2017-08-23 00:41 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0006125CentOS-6net-snmppublic2013-03-22 13:38
Reporterstravassac 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionno change required 
PlatformX86_64OSCentoSOS Version6.3 (Final)
Product Version6.3 
Target VersionFixed in Version 
Summary0006125: No response from snmpd when snmpd is start as daemon
DescriptionFirst point I use a snmpd.conf which work on CentOS 6.2 (i386)

The daemon snmpd start whith "/etc/init.d/snmpd start" don't send me any response with snmpwalk, but I see in /var/log/message:
snmpd[10283]: Connection from UDP: [127.0.0.1]:46237->[127.0.0.1]

When I start snmpd with the command line:
"snmpd -LS1-6d -D -Lf /dev/null -c /etc/snmp/snmpd.conf -p /var/run/snmpd.pid"
snmpwalk work fine

Steps To Reproduce-With a working snmpd.conf restart the daemon:
/etc/init.d/snmpd restart
-Test udp port
nc -zu 127.0.0.1 161
Connection to 127.0.0.1 161 port [udp/snmp] succeeded!
-Test snmpwalk
snmpwalk -Os -c test -v 1 localhost system
Timeout: No Response from localhost
-Show /var/log/message:
 Warning: no access control information configured.#012 It's unlikely this agent can serve any useful purpose in this state.#012 Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file for this agent.
And multiple lines:
Connection from UDP: [127.0.0.1]:45006->[127.0.0.1]

Next stop snmpd daemon, after start it with :
snmpd -LS1-6d -D -Lf /dev/null -c /etc/snmp/snmpd.conf -p /var/run/snmpd.pid

Now for me snmpwalk work:
snmpwalk -Os -c test -v 1 localhost system
sysDescr.0 = STRING: Linux frfcqws376ix3r8 2.6.32-279.14.1.el6.x86_64 #1 SMP Tue Nov 6 23:43:09 UTC 2012 x86_64
sysObjectID.0 = OID: netSnmpAgentOIDs.10
sysUpTimeInstance = Timeticks: (619) 0:00:06.19
sysContact.0 = STRING: root@localhost......................


Additional Informationsnmpd.conf:
# sec.name source community
com2sec public default test
#com2sec mynet 10.10.10.0/24 private
#com2sec6 mynet fec0::/64 private

# sec.model sec.name
group worldGroup v1 public
group worldGroup v2c public
#group myGroup v1 mynet
#group myGroup v2c mynet

# incl/excl subtree [mask]
view all included .1
view sysView included system

# context model level prefix read write notify (unused)
access worldGroup "" any noauth exact all none none
#access myGroup "" any noauth exact all all none
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0016140

stravassac (reporter)

For information it's not a direct CentOs 6.3 installation but a CentOS 6.2 installation follow with yum update

~0016141

herrold (reporter)

in the initial restart, it would be more customary, but is not required, to start a service:
   /sbin/service snmpd restart

The fact that it is a upgrade should not matter, except that a reboot may be needed to make sure any new glibc is applied to all services, such as daemons, here

Could you try a reboot, and retry of the initial snmpwalk? you may need to also type:
   /sbin/chkconfig snmpd on
to have it among the automatically started services

Thanks, Russ

~0016142

stravassac (reporter)

Hi,
I'have already reboot the server, I setup snmpd after the update and the reboot.
Just for test I just reboot it and it the the same problem. The process snmpd is running, it accept udp connection with "nc -zu 127.0.0.1 161", but it don't answer to snmpwalk's request with correct community's string.

If I run "/usr/sbin/snmpd -LS0-6d -D -Lf /dev/null -p /var/run/snmpd.pid 0.0.0.0" directly in terminal it's work fine.

The only difference I can see in /var/log/message is the line below if I start it with service snmpd start
snmpd[1599]: Warning: no access control information configured.#012 It's unlikely this agent can serve any useful purpose in this state.#012 Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file for this agent.

These line doesn't appear in log if snmpd directly run in terminal.

