GWME-7.2.1-14 Net-SNMP 5.8 with AES Support

Contents
Description

This update is for all GroundWork customers running GroundWork Monitor 7.2.1 who want to use AES encryption with Net-SNMP commands.

What is in this update?

This Technical Bulletin provides a complete set of replacement files for the Net-SNMP 5.7.3 distribution that was included in the original GWME-7.2.1 release. The new distribution is updated to the Net-SNMP 5.8 release, and it has been compiled with support for AES encryption.

Net-SNMP files addressed

The complete Net-SNMP distribution is included in this patch. That includes commend-line programs such as these:

/usr/local/groundwork/common/bin/snmpget
/usr/local/groundwork/common/bin/snmpnetstat
/usr/local/groundwork/common/bin/snmpstatus
/usr/local/groundwork/common/bin/snmptranslate
/usr/local/groundwork/common/bin/snmptrap
/usr/local/groundwork/common/bin/snmpwalk

along with all of their associated supporting files (other utilities, libraries, MIBS, documentation, etc.). Also included are the following Perl modules:

NetSNMP::ASN
NetSNMP::OID
NetSNMP::TrapReceiver
NetSNMP::agent
NetSNMP::agent::default_store
NetSNMP::default_store
SNMP
Prerequisites
  • You need to be running GroundWork Monitor Enterprise 7.2.1 (possibly patched to version 7.2.2). Rollup patches do not include this fix.
  • This technical bulletin does not depend upon prior technical bulletins.
  • There is no need to schedule a downtime to apply this technical bulletin, because installing or uninstalling it does not involve restarting parts of GroundWork Monitor. That said, plugins and other scripting that happen to be referencing the updated files at the time of install or uninstall may be disrupted.
Installation Steps
Name Size Creator Creation Date Comment  
File TB7.2.1-14-net-snmp-5.8-with-aes.tg... 2.11 MB Glenn Herteg Dec 22, 2021 13:31 MD5: 01767483ba2af9d977d0709e085c1c7e  
  1. As the root user, copy the attached tarball to an empty directory on the GW server already in place.
  2. Unpack the tarball using the command:
    tar xf TB7.2.1-14-net-snmp-5.8-with-aes.tgz
    
  3. Change into the directory created by untarring:
    cd TB7.2.1-14-net-snmp-5.8-with-aes
    
  4. Run the installer script:
    ./TB7.2.1-14_install.sh
    

    The install script will test that you are on a GroundWork system running version 7.2.1, that you have not already installed this patch, and that you want to go ahead.

  5. Respond to the install-confirmation prompt when it appears.
  6. The old files being replaced will be backed up, and a complete set of new files will be copied into place. Monitoring in general can continue while this patch is installed, subject to the understanding that the current run of code which is referencing the replaced files may fail.
Usage

Once this is installed, you may use AES encryption with the usual Net-SNMP commands, wherever that applies.

Here is an example Net-SNMP command that invokes AES encryption:

/usr/local/groundwork/common/bin/snmpgetnext -v 3 -l authPriv -u user42 -a SHA-256 \
    -A 'MY_PASSWORD' -x AES-192 -X 'MY_PASSWORD' -m "" -One 192.168.32.74 .1.3

and here is an example of AES encryption being invoked indirectly, through a Nagios plugin:

/usr/local/groundwork/nagios/libexec/check_snmp -H 192.168.32.74 -o 1.3.6.1.2.1.1.3.0 \
    -L authPriv -U user42 -P 3 -a SHA-256 -A 'MY_PASSWORD' -x AES-192 -X 'MY_PASSWORD'
Uninstalling

Reversal of this patch will remove the revised Net-SNMP files on the GW server and put back the old Net-SNMP distribution that was backed up when the patch was installed.

  1. As the root user, navigate to the patch-unpack directory you created when installing the patch. (If that directory no longer exists, first unpack the patch again.)
    cd TB7.2.1-14-net-snmp-5.8-with-aes
    
  2. Run the uninstall command:
    ./TB7.2.1-14_uninstall.sh
    

Labels

tb tb Delete
7-2-1 7-2-1 Delete
bulletins bulletins Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.