SNMP Trap receive on Linux

Find and share HowTos to various installations / configurations!
Search

Post Reply
2 posts • Page 1 of 1
User avatar
Amaranth
Posts: 4
Joined: Thu Apr 23, 2020 10:20 am

SNMP Trap receive on Linux

Post by Amaranth »

Hello there!
There is a topic for this problem, but there are no details.
In my engineering research, I was faced with the need to use the SNMP trap receiver in my Linux system SLES15. Default SNMP trap receiver is located on port 162.
If we start SNMP Manager (WCCOAsnmp) on Windows we have no problem with that. But it's not that simple if we use Linux. :twisted:
The port numbers below 1024 are privileged, so normal users are not allowed to bind on them. In the startup log, we see that the SNMP manager was unable to set port 162 to listen.
There are several ways to solve this issue.
The easiest and only working (for me at least) is using iptables command

Code: Select all

sudo iptables -A PREROUTING -t nat -p udp --dport 162 -j REDIRECT --to-port 10162
This rule redirects packets coming on port 162 to the port 10162 which not privileged and can be used by everyone.

The iptables rule is not permanent and will disappear once iptables(server) is restarted.. To save it use:

Code: Select all

sudo iptables-save
We also must add some settings in our project's config file :

Code: Select all

[SNMPDrv]
trapReceptionPort=10162

Another way is using setcap

Code: Select all

sudo setcap 'cap_net_bind_service=+ep' /opt/WinCC_OA/3.17/bin/WCCOAsnmp
It won't work because Linux will disable LD_LIBRARY_PATH on any program that has elevated privileges. Nevertheless it may be useful if you make your own manager through WCCOA API. Just dont use dynamic libriares during compilation.

And other way is to start manager under superuser. I have not tried this method, but I suppose that when we configure wccoa as a service (in this case, a daemon), all managers would have started from the superuser. Soon I will have to do this activity. I'll let you know when I get the results.

User avatar
kilianvp
Posts: 337
Joined: Fri Jan 16, 2015 10:29 am

Re: SNMP Trap receive on Linux

Post by kilianvp »

It is not a good idea to run programmes as root.
Parts of the gedi and the application do not work as root user, because you cannot start the webview as root, for example. And an experienced attacker could take over your entire server.

Post Reply
2 posts • Page 1 of 1