For the both cases I can see in message logs:
snmpd[1601]: Connection from UDP: [127.0.0.1]:35636->[127.0.0.1]

Thanks
Stéphane

~0016154

ard1947 (reporter)

Just a thought, I have seen a similar issue with the snmptrapd. When the snmpd is started form the LSB unut scheme, it will call/source /etc/sysconfig/snmpd.options. If the options in there have not been comented ouit, then they might conflict with the call at
" daemon /usr/sbin/snmpd $OPTIONS" but of coursw when you use your manual command fomr the shell, it will NOT source /etc/sysconfig/snmpd.options.
HTH, ARD1947

~0016155

stravassac (reporter)

Thanks
But I have no /etc/sysconfig/snmpd.options file.

I have a /etc/sysconfig/snmpd file:
# snmpd command line options
OPTIONS="-LS0-6d -D -Lf /dev/null -p /var/run/snmpd.pid 0.0.0.0"

When I run snmpd in command line, I add the option's line to the command and it work.
[root@frfcqws376ix3r8 sysconfig]# ps -ef|grep snmpd
root 1646 1 0 Dec13 ? 00:07:01 /usr/sbin/snmpd -LS0-6d -D -Lf /dev/null -p /var/run/snmpd.pid 0.0.0.0

regards

~0016156

ard1947 (reporter)

Thanks for quick response. Does your file /etc/init.d/snmpd have something like this at the beginning:
"
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"
if [ -e /etc/sysconfig/snmpd ]; then
  . /etc/sysconfig/snmpd
fi
"

followed by:
start() {
        echo -n $"Starting $prog: "
        if [ $UID -ne 0 ]; then
                RETVAL=1
                failure
        else
                daemon /usr/sbin/snmpd $OPTIONS
                RETVAL=$?
                [ $RETVAL -eq 0 ] && touch /var/lock/subsys/snmpd
        fi;
        echo
        return $RETVAL
}

or does "if" test check for the file /etc/sysconfig/snmpd.options (that you don't have in your case)? If your file /etc/sysconfig/snmpd does have some options there, try changin to to a comment line, and see if the LSB init of snmpd will start it OK (just using the $OPTIONS variable). You might want to add a -a after the run pud file declaration (to log source adr if you want them). Regards,

~0016157

stravassac (reporter)

In /etc/init.d/snmpd I have:
OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid"
if [ -e /etc/sysconfig/snmpd ]; then
  . /etc/sysconfig/snmpd
fi

I have comment the option line in /etc/sysconfig/snmpd and start the snmpd init script but I have the same problem.

Regards

~0016158

ard1947 (reporter)

Interesting. Do you have anything in /usr/share/snmp/mibs?
Also, it might be worth changing from
 OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid"
to
 OPTIONS="-LS0-6d -Lf /var/log/snmpd.log -p /var/run/snmpd.pid -a"

and see if you get any more info in the snmpd.log, about the actual issue.
I usually use "cp -p snmp snmp.<DATE> " so I have a "working" file to go back to, but I guess these are only minor edits anyway. HTH, ARD.

~0016159

stravassac (reporter)

Yes I have a lot of files:
[root@frfcqws376ix3r8 sysconfig]# ls /usr/share/snmp/mibs
AGENTX-MIB.txt IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt IPV6-ICMP-MIB.txt NET-SNMP-EXTEND-MIB.txt RFC-1215.txt SNMP-TARGET-MIB.txt SNMP-VIEW-BASED-ACM-MIB.txt
BRIDGE-MIB.txt IANAifType-MIB.txt IPV6-MIB.txt NET-SNMP-MIB.txt RMON-MIB.txt SNMP-USER-BASED-SM-MIB.txt TCP-MIB.txt
DISMAN-EVENT-MIB.txt IANA-LANGUAGE-MIB.txt IPV6-TCP-MIB.txt NET-SNMP-PASS-MIB.txt SCTP-MIB.txt SNMP-USM-AES-MIB.txt TRANSPORT-ADDRESS-MIB.txt
DISMAN-SCHEDULE-MIB.txt IANA-RTPROTO-MIB.txt IPV6-TC.txt NET-SNMP-TC.txt SMUX-MIB.txt SNMP-USM-DH-OBJECTS-MIB.txt UCD-DEMO-MIB.txt
DISMAN-SCRIPT-MIB.txt IF-INVERTED-STACK-MIB.txt IPV6-UDP-MIB.txt NET-SNMP-VACM-MIB.txt SNMP-COMMUNITY-MIB.txt SNMPv2-CONF.txt UCD-DISKIO-MIB.txt
EtherLike-MIB.txt IF-MIB.txt LM-SENSORS-MIB.txt NETWORK-SERVICES-MIB.txt SNMP-FRAMEWORK-MIB.txt SNMPv2-MIB.txt UCD-DLMOD-MIB.txt
HCNUM-TC.txt INET-ADDRESS-MIB.txt MTA-MIB.txt NOTIFICATION-LOG-MIB.txt SNMP-MPD-MIB.txt SNMPv2-SMI.txt UCD-IPFWACC-MIB.txt
HOST-RESOURCES-MIB.txt IP-FORWARD-MIB.txt NET-SNMP-AGENT-MIB.txt RFC1155-SMI.txt SNMP-NOTIFICATION-MIB.txt SNMPv2-TC.txt UCD-SNMP-MIB.txt
HOST-RESOURCES-TYPES.txt IP-MIB.txt NET-SNMP-EXAMPLES-MIB.txt RFC1213-MIB.txt SNMP-PROXY-MIB.txt SNMPv2-TM.txt UDP-MIB.txt

