freebsd-dev/contrib/bsnmp/snmpd/snmpd.config

#
# Copyright (c) 2001-2003
#	Fraunhofer Institute for Open Communication Systems (FhG Fokus).
#	All rights reserved.
#
# Author: Harti Brandt <harti@freebsd.org>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $Begemot: bsnmp/snmpd/snmpd.config,v 1.16 2006/02/14 09:04:20 brandt_h Exp $
#
# Example configuration file for testing.
#

#
# Set some common variables
#
host := foo.bar.com
location := "Room 200"
contact := "sysmeister@bar.com"
system := 1	# FreeBSD
traphost := localhost
trapport := 162

read := "public"
write := "geheim"	# take care - this allows writing
trap := "mytrap"

securityModelSNMPv1     := 1
securityModelSNMPv2c    := 2

noAuthNoPriv := 1

#
# Configuration
#
%snmpd
begemotSnmpdDebugDumpPdus	= 2
begemotSnmpdDebugSyslogPri	= 7
begemotSnmpdDebugSnmpTrace	= 0

#
# Set community strings.
#
# Each community string has a permission attached to it - 1 for read only
# and 2 for read/write. Default is 1. Community strings must be unique.
#
# Be sure to understand the security implications of SNMPv2 - the community
# strings are readable on the wire!
#
begemotSnmpdCommunityString.0.1	= $(read)
begemotSnmpdCommunityPermission.0.1 = 1
#begemotSnmpdCommunityString.0.2 = $(write)
#begemotSnmpdCommunityPermission.0.2 = 2
#begemotSnmpdCommunityString.0.3 = "otherPublic"
begemotSnmpdCommunityDisable	= 1

# open standard SNMP ports
# 0.0.0.0:161
begemotSnmpdTransInetStatus.1.4.0.0.0.0.161.1 = 4

# test the port table; IPv4 address
# 127.0.0.1:10161
begemotSnmpdTransInetStatus.1.4.127.0.0.1.10161.1 = 4

# test the port table; IPv6 address
# ::1:10162
begemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.10162.1 = 4
# :::10163
begemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.10163.1 = 4
# fe80::1%1:10164 - requires inet fe80::1%em0/64
begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.10164.1 = 4
# fe80::1%2:10164 - requires inet fe80::1%em1/64
begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.10164.1 = 4
# fe80::1:10170 - should fail (no scope index)
# begemotSnmpdTransInetStatus.2.16.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.10170.1 = 4
# fe80::1%0:10170 - should fail (default scope index for link local address)
# begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.10170.1 = 4

# test the port table; DNS address
# :10165 UDPv4 and UDPv6
begemotSnmpdTransInetStatus.16.0.10165.1 = 4
# 127.0.0.1:10166
# ::1:10166
begemotSnmpdTransInetStatus.16."localhost".10166.1 = 4
# ::1:10167
begemotSnmpdTransInetStatus.16."localhost6".10167.1 = 4
# fe80::1%em0:10168 - requires inet fe80::$em0/64
begemotSnmpdTransInetStatus.16."fe80::1%em0".10168.1 = 4
# fe80::1%em1:10169 - requires inet fe80::$em1/64
begemotSnmpdTransInetStatus.16."fe80::1%em1".10169.1 = 4

# open a unix domain socket
# begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
# begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4

# send traps to the traphost
begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)

sysContact	= $(contact)
sysLocation	= $(location)
sysObjectId 	= 1.3.6.1.4.1.12325.1.1.2.1.$(system)

snmpEnableAuthenTraps = 2

#
# Load MIB-2 module
#
#begemotSnmpdModulePath."mibII"	= "../snmp_mibII/.libs/snmp_mibII.so"
begemotSnmpdModulePath."mibII"	= "/usr/local/lib/snmp_mibII.so"

#
# SNMPv3 notification targets
#
#begemotSnmpdModulePath."target"	= "../snmp_target/.libs/snmp_target.so"
begemotSnmpdModulePath."target"	= "/usr/local/lib/snmp_target.so"

#
# SNMPv3 user-based security module
#
#begemotSnmpdModulePath."usm"	= "../snmp_usm/.libs/snmp_usm.so"
begemotSnmpdModulePath."usm"	= "/usr/local/lib/snmp_usm.so"

