SNMP’s monitoring capabilities require careful security implementation to prevent unauthorized access and data exposure.

Never use default community strings. The strings “public” and “private” are universally known and should never appear in production configurations. Create unique, complex community strings combining uppercase, lowercase, numbers, and special characters. Treat community strings like passwords.

Always prefer SNMPv3 over SNMPv2c in production environments. The encryption and authentication in SNMPv3 prevent credential theft and data interception. Even on internal networks, SNMPv3 provides defense against insider threats and compromised hosts.

Implement read-only access whenever possible. Monitoring rarely requires write capabilities. Using rocommunity or read-only SNMPv3 users prevents unauthorized configuration changes. Reserve read-write access for specific administrative scenarios and tightly control those credentials.

Configure Access Control Lists to restrict SNMP queries to known monitoring systems. Specify exact IP addresses or narrow network ranges in community definitions:

rocommunity secretstring 10.20.30.40

This allows queries only from 10.20.30.40, blocking all other sources.

Disable SNMP on unused systems. If a server doesn’t require monitoring, stop the daemon:

sudo systemctl stop snmpd
sudo systemctl disable snmpd

Reducing the attack surface improves overall security posture.

Block SNMP at network boundaries. Configure edge firewalls to drop SNMP traffic from the internet. SNMP should only be accessible from management networks. Use VPNs if monitoring from external locations.

Audit SNMP access regularly. Review snmpd logs for suspicious activity:

sudo journalctl -u snmpd --since "1 week ago" | grep -i fail

Failed authentication attempts may indicate scanning or brute-force attacks.

Keep Net-SNMP updated to receive security patches. Enable automatic security updates:

sudo dnf install dnf-automatic
sudo systemctl enable --now dnf-automatic.timer

Configure dnf-automatic to apply security updates automatically.

Use strong SNMPv3 passwords with minimum 12 characters. Employ password managers to generate and store complex credentials. Avoid reusing passwords across systems.

Never expose SNMP over the internet without VPN protection. SNMP traffic contains detailed system information valuable to attackers. Use site-to-site VPNs or encrypted tunnels for remote monitoring.

Limit exposed OIDs through view configuration. Only permit access to necessary management data:

view restrictedview included .1.3.6.1.2.1.1
view restrictedview included .1.3.6.1.2.1.2

This limits access to system and interface information while blocking other OID trees.

Implementing these security measures creates defense-in-depth for your SNMP infrastructure.

Common SNMP Troubleshooting

Even properly configured SNMP installations occasionally encounter issues. These troubleshooting techniques resolve common problems.

Service fails to start. Configuration syntax errors prevent snmpd from launching. Test the configuration file:

sudo snmpd -Lsd -Lf /dev/null -c /etc/snmp/snmpd.conf

This attempts to load the configuration and reports syntax errors. Review and correct any reported issues.

Check system logs for detailed error messages:

sudo journalctl -u snmpd -n 100 --no-pager

Look for lines indicating the failure cause.

Verify port 161 isn’t already in use:

sudo ss -tulpn | grep 161

If another process occupies the port, identify and stop it or configure snmpd to use an alternate port.

Timeout errors during queries. This symptom has multiple potential causes. First, confirm snmpd is running:

sudo systemctl status snmpd

If stopped, start the service and investigate why it stopped.

Second, verify the daemon is listening on the expected interface:

sudo netstat -ulnp | grep snmpd

You should see 0.0.0.0:161 for all interfaces or your specific IP address.

Third, check firewall rules allow traffic:

sudo firewall-cmd --list-all

Ensure port 161/udp appears in the allowed ports or services.

SNMPv3 authentication failures. Credentials must match exactly between client and server. Verify the username exists:

sudo cat /var/lib/net-snmp/snmpd.conf | grep createUser

This displays configured SNMPv3 users with their authentication settings (passwords are encrypted).

Ensure the snmpd service restarted after creating users:

sudo systemctl restart snmpd

User changes don’t take effect until restart.

