Date: Thu, 30 Mar 2017 07:31:01 +0000 (UTC) From: Ngie Cooper <ngie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r316262 - in projects/bsnmp-ipv6-mib: contrib/bsnmp/snmpd etc etc/newsyslog.conf.d etc/syslog.d Message-ID: <201703300731.v2U7V12D035811@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ngie Date: Thu Mar 30 07:31:01 2017 New Revision: 316262 URL: https://svnweb.freebsd.org/changeset/base/316262 Log: bsnmpd: change default process name/prefix from "snmpd" to "bsnmpd" This is being done to prevent collisions between other snmp daemons, like snmpd from net-snmp. Add logging infrastructure hooks (newsyslog, syslogd) to support the commit. MFC after: 1 month Reviewed by: arch@ (no objection) Sponsored by: Dell EMC Isilon Added: projects/bsnmp-ipv6-mib/etc/bsnmpd.config - copied unchanged from r316261, projects/bsnmp-ipv6-mib/etc/snmpd.config projects/bsnmp-ipv6-mib/etc/syslog.d/ projects/bsnmp-ipv6-mib/etc/syslog.d/Makefile (contents, props changed) projects/bsnmp-ipv6-mib/etc/syslog.d/bsnmpd.conf (contents, props changed) Deleted: projects/bsnmp-ipv6-mib/etc/snmpd.config Modified: projects/bsnmp-ipv6-mib/contrib/bsnmp/snmpd/main.c projects/bsnmp-ipv6-mib/etc/Makefile projects/bsnmp-ipv6-mib/etc/newsyslog.conf.d/Makefile Modified: projects/bsnmp-ipv6-mib/contrib/bsnmp/snmpd/main.c ============================================================================== --- projects/bsnmp-ipv6-mib/contrib/bsnmp/snmpd/main.c Thu Mar 30 07:17:23 2017 (r316261) +++ projects/bsnmp-ipv6-mib/contrib/bsnmp/snmpd/main.c Thu Mar 30 07:31:01 2017 (r316262) @@ -1480,7 +1480,7 @@ main(int argc, char *argv[]) FILE *fp; int background = 1; struct tport *p; - const char *prefix = "snmpd"; + const char *prefix = "bsnmpd"; struct lmodule *m; char *value = NULL, *option; /* XXX */ struct transport *t; @@ -1592,7 +1592,7 @@ main(int argc, char *argv[]) /* * Initialize hosts_access(3) handler. */ - request_init(&req, RQ_DAEMON, "snmpd", 0); + request_init(&req, RQ_DAEMON, "bsnmpd", 0); sock_methods(&req); #endif Modified: projects/bsnmp-ipv6-mib/etc/Makefile ============================================================================== --- projects/bsnmp-ipv6-mib/etc/Makefile Thu Mar 30 07:17:23 2017 (r316261) +++ projects/bsnmp-ipv6-mib/etc/Makefile Thu Mar 30 07:31:01 2017 (r316262) @@ -8,7 +8,8 @@ FILESGROUPS= FILES # No need as it is empty and just causes rebuilds since this file does so much. UPDATE_DEPENDFILE= no SUBDIR= \ - newsyslog.conf.d + newsyslog.conf.d \ + syslog.d .if ${MK_SENDMAIL} != "no" SUBDIR+=sendmail Copied: projects/bsnmp-ipv6-mib/etc/bsnmpd.config (from r316261, projects/bsnmp-ipv6-mib/etc/snmpd.config) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/bsnmp-ipv6-mib/etc/bsnmpd.config Thu Mar 30 07:31:01 2017 (r316262, copy of r316261, projects/bsnmp-ipv6-mib/etc/snmpd.config) @@ -0,0 +1,328 @@ +# $FreeBSD$ +# +# Example configuration file for bsnmpd(1). +# + +# +# Set some common variables +# +location := "Room 200" +contact := "sysmeister@example.com" +system := 1 # FreeBSD +traphost := localhost +trapport := 162 + +# +# Set the SNMP engine ID. +# +# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via +# this configuration file, an ID is assigned based on the value of the +# kern.hostid variable +# engine := 0x80:0x10:0x08:0x10:0x80:0x25 +# snmpEngineID = $(engine) + +# Change this! +read := "public" +# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community +# string to enable write access. +write := "geheim" +trap := "mytrap" + +# +# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options +# + +NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 +HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 +HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 +NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1 +DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 +AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 + +# +# Enumerations from SNMP-FRAMEWORK-MIB +# + +# Security models +securityModelAny := 0 +securityModelSNMPv1 := 1 +securityModelSNMPv2c := 2 +securityModelUSM := 3 + +# Message Processing models +MPmodelSNMPv1 := 0 +MPmodelSNMPv2c := 1 +MPmodelSNMPv3 := 3 + +# Security levels +noAuthNoPriv := 1 +authNoPriv := 2 +authPriv := 3 + + +# SNMPv3 USM User definition +# +# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, +# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking +# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other +# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" +# with a private password "bsnmptest", localized for the above engine ID. +# +#user1 := "bsnmp" +#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60 + +# +# Configuration +# +%snmpd +begemotSnmpdDebugDumpPdus = 2 +begemotSnmpdDebugSyslogPri = 7 + +# +# Set the read and write communities. +# +# The default value of the community strings is NULL (note, that this is +# different from the empty string). This disables both read and write access. +# To enable read access only the read community string must be set. Setting +# the write community string enables both read and write access with that +# string. +# +# Be sure to understand the security implications of SNMPv2 - the community +# strings are readable on the wire! +# +begemotSnmpdCommunityString.0.1 = $(read) +# begemotSnmpdCommunityString.0.2 = $(write) +begemotSnmpdCommunityDisable = 1 + +# open standard SNMP ports +begemotSnmpdPortStatus.0.0.0.0.161 = 1 + +# open a unix domain socket +begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 +begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 + +# send traps to the traphost +begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 +begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 +begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) + +sysContact = $(contact) +sysLocation = $(location) +sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) + +snmpEnableAuthenTraps = 2 + +# Uncomment `begemotSnmpdModulePath.".." = ".."' entries below to enable +# modules + +# +# Control configuration for the modules in the module specific sections, e.g. +# the "usm" module (begemotSnmpdModulePath."usm") can be controlled in the +# %usm specific section. You must uncomment the section specific header in +# order to use the enclosed variables, e.g. `usmUserStatus.$(engine).$(user1)` +# can only be used if %usm is uncommented. +# +# Modules are loaded in the order listed, so they must be before any +# dependent modules, e.g. "mibII" vs "bridge". +# + +# +# MIB-2 module +# +begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" + +# +# Bridge module +# This requires the mibII module. +# +#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" + +# +# Host resources module +# This requires the mibII module. +# +#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" + +# +# IPv6 module +# This requires the mibII module. +# +#begemotSnmpdModulePath."ipv6MIB" = "/usr/lib/snmp_ipv6MIB.so" + +# +# LM75 Sensor module +# +#begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so" + +# +# Netgraph module +# +#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so" + +# +# pf(4) module +# +#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so" + +# +# SNMPv3 Notification Targets +# +# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so" + +# +# SNMPv3 User-based security module - must be loaded for SNMPv3 USM +# +#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" + +# +# SNMPv3 View-based Access Control module +# +#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so" + +# +# Wireless module +# This requires the mibII module. +# +#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so" + +# +# SNMPv3 USM User definition. +# + +#%usm + +# +# The following block creates a user with name "bsnmp" and sets privacy +# and encryption options to SHA256 message digests and AES encryption +# for this user. +# +# usmUserStatus.$(engine).$(user1) = 5 +# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol) +# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd) +# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol) +# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd) +# usmUserStatus.$(engine).$(user1) = 1 +# + +# +# The following block creates a user with name "public" with no authentication +# or encryption options. +# +# usmUserStatus.$(engine).$(read) = 5 +# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol) +# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol) +# usmUserStatus.