# SNMPD install script

OSID=$(awk -F= '/^ID=/{print $2}' /etc/os-release | sed 's/"//g')


### SNMPWALK HELP ####
# Usefull for testing
#snmpwalk -v2c -c rouser987 ip_hostname
#snmpwalk -v3  -l authPriv -u rouser987 -a SHA -A "pass1"  -x AES -X "pass2" ip_hostname

if [[ OSID == "centos" ]]; then
  # IF USING CENTOS
  yum install -y net-snmp
  systemctl start snmpd
elif [[ OSID == "debian" ]]; then
  # IF USING DEBIAN
  apt install -y snmpd
fi

# Stop snmpd so we can do our config
systemctl stop snmpd

# enable it so it will work on startup
systemctl enable snmpd

# Make config changes
cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
echo "" > /etc/snmp/snmpd.conf
curl -o /etc/snmp/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /etc/snmp/distro
nano /etc/snmp/snmpd.conf


cat <<EOF > /etc/snmp/snmpd.conf
# IF SERVER REMOTE #
agentaddress udp:16161

rouser rouser987

syslocation VMENV | LOCATION
syscontact EMAIL
#sysname CHANGENAMEHERE

#Distro Detection
extend .1.3.6.1.4.1.2021.7890.1 distro /etc/snmp/distro
#Hardware Detection (uncomment to enable)
extend .1.3.6.1.4.1.2021.7890.2 hardware '/bin/cat /sys/devices/virtual/dmi/id/product_name'
extend .1.3.6.1.4.1.2021.7890.3 manufacturer '/bin/cat /sys/devices/virtual/dmi/id/sys_vendor'
#extend .1.3.6.1.4.1.2021.7890.4 serial '/bin/cat /sys/devices/virtual/dmi/id/product_serial'
# END REMOTE
EOF

cat <<EOF > /etc/snmp/snmpd.conf
# IF SERVER LOCAL #
agentaddress udp:161

rouser rouser987

syslocation VMENV | LOCATION
syscontact EMAIL
#sysname CHANGENAMEHERE

#Distro Detection
extend .1.3.6.1.4.1.2021.7890.1 distro /etc/snmp/distro
#Hardware Detection (uncomment to enable)
extend .1.3.6.1.4.1.2021.7890.2 hardware '/bin/cat /sys/devices/virtual/dmi/id/product_name'
extend .1.3.6.1.4.1.2021.7890.3 manufacturer '/bin/cat /sys/devices/virtual/dmi/id/sys_vendor'
#extend .1.3.6.1.4.1.2021.7890.4 serial '/bin/cat /sys/devices/virtual/dmi/id/product_serial'
# END LOCAL
OEF

if [[ "${OSID}" == "centos" ]]; then
  # IF USING CENTOS This creates a random password1 and password 2. I like to log the output somewhere that way I have the info if I need it later #
  echo "createUser rouser987 SHA \""$(tr -cd '[:alnum:]' < /dev/urandom | fold -w50 | head -n1)"\" AES \""$(tr -cd '[:alnum:]' < /dev/urandom | fold -w50 | head -n1)"\"" | tee -a /var/lib/net-snmp/snmpd.conf
elif [[ "${OSID}" == "debian" ]]; then
  # IF USING DEBIAN This creates a random password1 and password 2. I like to log the output somewhere that way I have the info if I need it later #
  echo "createUser rouser987 SHA \""$(tr -cd '[:alnum:]' < /dev/urandom | fold -w50 | head -n1)"\" AES \""$(tr -cd '[:alnum:]' < /dev/urandom | fold -w50 | head -n1)"\"" | tee -a /var/lib/snmp/snmpd.conf
if

systemctl start snmpd

#### IF THERE'S FIREWALL-CMD ####
# IF IT'S A LOCAL SERVER #
nano /etc/firewalld/services/snmp.xml

# Paste the below in the file
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SNMP</short>
  <description>SNMP protocol</description>
  <port protocol="udp" port="161"/>
</service>


firewall-cmd --reload

firewall-cmd --zone=public --add-service snmp --permanent

# IF IT'S A REMOTE SERVER #
firewall-cmd --permanent --zone=public --add-rich-rule='
  rule family="ipv4"
  source address="LOCALIP"
  port protocol="udp" port="16161" accept'

# ON LOCAL AND REMOTE #
firewall-cmd --reload

#### IF THERE'S IPTABLES ####
# IF IT'S LOCAL
iptables -A INPUT -p udp --dport 161 -j ACCEPT
# Then save the rules however you would do it

# IF IT'S REMOTE
iptables -A INPUT -p udp -s LOCALIP --dport 16161 -j ACCEPT
# Then save the rules however you would do it