From owner-svn-src-all@freebsd.org Sat Aug 11 13:47:29 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7481D106D190; Sat, 11 Aug 2018 13:47:29 +0000 (UTC) (envelope-from brd@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 206AC7D44A; Sat, 11 Aug 2018 13:47:29 +0000 (UTC) (envelope-from brd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F324218048; Sat, 11 Aug 2018 13:47:28 +0000 (UTC) (envelope-from brd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7BDlSI1031328; Sat, 11 Aug 2018 13:47:28 GMT (envelope-from brd@FreeBSD.org) Received: (from brd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7BDlSGM031325; Sat, 11 Aug 2018 13:47:28 GMT (envelope-from brd@FreeBSD.org) Message-Id: <201808111347.w7BDlSGM031325@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brd set sender to brd@FreeBSD.org using -f From: Brad Davis Date: Sat, 11 Aug 2018 13:47:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r337625 - in head: etc usr.sbin/bsnmpd/bsnmpd X-SVN-Group: head X-SVN-Commit-Author: brd X-SVN-Commit-Paths: in head: etc usr.sbin/bsnmpd/bsnmpd X-SVN-Commit-Revision: 337625 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Aug 2018 13:47:29 -0000 Author: brd Date: Sat Aug 11 13:47:28 2018 New Revision: 337625 URL: https://svnweb.freebsd.org/changeset/base/337625 Log: Move snmpd.config to usr.sbin/bsnmpd/bsnmpd/ This helps with pkgbase as this config file will now be tagged as a config file Approved by: allanjude (mentor) Sponsored by: Essen Hackathon Differential Revision: https://reviews.freebsd.org/D16674 Added: head/usr.sbin/bsnmpd/bsnmpd/snmpd.config - copied unchanged from r337624, head/etc/snmpd.config Deleted: head/etc/snmpd.config Modified: head/etc/Makefile head/usr.sbin/bsnmpd/bsnmpd/Makefile Modified: head/etc/Makefile ============================================================================== --- head/etc/Makefile Sat Aug 11 13:28:03 2018 (r337624) +++ head/etc/Makefile Sat Aug 11 13:47:28 2018 (r337625) @@ -158,11 +158,6 @@ distribution: ${DESTDIR}/etc/services; .endif -.if ${MK_BSNMP} != "no" - cd ${.CURDIR}; \ - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ - snmpd.config ${DESTDIR}/etc; -.endif .if ${MK_TCSH} == "no" sed -i "" -e 's;/bin/csh;/bin/sh;' ${DESTDIR}/etc/master.passwd .endif Modified: head/usr.sbin/bsnmpd/bsnmpd/Makefile ============================================================================== --- head/usr.sbin/bsnmpd/bsnmpd/Makefile Sat Aug 11 13:28:03 2018 (r337624) +++ head/usr.sbin/bsnmpd/bsnmpd/Makefile Sat Aug 11 13:47:28 2018 (r337625) @@ -7,6 +7,8 @@ CONTRIB=${SRCTOP}/contrib/bsnmp .PATH: ${CONTRIB}/snmpd +CONFS= snmpd.config +CONFSMODE= 600 PROG= bsnmpd SRCS= main.c action.c config.c export.c trap.c trans_udp.c trans_lsock.c SRCS+= oid.h tree.c tree.h Copied: head/usr.sbin/bsnmpd/bsnmpd/snmpd.config (from r337624, head/etc/snmpd.config) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/usr.sbin/bsnmpd/bsnmpd/snmpd.config Sat Aug 11 13:47:28 2018 (r337625, copy of r337624, head/etc/snmpd.config) @@ -0,0 +1,322 @@ +# $FreeBSD$ +# +# Example configuration file for bsnmpd(1). +# + +# +# Set some common variables +# +location := "Room 200" +contact := "sysmeister@example.com" +system := 1 # FreeBSD +traphost := localhost +trapport := 162 + +# +# Set the SNMP engine ID. +# +# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via +# this configuration file, an ID is assigned based on the value of the +# kern.hostid variable +# engine := 0x80:0x10:0x08:0x10:0x80:0x25 +# snmpEngineID = $(engine) + +# Change this! +read := "public" +# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community +# string to enable write access. +write := "geheim" +trap := "mytrap" + +# +# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options +# + +NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 +HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 +HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 +NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1 +DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 +AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 + +# +# Enumerations from SNMP-FRAMEWORK-MIB +# + +# Security models +securityModelAny := 0 +securityModelSNMPv1 := 1 +securityModelSNMPv2c := 2 +securityModelUSM := 3 + +# Message Processing models +MPmodelSNMPv1 := 0 +MPmodelSNMPv2c := 1 +MPmodelSNMPv3 := 3 + +# Security levels +noAuthNoPriv := 1 +authNoPriv := 2 +authPriv := 3 + + +# SNMPv3 USM User definition +# +# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, +# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking +# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other +# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" +# with a private password "bsnmptest", localized for the above engine ID. +# +#user1 := "bsnmp" +#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60 + +# +# Configuration +# +%snmpd +begemotSnmpdDebugDumpPdus = 2 +begemotSnmpdDebugSyslogPri = 7 + +# +# Set the read and write communities. +# +# The default value of the community strings is NULL (note, that this is +# different from the empty string). This disables both read and write access. +# To enable read access only the read community string must be set. Setting +# the write community string enables both read and write access with that +# string. +# +# Be sure to understand the security implications of SNMPv2 - the community +# strings are readable on the wire! +# +begemotSnmpdCommunityString.0.1 = $(read) +# begemotSnmpdCommunityString.0.2 = $(write) +begemotSnmpdCommunityDisable = 1 + +# open standard SNMP ports +begemotSnmpdPortStatus.0.0.0.0.161 = 1 + +# open a unix domain socket +begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 +begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 + +# send traps to the traphost +begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 +begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 +begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) + +sysContact = $(contact) +sysLocation = $(location) +sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) + +snmpEnableAuthenTraps = 2 + +# Uncomment `begemotSnmpdModulePath.".." = ".."' entries below to enable +# modules + +# +# Control configuration for the modules in the module specific sections, e.g. +# the "usm" module (begemotSnmpdModulePath."usm") can be controlled in the +# %usm specific section. You must uncomment the section specific header in +# order to use the enclosed variables, e.g. `usmUserStatus.