In /etc/sysconfig/snmp I put your OPTION line and restart snmpd:
[root@frfcqws376ix3r8 sysconfig]# service snmpd restart
Arrêt de snmpd : [ OK ]
Démarrage de snmpd : [ OK ]
[root@frfcqws376ix3r8 sysconfig]# ps -ef|grep snmpd
root 7287 1 0 14:37 ? 00:00:00 /usr/sbin/snmpd -LS0-6d -Lf /var/log/snmpd.log -p /var/run/snmpd.pid -a
root 7290 7118 0 14:37 pts/0 00:00:00 grep snmpd
[root@frfcqws376ix3r8 sysconfig]# snmpwalk -Os -c XXXXXXXXXX -v 1 127.0.0.1 system
Timeout: No Response from 127.0.0.1


At same time in /var/log/message:
Dec 19 14:37:48 frfcqws376ix3r8 snmpd[7266]: Received TERM or STOP signal... shutting down...
Dec 19 14:37:48 frfcqws376ix3r8 snmpd[7285]: Warning: no access control information configured.#012 It's unlikely this agent can serve any useful purpose in this state.#012 Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file for this agent.
Dec 19 14:37:48 frfcqws376ix3r8 snmpd[7287]: NET-SNMP version 5.5
Dec 19 14:37:58 frfcqws376ix3r8 snmpd[7287]: Connection from UDP: [127.0.0.1]:38088->[127.0.0.1]
Dec 19 14:37:58 frfcqws376ix3r8 snmpd[7287]: Received SNMP packet(s) from UDP: [127.0.0.1]:38088->[127.0.0.1]
Dec 19 14:37:59 frfcqws376ix3r8 snmpd[7287]: Connection from UDP: [127.0.0.1]:38088->[127.0.0.1]
Dec 19 14:38:00 frfcqws376ix3r8 snmpd[7287]: Connection from UDP: [127.0.0.1]:38088->[127.0.0.1]
Dec 19 14:38:01 frfcqws376ix3r8 snmpd[7287]: Connection from UDP: [127.0.0.1]:38088->[127.0.0.1]


And /var/log/snmpd:
Received TERM or STOP signal... shutting down...

Regards

~0016162

herrold (reporter)

I am seeing that line:

Dec 19 14:37:48 frfcqws376ix3r8 snmpd[7285]: Warning: no access control information configured.#012 It's unlikely this agent can serve any useful purpose in this state.#012 Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file for this agent.

which error message I do NOT see with my configuration.

