From owner-svn-src-head@FreeBSD.ORG Mon Dec 20 17:28:15 2010 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D510F1065672; Mon, 20 Dec 2010 17:28:15 +0000 (UTC) (envelope-from syrinx@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id C31678FC14; Mon, 20 Dec 2010 17:28:15 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id oBKHSFLU070295; Mon, 20 Dec 2010 17:28:15 GMT (envelope-from syrinx@svn.freebsd.org) Received: (from syrinx@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id oBKHSFnj070293; Mon, 20 Dec 2010 17:28:15 GMT (envelope-from syrinx@svn.freebsd.org) Message-Id: <201012201728.oBKHSFnj070293@svn.freebsd.org> From: Shteryana Shopova Date: Mon, 20 Dec 2010 17:28:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r216595 - head/etc X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Dec 2010 17:28:15 -0000 Author: syrinx Date: Mon Dec 20 17:28:15 2010 New Revision: 216595 URL: http://svn.freebsd.org/changeset/base/216595 Log: Add (disabled) sample configuration lines needed to enable snmp_target(3) module and configure minimal target addresses & notifications needed for bsnmpd(1) to send SNMPv3 notifications. Sponsored by: The FreeBSD Foundation Reviewed by: philip Approved by: philip Modified: head/etc/snmpd.config Modified: head/etc/snmpd.config ============================================================================== --- head/etc/snmpd.config Mon Dec 20 17:13:14 2010 (r216594) +++ head/etc/snmpd.config Mon Dec 20 17:28:15 2010 (r216595) @@ -28,7 +28,10 @@ read := "public" write := "geheim" trap := "mytrap" +# # Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options +# + NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 @@ -37,16 +40,36 @@ DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 # +# Enumerations from SNMP-FRAMEWORK-MIB +# + +# Security models +securityModelAny := 0 +securityModelSNMPv1 := 1 +securityModelSNMPv2c := 2 +securityModelUSM := 3 + +# Message Processing models +MPmodelSNMPv1 := 0 +MPmodelSNMPv2c := 1 +MPmodelSNMPv3 := 3 + +# Security levels +noAuthNoPriv := 1 +authNoPriv := 2 +authPriv := 3 + + # SNMPv3 USM User definition # # The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, # SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking # 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other # usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" -# with a private password "bsnmp", localized for the above engine ID. +# with a private password "bsnmptest", localized for the above engine ID. # -# user1 := "bsnmp" -# user1passwd := 0x1b:0x6d:0x9e:0x94:0xbe:0x19:0x17:0xfb:0xde:0x60:0x46:0xfe:0x59:0x6f:0x61:0x95:0xf2:0xc9:0x57:0x1f +#user1 := "bsnmp" +#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60 # # Configuration @@ -90,17 +113,6 @@ sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1 snmpEnableAuthenTraps = 2 # -# Load MIB-2 module -# -begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" - -# Force a polling rate for the 64-bit interface counters in case -# the automatic computation is wrong (which may be the case if an interface -# announces the wrong bit rate via its MIB). -#%mibII -#begemotIfForcePoll = 2000 - -# # SNMPv3 User-based security module - must be loaded for SNMPv3 USM # #begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" @@ -145,18 +157,18 @@ begemotSnmpdModulePath."mibII" = "/usr/l #%vacm # Definition of a SNMPv1 group -# vacmSecurityToGroupStatus.1.$(read) = 4 -# vacmGroupName.1.$(read) = $(read) +# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4 +# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read) # Definition of SNMPv2 group -# vacmSecurityToGroupStatus.2.$(write) = 4 -# vacmGroupName.2.$(write) = $(write) +# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4 +# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write) # Definition of SNMPv3 group with users "bsnmp" and "public" -# vacmSecurityToGroupStatus.3.$(user1) = 4 -# vacmGroupName.3.$(user1) = $(write) -# vacmSecurityToGroupStatus.3.$(read) = 4 -# vacmGroupName.3.$(read) = $(write) +# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4 +# vacmGroupName.$(securityModelUSM).$(user1) = $(write) +# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4 +# vacmGroupName.$(securityModelUSM).$(read) = $(write) # # The OID of the .iso.org.dod.internet subtree @@ -164,11 +176,6 @@ begemotSnmpdModulePath."mibII" = "/usr/l # internetoid := 1.3.6.1 # internetoidlen := 4 -# Enumerated values for the privacy options -# noAuthNoPriv := 1 -# authNoPriv := 2 -# authPriv := 3 - # # Definitions of two views # @@ -182,23 +189,23 @@ begemotSnmpdModulePath."mibII" = "/usr/l # # Read-only access for SNMPv1 users # -# vacmAccessStatus.$(read)."".1.1 = 4 -# vacmAccessReadViewName.$(read)."".1.1 = "internet" +# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet" # # Read-write access for SNMPv2 users # -# vacmAccessStatus.$(write)."".2.1 = 4 -# vacmAccessReadViewName.$(write)."".2.1 = "internet" -# vacmAccessWriteViewName.$(write)."".2.1 = "internet" +# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" # # Read-write-notify access for SNMPv3 USM users with noAuthNoPriv # # vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 -# vacmAccessReadViewName.$(write)."".3.$(noAuthNoPriv) = "internet" -# vacmAccessWriteViewName.$(write)."".3.$(noAuthNoPriv) = "internet" -# vacmAccessNotifyViewName.$(write)."".3.$(noAuthNoPriv) = "internet" +# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" # #Read-write-notify access to restricted for SNMPv3 USM users with authPriv @@ -208,6 +215,62 @@ begemotSnmpdModulePath."mibII" = "/usr/l # vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted" # vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted" +# +# SNMPv3 Notification Targets +# +# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so" + +#%target +# Send notifications to target tag "test" +# tag := "test" +# snmpNotifyRowStatus.$(tag) = 4 +# snmpNotifyTag.$(tag) = $(tag) + +# tagremote := "testremote" +# snmpNotifyRowStatus.$(tagremote) = 4 +# snmpNotifyTag.$(tagremote) = $(tagremote) + +# +# Specify the target parameters for the notifications - send with the credentials +# of user "bsnmp" +# +# snmpTargetParamsRowStatus.$(tag) = 5 +# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3) +# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM) +# snmpTargetParamsSecurityName.$(tag) = $(user1) +# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv) +# snmpTargetParamsRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on localhost +# +# snmpTargetAddrRowStatus.$(tag) = 5 +# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tag) = "test notification" +# snmpTargetAddrParams.$(tag) = $(tag) +# snmpTargetAddrRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on 10.0.0.1 +# +# snmpTargetAddrRowStatus.$(tagremote) = 5 +# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tagremote) = $(tagremote) +# snmpTargetAddrParams.$(tagremote) = $(tag) +# snmpTargetAddrRowStatus.$(tagremote) = 1 + +# +# Load MIB-2 module +# +begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" + +# Force a polling rate for the 64-bit interface counters in case +# the automatic computation is wrong (which may be the case if an interface +# announces the wrong bit rate via its MIB). +#%mibII +#begemotIfForcePoll = 2000 + + # Netgraph module # #begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"