$(engine).$(read) = 1 +# + +# +# Definition of view-based access control entries. +# +#%vacm + +# Definition of a SNMPv1 group +# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4 +# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read) + +# Definition of SNMPv2 group +# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4 +# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write) + +# Definition of SNMPv3 group with users "bsnmp" and "public" +# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4 +# vacmGroupName.$(securityModelUSM).$(user1) = $(write) +# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4 +# vacmGroupName.$(securityModelUSM).$(read) = $(write) + +# +# The OID of the .iso.org.dod.internet subtree +# +# internetoid := 1.3.6.1 +# internetoidlen := 4 + +# +# Definitions of two views +# +# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 +# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4 + +# +# Access control +# + +# +# Read-only access for SNMPv1 users +# +# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet" + +# +# Read-write access for SNMPv2 users +# +# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" + +# +# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv +# +# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" + +# +#Read-write-notify access to restricted for SNMPv3 USM users with authPriv +# +# vacmAccessStatus.$(write)."".$(securityModelUSM).$(authPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" +# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" +# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" + +#%target +# Send notifications to target tag "test" +# tag := "test" +# snmpNotifyRowStatus.$(tag) = 4 +# snmpNotifyTag.$(tag) = $(tag) + +# tagremote := "testremote" +# snmpNotifyRowStatus.$(tagremote) = 4 +# snmpNotifyTag.$(tagremote) = $(tagremote) + +# +# Specify the target parameters for the notifications - send with the credentials +# of user "bsnmp" +# +# snmpTargetParamsRowStatus.$(tag) = 5 +# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3) +# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM) +# snmpTargetParamsSecurityName.$(tag) = $(user1) +# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv) +# snmpTargetParamsRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on localhost +# +# snmpTargetAddrRowStatus.$(tag) = 5 +# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tag) = "test notification" +# snmpTargetAddrParams.$(tag) = $(tag) +# snmpTargetAddrRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on 10.0.0.1 +# +# snmpTargetAddrRowStatus.$(tagremote) = 5 +# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tagremote) = $(tagremote) +# snmpTargetAddrParams.$(tagremote) = $(tag) +# snmpTargetAddrRowStatus.$(tagremote) = 1 + +# Force a polling rate for the 64-bit interface counters in case +# the automatic computation is wrong (which may be the case if an interface +# announces the wrong bit rate via its MIB). +#%mibII +#begemotIfForcePoll = 2000 + +#%netgraph +#begemotNgControlNodeName = "snmpd" + Modified: projects/bsnmp-ipv6-mib/etc/newsyslog.conf.d/Makefile ============================================================================== --- projects/bsnmp-ipv6-mib/etc/newsyslog.conf.d/Makefile Thu Mar 30 07:17:23 2017 (r316261) +++ projects/bsnmp-ipv6-mib/etc/newsyslog.conf.d/Makefile Thu Mar 30 07:31:01 2017 (r316262) @@ -6,6 +6,10 @@ BINDIR= /etc/newsyslog.conf.d FILES= +.if ${MK_BSNMP} != "no" +FILES+= bsnmpd.conf +.endif + .if ${MK_OFED} != "no" FILES+= opensm.conf .endif Added: projects/bsnmp-ipv6-mib/etc/syslog.d/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/bsnmp-ipv6-mib/etc/syslog.d/Makefile Thu Mar 30 07:31:01 2017 (r316262) @@ -0,0 +1,13 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +BINDIR= /etc/syslog.d + +FILES= + +.if ${MK_BSNMP} != "no" +FILES+= bsnmpd.conf +.endif + +.include <bsd.prog.mk> Added: projects/bsnmp-ipv6-mib/etc/syslog.d/bsnmpd.conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/bsnmp-ipv6-mib/etc/syslog.d/bsnmpd.conf Thu Mar 30 07:31:01 2017 (r316262) @@ -0,0 +1,2 @@ +# $FreeBSD$ +bsnmpd.* /var/log/bsnmpd.log
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703300731.v2U7V12D035811>