SNMP – The Missing MIB
Many users of SNMP Network Management Tools / Penetration Test Tools, may find that recent versions of software including the popular SNMPwalk appear to be missing MIBs, or that previously available information is now mysterious missing. This is more prominent on Debian or Ubuntu based systems (any system that compiles from source like Gentoo , appear unaffected). This is additionally important for Penetration Tester Professionals that have an exam or governing body that ensures they know how to use SNMP, to extract information that may aid in compromise of an affected server with default community strings. Strange! Well apparently there is a good reason…
Debian GNU/Linux is probably the only Linux distriution that has the largest software repository. However the default installation for Debian only includes the ‘main’ (or free) repository which is directly maintained by the Debian community and fulfills the Debian Free Software Guidelines (DFSG).
The two other repositories ‘contrib’ and ‘non-free’ are not enabled by default as it contains software that either does not meet DFSG requirements or depends on library or packages which does not meet DFSG requiments. SNMP-MIBS now fall under non-free category!
How to enable contrib and non-free repositories in Debian
As ‘root’ you need to edit /etc/apt/sources.lst
Then add ‘contrib’ and ‘non free’ at the end of each line that begins with “deb” and “deb-src” just like the example:
deb http://http.us.debian.org/debian squeeze main contrib non-free
deb http://security.debian.org squeeze/updates main contrib non-free
Updating SNMP and Downloading All MIBS
To get back you missing MIBs perform an apt-get update and follow the instructions below:
% apt-get install snmp % apt-get install snmp-mibs-downloader
To configure net-snmp command-line to use the MIBS, edit /etc/snmp/snmp.conf and comment out the following line:
To update the MIBS to latest versions run the following command as root:
If you have a SNMP server running on localhost, with Community string ‘public’, you can test if MIBs are working properly like this:
% snmpwalk -v1 -c public 192.168.1.234 . SNMPv2-MIB::sysDescr.0 = STRING: Linux vulnbox 2.6.32 #2 SMP Fri Oct 13 10:03:39 BST 2013 i686 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (141766) 0:23:37.66 SNMPv2-MIB::sysContact.0 = STRING: Me <email@example.com> ...