#
# SNMPv3 view-based access control module
#
#begemotSnmpdModulePath."vacm"	= "../snmp_vacm/.libs/snmp_vacm.so"
begemotSnmpdModulePath."vacm"	= "/usr/local/lib/snmp_vacm.so"

#
# Netgraph module
#
# begemotSnmpdModulePath."netgraph" = "/usr/local/lib/snmp_netgraph.so"
# %netgraph
# begemotNgControlNodeName = "snmpd"

%vacm

internetoid := 1.3.6.1
internetoidlen := 4

vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)

vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(read) = 4
vacmGroupName.$(securityModelSNMPv2c).$(read) = $(read)

vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)

vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4

vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"

vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
vacmAccessStatus.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
vacmAccessReadViewName.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
vacmAccessWriteViewName.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00			`#`
			`# Copyright (c) 2001-2003`
			`# Fraunhofer Institute for Open Communication Systems (FhG Fokus).`
			`# All rights reserved.`
			`#`
			`# Author: Harti Brandt <harti@freebsd.org>`
Vendor import of bsnmp-1.13. 2018-07-27 19:30:18 +00:00			`#`
Virgin import of bsnmpd 1.7 2004-08-06 13:38:30 +00:00			`# Redistribution and use in source and binary forms, with or without`
			`# modification, are permitted provided that the following conditions`
			`# are met:`
			`# 1. Redistributions of source code must retain the above copyright`
			`# notice, this list of conditions and the following disclaimer.`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00			`# 2. Redistributions in binary form must reproduce the above copyright`
			`# notice, this list of conditions and the following disclaimer in the`
			`# documentation and/or other materials provided with the distribution.`
Vendor import of bsnmp-1.13. 2018-07-27 19:30:18 +00:00			`#`
Virgin import of bsnmpd 1.7 2004-08-06 13:38:30 +00:00			# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
			`# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
			`# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE`
			`# ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE`
			`# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
			`# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS`
			`# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
			`# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT`
			`# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY`
			`# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
			`# SUCH DAMAGE.`
			`#`
Virgin import of bsnmpd 1.12 2006-02-27 16:16:18 +00:00			`# $Begemot: bsnmp/snmpd/snmpd.config,v 1.16 2006/02/14 09:04:20 brandt_h Exp $`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00			`#`
Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`# Example configuration file for testing.`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00			`#`

			`#`
			`# Set some common variables`
			`#`
			`host := foo.bar.com`
			`location := "Room 200"`
			`contact := "sysmeister@bar.com"`
			`system := 1 # FreeBSD`
Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`traphost := localhost`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00			`trapport := 162`

			`read := "public"`
Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`write := "geheim" # take care - this allows writing`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00			`trap := "mytrap"`

Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`securityModelSNMPv1 := 1`
			`securityModelSNMPv2c := 2`

			`noAuthNoPriv := 1`

Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00			`#`
			`# Configuration`
			`#`
			`%snmpd`
			`begemotSnmpdDebugDumpPdus = 2`
			`begemotSnmpdDebugSyslogPri = 7`
Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`begemotSnmpdDebugSnmpTrace = 0`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00
Vendor fix: make the default read and write communities NULL. This basically disables any access unless other strings are set in the config file. Note, that there is no way to set the communities back to NULL once they're set to something not NULL. 2006-01-10 11:49:26 +00:00			`#`
Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`# Set community strings.`
Vendor fix: make the default read and write communities NULL. This basically disables any access unless other strings are set in the config file. Note, that there is no way to set the communities back to NULL once they're set to something not NULL. 2006-01-10 11:49:26 +00:00			`#`
Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`# Each community string has a permission attached to it - 1 for read only`
			`# and 2 for read/write. Default is 1. Community strings must be unique.`
Vendor fix: make the default read and write communities NULL. This basically disables any access unless other strings are set in the config file. Note, that there is no way to set the communities back to NULL once they're set to something not NULL. 2006-01-10 11:49:26 +00:00			`#`
			`# Be sure to understand the security implications of SNMPv2 - the community`
			`# strings are readable on the wire!`
			`#`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00			`begemotSnmpdCommunityString.0.1 = $(read)`
Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`begemotSnmpdCommunityPermission.0.1 = 1`
			`#begemotSnmpdCommunityString.0.2 = $(write)`
			`#begemotSnmpdCommunityPermission.0.2 = 2`
			`#begemotSnmpdCommunityString.0.3 = "otherPublic"`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00			`begemotSnmpdCommunityDisable = 1`