The SNMP FAQ seems to address the matter:

    http://net-snmp.sourceforge.net/wiki/index.php/FAQ:Agent_23

the scope of the ACL entries may be in play here? Not really sure how to test that, but I sort of recall there is a tool to 'test' an snmpd.conf file collection


I am also wondering if file attribute context is in play; I show the following on a CentOS 6 install

errold@centos-6 sysconfig]$ ls -alZ snmpd snmptrapd
-rw-r--r--. root root system_u:object_r:etc_t:s0 snmpd
-rw-r--r--. root root system_u:object_r:etc_t:s0 snmptrapd
[herrold@centos-6 sysconfig]$ pwd
/etc/sysconfig

What is the selinux contexts ... have you considered doing a global relabel? This may be done:

touch /.autorelabel
shutdown -r now

Additionally temporarily changing to a 'Permissive', by doing this edit, and making sure both the auditd and the restorecond are funning may drop mesages into the audit log at: /var/log/audit/

[herrold@centos-6 ~]$ cd /etc/selinux/
[herrold@centos-6 selinux]$ grep erssive *
config:# enforcing - SELinux security policy is enforced.
config:# permissive - SELinux prints warnings instead of enforcing.
config:# SELINUX=enforcing

Change that entry to: permissive and rebooting is the quickest way to get that state on a box. Remember to re-enable 'enforcing' once done

-- Russ herrold

~0016165

stravassac (reporter)

Hi,
Thanks, it work now I have turn off SElinux (echo 0 > /selinux/enforce).
Now when I start it with "service snmpd restart" the log are ok:
Dec 20 10:13:11 frfcqws376ix3r8 snmpd[8148]: Received TERM or STOP signal... shutting down...
Dec 20 10:13:11 frfcqws376ix3r8 snmpd[8176]: NET-SNMP version 5.5
Dec 20 10:15:38 frfcqws376ix3r8 snmpd[8176]: Connection from UDP: [127.0.0.1]:58620->[127.0.0.1]
Dec 20 10:15:38 frfcqws376ix3r8 snmpd[8176]: Received SNMP packet(s) from UDP: [127.0.0.1]:58620->[127.0.0.1]
Dec 20 10:15:38 frfcqws376ix3r8 snmpd[8176]: Connection from UDP: [127.0.0.1]:58620->[127.0.0.1]

There is no trace of:
Dec 19 14:37:48 frfcqws376ix3r8 snmpd[7285]: Warning: no access control information configured.#012 It's unlikely this agent can serve any useful purpose in this state.#012 Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file for this agent.

And snmpwalk work from localhost and others hosts.


I can't relabel selinux contexts because I can't restart it easily for production reason.I leave SELinux disconnect untill the next reboot.

For information I have the same file attribute:
[root@frfcqws376ix3r8 sysconfig]# ls -alZ snmpd snmptrapd
-rw-r--r--. root root system_u:object_r:etc_t:s0 snmpd
-rw-r--r--. root root system_u:object_r:etc_t:s0 snmptrapd


Thank you.
Stéphane

~0016769

trimi (reporter)

Hi,
I don´t know if you have solved it.


And I don´t know if it is obvious for you, but I managed to fix it by changing /etc/hosts.allow, adding

snmpd: 127.0.0.1
snmpd: x.x.x.x

regards

~0016798

stravassac (reporter)

Hi,
I have fix it by disable Selinux.

If I encounter the same problem, I'll try your solution

Thanks

~0016799

tigalch (manager)

closing as per reporters feedback
+Notes

-Issue History
Date Modified Username Field Change
2012-12-13 09:48 stravassac New Issue
2012-12-13 10:27 stravassac Note Added: 0016140
2012-12-13 14:37 herrold Note Added: 0016141
2012-12-13 15:40 stravassac Note Added: 0016142
2012-12-19 10:25 ard1947 Note Added: 0016154
2012-12-19 10:47 stravassac Note Added: 0016155
2012-12-19 11:01 ard1947 Note Added: 0016156
2012-12-19 12:41 stravassac Note Added: 0016157
2012-12-19 13:26 ard1947 Note Added: 0016158
2012-12-19 13:45 stravassac Note Added: 0016159
2012-12-19 17:00 herrold Note Added: 0016162
2012-12-20 09:23 stravassac Note Added: 0016165
2013-03-19 10:15 trimi Note Added: 0016769
2013-03-22 13:26 stravassac Note Added: 0016798
2013-03-22 13:38 tigalch Note Added: 0016799
2013-03-22 13:38 tigalch Status new => resolved
2013-03-22 13:38 tigalch Resolution open => no change required
+Issue History