From 5b56d5b347516a88efb1bfc8ebf8a474466beb2e Mon Sep 17 00:00:00 2001 From: Shteryana Shopova Date: Mon, 20 Dec 2010 17:28:15 +0000 Subject: [PATCH] Add (disabled) sample configuration lines needed to enable snmp_target(3) module and configure minimal target addresses & notifications needed for bsnmpd(1) to send SNMPv3 notifications. Sponsored by: The FreeBSD Foundation Reviewed by: philip Approved by: philip --- etc/snmpd.config | 133 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 98 insertions(+), 35 deletions(-) diff --git a/etc/snmpd.config b/etc/snmpd.config index d729b376589a..86b098994124 100644 --- a/etc/snmpd.config +++ b/etc/snmpd.config @@ -28,7 +28,10 @@ read := "public" write := "geheim" trap := "mytrap" +# # Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options +# + NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 @@ -37,16 +40,36 @@ DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 # +# Enumerations from SNMP-FRAMEWORK-MIB +# + +# Security models +securityModelAny := 0 +securityModelSNMPv1 := 1 +securityModelSNMPv2c := 2 +securityModelUSM := 3 + +# Message Processing models +MPmodelSNMPv1 := 0 +MPmodelSNMPv2c := 1 +MPmodelSNMPv3 := 3 + +# Security levels +noAuthNoPriv := 1 +authNoPriv := 2 +authPriv := 3 + + # SNMPv3 USM User definition # # The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, # SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking # 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other # usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" -# with a private password "bsnmp", localized for the above engine ID. +# with a private password "bsnmptest", localized for the above engine ID. # -# user1 := "bsnmp" -# user1passwd := 0x1b:0x6d:0x9e:0x94:0xbe:0x19:0x17:0xfb:0xde:0x60:0x46:0xfe:0x59:0x6f:0x61:0x95:0xf2:0xc9:0x57:0x1f +#user1 := "bsnmp" +#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60 # # Configuration @@ -89,17 +112,6 @@ sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) snmpEnableAuthenTraps = 2 -# -# Load MIB-2 module -# -begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" - -# Force a polling rate for the 64-bit interface counters in case -# the automatic computation is wrong (which may be the case if an interface -# announces the wrong bit rate via its MIB). -#%mibII -#begemotIfForcePoll = 2000 - # # SNMPv3 User-based security module - must be loaded for SNMPv3 USM # @@ -145,18 +157,18 @@ begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" #%vacm # Definition of a SNMPv1 group -# vacmSecurityToGroupStatus.1.$(read) = 4 -# vacmGroupName.1.$(read) = $(read) +# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4 +# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read) # Definition of SNMPv2 group -# vacmSecurityToGroupStatus.2.$(write) = 4 -# vacmGroupName.2.$(write) = $(write) +# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4 +# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write) # Definition of SNMPv3 group with users "bsnmp" and "public" -# vacmSecurityToGroupStatus.3.$(user1) = 4 -# vacmGroupName.3.$(user1) = $(write) -# vacmSecurityToGroupStatus.3.$(read) = 4 -# vacmGroupName.3.$(read) = $(write) +# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4 +# vacmGroupName.$(securityModelUSM).$(user1) = $(write) +# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4 +# vacmGroupName.$(securityModelUSM).$(read) = $(write) # # The OID of the .iso.org.dod.internet subtree @@ -164,11 +176,6 @@ begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" # internetoid := 1.3.6.1 # internetoidlen := 4 -# Enumerated values for the privacy options -# noAuthNoPriv := 1 -# authNoPriv := 2 -# authPriv := 3 - # # Definitions of two views # @@ -182,23 +189,23 @@ begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" # # Read-only access for SNMPv1 users # -# vacmAccessStatus.$(read)."".1.1 = 4 -# vacmAccessReadViewName.$(read)."".1.1 = "internet" +# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet" # # Read-write access for SNMPv2 users # -# vacmAccessStatus.$(write)."".2.1 = 4 -# vacmAccessReadViewName.$(write)."".2.1 = "internet" -# vacmAccessWriteViewName.$(write)."".2.1 = "internet" +# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" # # Read-write-notify access for SNMPv3 USM users with noAuthNoPriv # # vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 -# vacmAccessReadViewName.$(write)."".3.$(noAuthNoPriv) = "internet" -# vacmAccessWriteViewName.$(write)."".3.$(noAuthNoPriv) = "internet" -# vacmAccessNotifyViewName.$(write)."".3.$(noAuthNoPriv) = "internet" +# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" # #Read-write-notify access to restricted for SNMPv3 USM users with authPriv @@ -208,6 +215,62 @@ begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" # vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted" # vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted" +# +# SNMPv3 Notification Targets +# +# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so" + +#%target +# Send notifications to target tag "test" +# tag := "test" +# snmpNotifyRowStatus.$(tag) = 4 +# snmpNotifyTag.$(tag) = $(tag) + +# tagremote := "testremote" +# snmpNotifyRowStatus.$(tagremote) = 4 +# snmpNotifyTag.$(tagremote) = $(tagremote) + +# +# Specify the target parameters for the notifications - send with the credentials +# of user "bsnmp" +# +# snmpTargetParamsRowStatus.$(tag) = 5 +# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3) +# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM) +# snmpTargetParamsSecurityName.$(tag) = $(user1) +# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv) +# snmpTargetParamsRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on localhost +# +# snmpTargetAddrRowStatus.$(tag) = 5 +# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tag) = "test notification" +# snmpTargetAddrParams.$(tag) = $(tag) +# snmpTargetAddrRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on 10.0.0.1 +# +# snmpTargetAddrRowStatus.$(tagremote) = 5 +# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tagremote) = $(tagremote) +# snmpTargetAddrParams.$(tagremote) = $(tag) +# snmpTargetAddrRowStatus.$(tagremote) = 1 + +# +# Load MIB-2 module +# +begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" + +# Force a polling rate for the 64-bit interface counters in case +# the automatic computation is wrong (which may be the case if an interface +# announces the wrong bit rate via its MIB). +#%mibII +#begemotIfForcePoll = 2000 + + # Netgraph module # #begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"