$(engine).$(user1)` +# can only be used if %usm is uncommented. +# +# Modules are loaded in the order listed, so they must be before any +# dependent modules, e.g. "mibII" vs "bridge". +# + +# +# MIB-2 module +# +begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" + +# +# Bridge module +# This requires the mibII module. +# +#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" + +# +# Host resources module +# This requires the mibII module. +# +#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" + +# +# LM75 Sensor module +# +#begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so" + +# +# Netgraph module +# +#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so" + +# +# pf(4) module +# +#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so" + +# +# SNMPv3 Notification Targets +# +# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so" + +# +# SNMPv3 User-based security module - must be loaded for SNMPv3 USM +# +#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" + +# +# SNMPv3 View-based Access Control module +# +#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so" + +# +# Wireless module +# This requires the mibII module. +# +#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so" + +# +# SNMPv3 USM User definition. +# + +#%usm + +# +# The following block creates a user with name "bsnmp" and sets privacy +# and encryption options to SHA256 message digests and AES encryption +# for this user. +# +# usmUserStatus.$(engine).$(user1) = 5 +# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol) +# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd) +# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol) +# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd) +# usmUserStatus.$(engine).$(user1) = 1 +# + +# +# The following block creates a user with name "public" with no authentication +# or encryption options. +# +# usmUserStatus.$(engine).$(read) = 5 +# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol) +# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol) +# usmUserStatus.$(engine).$(read) = 1 +# + +# +# Definition of view-based access control entries. +# +#%vacm + +# Definition of a SNMPv1 group +# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4 +# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read) + +# Definition of SNMPv2 group +# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4 +# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write) + +# Definition of SNMPv3 group with users "bsnmp" and "public" +# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4 +# vacmGroupName.$(securityModelUSM).$(user1) = $(write) +# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4 +# vacmGroupName.$(securityModelUSM).$(read) = $(write) + +# +# The OID of the .iso.org.dod.internet subtree +# +# internetoid := 1.3.6.1 +# internetoidlen := 4 + +# +# Definitions of two views +# +# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 +# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4 + +# +# Access control +# + +# +# Read-only access for SNMPv1 users +# +# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet" + +# +# Read-write access for SNMPv2 users +# +# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" + +# +# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv +# +# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" + +# +#Read-write-notify access to restricted for SNMPv3 USM users with authPriv +# +# vacmAccessStatus.$(write)."".$(securityModelUSM).$(authPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" +# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" +# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" + +#%target +# Send notifications to target tag "test" +# tag := "test" +# snmpNotifyRowStatus.$(tag) = 4 +# snmpNotifyTag.$(tag) = $(tag) + +# tagremote := "testremote" +# snmpNotifyRowStatus.$(tagremote) = 4 +# snmpNotifyTag.$(tagremote) = $(tagremote) + +# +# Specify the target parameters for the notifications - send with the credentials +# of user "bsnmp" +# +# snmpTargetParamsRowStatus.$(tag) = 5 +# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3) +# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM) +# snmpTargetParamsSecurityName.$(tag) = $(user1) +# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv) +# snmpTargetParamsRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on localhost +# +# snmpTargetAddrRowStatus.$(tag) = 5 +# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tag) = "test notification" +# snmpTargetAddrParams.$(tag) = $(tag) +# snmpTargetAddrRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on 10.0.0.1 +# +# snmpTargetAddrRowStatus.$(tagremote) = 5 +# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tagremote) = $(tagremote) +# snmpTargetAddrParams.$(tagremote) = $(tag) +# snmpTargetAddrRowStatus.$(tagremote) = 1 + +# Force a polling rate for the 64-bit interface counters in case +# the automatic computation is wrong (which may be the case if an interface +# announces the wrong bit rate via its MIB). +#%mibII +#begemotIfForcePoll = 2000 + +#%netgraph +#begemotNgControlNodeName = "snmpd" +