Forced bind to 127.0.0.1 is "hardcoded' into /etc/default/snmpd instead of option in /etc/snmp/snmpd.conf
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
net-snmp (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: snmpd
I have been struggling to get remote snmp reads from several of my machines.
/etc/snmp/
After lots of debugging, trying etc. I found out that snmpd binds itself to 127.0.0.1 . Accorder to EVERY faq and manual that I read, the default behaviour of snmpd is to listen on every interface.
However, specifying in /etc/snmp/
It appears that the 127.0.0.1 is "hardcoded" into /etc/default/snmpd. This script/settings file is used by the /etc/init.d/snmpd init script.
The following line is responsible for the 127.0.0.1 bind.
"SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I
-smux -p /var/run/snmpd.pid 127.0.0.1'"
After removing the 127.0.0.1 I could finally query the remote machine.
Dave Shield, one of the developers of net-snmp, confirmed that this way of starting snmpd indeed binds it to 127.0.0.1
He also confirmed that this is something that probably the Ubuntu Devs changed:
"It's an defensible configuration, but it's not one that many distributions use. It's certainly not something that we ship ourselves. "
If it is really necessary to restrict remote snmp acces, I strongly suggest to do this by changing the default configuration of snmpd in /etc/snmp/
"agentaddress 127.0.0.1"
This results in the same behaviour as adding the 127.0.0.1 to /etc/default/snmpd
This way, users will see that the default option is to bind to 127.0.0.1 and can change this easily.
It is very illogical and not user-friendly to expect the user to find out that there is a /etc/defaults/snmpd file that is causing the problem.
Since this is a very easy and also elegant way to solve the problem, I really hope this change can be made. It would solve a lot of frustrations for people trying to get snmpd to work.
Summary of proposed changes:
=> /etc/default/snmpd
change "SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I
-smux -p /var/run/snmpd.pid 127.0.0.1'"
to "SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I
-smux -p /var/run/
=> /etc/snmp/
add "agentaddress 127.0.0.1"
Changed in net-snmp: | |
status: | New → Confirmed |
+1 for this. I just wasted 30 minutes playing with the snmpd.conf file trying (unsuccessfuly) to enable remote connections. Having to modify /etc/default/snmpd is not intuitive and will not be found by the average user. Besides, why would you want to run snmpd without allowing remote connections?