“No Such Object” responses. The requested OID isn’t accessible or doesn’t exist. Check view restrictions in snmpd.conf:

sudo grep -E "view|rouser|rocommunity" /etc/snmp/snmpd.conf

Views limit which OID trees users can access. Expand the view or query a different OID.

Verify you’re querying valid OIDs by testing with the full system tree:

snmpwalk -v2c -c mysecretstring localhost .1.3.6.1

Permission denied errors. Incorrect community strings trigger this error in SNMPv2c. Verify the community string matches your configuration:

sudo grep rocommunity /etc/snmp/snmpd.conf

Check that your source IP falls within the allowed range specified after the community string.

For SNMPv3, verify all authentication parameters (-a, -A, -x, -X, -l, -u) match the user configuration.

Empty or incomplete responses. Version mismatches cause truncated output. Explicitly specify the protocol version:

snmpwalk -v2c -c mysecretstring localhost

Ensure the query version matches what the server supports. SNMPv1 queries against SNMPv3-only configurations will fail.

High CPU usage by snmpd. Excessive polling or inefficient MIB walks can strain the daemon. Check which hosts are querying:

sudo tcpdump -i any port 161 -n

This captures SNMP traffic showing source IPs and query frequency.

Limit polling intervals in your monitoring system or restrict access to problematic sources.

These troubleshooting approaches resolve most SNMP configuration and connectivity issues. Systematic investigation identifies root causes quickly.

Monitoring Your Fedora Server with SNMP

With SNMP operational, integrate your Fedora server with monitoring platforms to visualize metrics and receive alerts.

Nagios is a popular open-source monitoring solution. Add your Fedora host by creating a configuration file in /etc/nagios/objects/:

define host{
    use             linux-server
    host_name       fedora43-server
    alias           Fedora 43 Production Server
    address         192.168.1.100
}

Configure SNMP checks using check_snmp commands in service definitions. Monitor CPU with:

define service{
    use                 generic-service
    host_name           fedora43-server
    service_description CPU Load
    check_command       check_snmp!-C mysecretstring -o .1.3.6.1.4.1.2021.10.1.3.1 -w 80 -c 90
}

Zabbix offers automated SNMP discovery. Add your Fedora host through Configuration → Hosts → Create host. Configure SNMP interfaces with your community string or SNMPv3 credentials. Assign the “Template Net Linux SNMP” for automatic metric collection.

LibreNMS provides auto-discovery and extensive graphing. Add devices through the web interface by specifying the hostname and SNMP credentials. LibreNMS automatically detects Linux systems and polls relevant metrics.

Cacti excels at generating performance graphs. Add your Fedora host under Management → Devices. Select SNMP version and provide credentials. Associate data query templates for Linux system monitoring.

Key metrics to monitor include:

CPU utilization: OID .1.3.6.1.4.1.2021.11.9.0 (overall CPU idle percentage)
Memory usage: OID .1.3.6.1.4.1.2021.4.11.0 (available memory in KB)
Disk space: OID .1.3.6.1.4.1.2021.9.1.9.X (percentage used per partition)
Network throughput: OID .1.3.6.1.2.1.2.2.1.10.X (bytes in per interface)
System uptime: OID .1.3.6.1.2.1.1.3.0 (time since last boot)

Set appropriate thresholds for alerting. CPU usage above 90% sustained, memory free below 10%, or disk usage above 85% warrant immediate notification.

Configure SNMP traps for event-driven monitoring. Edit /etc/snmp/snmpd.conf to send traps:

trapsink 192.168.1.50 mysecretstring
trap2sink 192.168.1.50 mysecretstring

This sends traps to the monitoring server at 192.168.1.50 when conditions warrant.

Integration with monitoring platforms transforms raw SNMP data into actionable insights for maintaining system health.

Congratulations! You have successfully installed SNMP. Thanks for using this tutorial to install the latest version of the SNMP (Simple Network Management Protocol) on Fedora 43 Linux. For additional help or useful information, we recommend you check the official Fedora website.

VPS Manage Service Offer

If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!