			`# open standard SNMP ports`
Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`# 0.0.0.0:161`
			`begemotSnmpdTransInetStatus.1.4.0.0.0.0.161.1 = 4`

			`# test the port table; IPv4 address`
			`# 127.0.0.1:10161`
			`begemotSnmpdTransInetStatus.1.4.127.0.0.1.10161.1 = 4`

			`# test the port table; IPv6 address`
			`# ::1:10162`
			`begemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.10162.1 = 4`
			`# :::10163`
			`begemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.10163.1 = 4`
			`# fe80::1%1:10164 - requires inet fe80::1%em0/64`
			`begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.10164.1 = 4`
			`# fe80::1%2:10164 - requires inet fe80::1%em1/64`
			`begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.10164.1 = 4`
			`# fe80::1:10170 - should fail (no scope index)`
			`# begemotSnmpdTransInetStatus.2.16.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.10170.1 = 4`
			`# fe80::1%0:10170 - should fail (default scope index for link local address)`
			`# begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.10170.1 = 4`

			`# test the port table; DNS address`
			`# :10165 UDPv4 and UDPv6`
			`begemotSnmpdTransInetStatus.16.0.10165.1 = 4`
			`# 127.0.0.1:10166`
			`# ::1:10166`
			`begemotSnmpdTransInetStatus.16."localhost".10166.1 = 4`
			`# ::1:10167`
			`begemotSnmpdTransInetStatus.16."localhost6".10167.1 = 4`
			`# fe80::1%em0:10168 - requires inet fe80::$em0/64`
			`begemotSnmpdTransInetStatus.16."fe80::1%em0".10168.1 = 4`
			`# fe80::1%em1:10169 - requires inet fe80::$em1/64`
			`begemotSnmpdTransInetStatus.16."fe80::1%em1".10169.1 = 4`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00
			`# open a unix domain socket`
Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`# begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1`
			`# begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00
			`# send traps to the traphost`
Import of bsnmpd 1.6 2004-04-14 16:20:14 +00:00			`begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4`
			`begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2`
			`begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00
			`sysContact = $(contact)`
			`sysLocation = $(location)`
			`sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system)`

			`snmpEnableAuthenTraps = 2`

			`#`
			`# Load MIB-2 module`
			`#`
Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`#begemotSnmpdModulePath."mibII" = "../snmp_mibII/.libs/snmp_mibII.so"`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00			`begemotSnmpdModulePath."mibII" = "/usr/local/lib/snmp_mibII.so"`

Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`#`
			`# SNMPv3 notification targets`
			`#`
			`#begemotSnmpdModulePath."target" = "../snmp_target/.libs/snmp_target.so"`
			`begemotSnmpdModulePath."target" = "/usr/local/lib/snmp_target.so"`

			`#`
			`# SNMPv3 user-based security module`
			`#`
			`#begemotSnmpdModulePath."usm" = "../snmp_usm/.libs/snmp_usm.so"`
			`begemotSnmpdModulePath."usm" = "/usr/local/lib/snmp_usm.so"`

			`#`
			`# SNMPv3 view-based access control module`
			`#`
			`#begemotSnmpdModulePath."vacm" = "../snmp_vacm/.libs/snmp_vacm.so"`
			`begemotSnmpdModulePath."vacm" = "/usr/local/lib/snmp_vacm.so"`

Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00			`#`
			`# Netgraph module`
			`#`
Import version 1.14 of bsnmp. This mainly consists of bug fixes in the ASN.1 functions and comes with a test suite for these functions. 2020-03-31 17:50:32 +00:00			`# begemotSnmpdModulePath."netgraph" = "/usr/local/lib/snmp_netgraph.so"`
			`# %netgraph`
			`# begemotNgControlNodeName = "snmpd"`

			`%vacm`

			`internetoid := 1.3.6.1`
			`internetoidlen := 4`

			`vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4`
			`vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)`

			`vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(read) = 4`
			`vacmGroupName.$(securityModelSNMPv2c).$(read) = $(read)`

			`vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4`
			`vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)`

			`vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4`

			`vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4`
			`vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"`

			`vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4`
			`vacmAccessStatus.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4`
			`vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"`
			`vacmAccessReadViewName.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"`
			`vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"`
			`vacmAccessWriteViewName.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"`
Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00