Annotation of elwix/config/etc/default/snmpd.config, revision 1.2
1.2 ! misho 1: # $FreeBSD: src/etc/snmpd.config,v 1.14 2012/11/17 01:49:02 svnexp Exp $
1.1 misho 2: #
3: # Example configuration file for bsnmpd(1).
4: #
5:
6: #
7: # Set some common variables
8: #
9: location := "Room 200"
10: contact := "sysmeister@elwix.org"
11: system := 1 # FreeBSD
12: traphost := localhost
13: trapport := 162
14:
1.2 ! misho 15: #
! 16: # Set the SNMP engine ID.
! 17: #
! 18: # The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
! 19: # this configuration file, an ID is assigned based on the value of the
! 20: # kern.hostid variable
! 21: # engine := 0x80:0x10:0x08:0x10:0x80:0x25
! 22: # snmpEngineID = $(engine)
! 23:
1.1 misho 24: # Change this!
25: read := "public"
26: # Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
27: # string to enable write access.
28: write := "geheim"
29: trap := "mytrap"
30:
31: #
1.2 ! misho 32: # Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
! 33: #
! 34:
! 35: NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1
! 36: HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2
! 37: HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3
! 38: NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1
! 39: DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2
! 40: AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4
! 41:
! 42: #
! 43: # Enumerations from SNMP-FRAMEWORK-MIB
! 44: #
! 45:
! 46: # Security models
! 47: securityModelAny := 0
! 48: securityModelSNMPv1 := 1
! 49: securityModelSNMPv2c := 2
! 50: securityModelUSM := 3
! 51:
! 52: # Message Processing models
! 53: MPmodelSNMPv1 := 0
! 54: MPmodelSNMPv2c := 1
! 55: MPmodelSNMPv3 := 3
! 56:
! 57: # Security levels
! 58: noAuthNoPriv := 1
! 59: authNoPriv := 2
! 60: authPriv := 3
! 61:
! 62:
! 63: # SNMPv3 USM User definition
! 64: #
! 65: # The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
! 66: # SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
! 67: # 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
! 68: # usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
! 69: # with a private password "bsnmptest", localized for the above engine ID.
! 70: #
! 71: #user1 := "bsnmp"
! 72: #user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
! 73:
! 74: #
1.1 misho 75: # Configuration
76: #
77: %snmpd
78: begemotSnmpdDebugDumpPdus = 2
79: begemotSnmpdDebugSyslogPri = 7
80:
81: #
82: # Set the read and write communities.
83: #
84: # The default value of the community strings is NULL (note, that this is
85: # different from the empty string). This disables both read and write access.
86: # To enable read access only the read community string must be set. Setting
87: # the write community string enables both read and write access with that
88: # string.
89: #
90: # Be sure to understand the security implications of SNMPv2 - the community
91: # strings are readable on the wire!
92: #
93: begemotSnmpdCommunityString.0.1 = $(read)
94: # begemotSnmpdCommunityString.0.2 = $(write)
95: begemotSnmpdCommunityDisable = 1
96:
97: # open standard SNMP ports
98: begemotSnmpdPortStatus.0.0.0.0.161 = 1
99:
100: # open a unix domain socket
101: begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
102: begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
103:
104: # send traps to the traphost
105: begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
106: begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
107: begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
108:
109: sysContact = $(contact)
110: sysLocation = $(location)
111: sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system)
112:
113: snmpEnableAuthenTraps = 2
114:
115: #
1.2 ! misho 116: # SNMPv3 User-based security module - must be loaded for SNMPv3 USM
! 117: #
! 118: #begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"
! 119:
! 120: #
! 121: # SNMPv3 USM User definition.
! 122: #
! 123:
! 124: #%usm
! 125:
! 126: #
! 127: # The following block creates a user with name "bsnmp" and sets privacy
! 128: # and encryption options to SHA256 message digests and AES encryption
! 129: # for this user.
! 130: #
! 131: # usmUserStatus.$(engine).$(user1) = 5
! 132: # usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
! 133: # usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
! 134: # usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
! 135: # usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
! 136: # usmUserStatus.$(engine).$(user1) = 1
! 137: #
! 138:
! 139: #
! 140: # The following block creates a user with name "public" with no authentication
! 141: # or encryption options.
! 142: #
! 143: # usmUserStatus.$(engine).$(read) = 5
! 144: # usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
! 145: # usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
! 146: # usmUserStatus.$(engine).$(read) = 1
! 147: #
! 148:
! 149: #
! 150: # SNMPv3 View-based Access Control module
! 151: #
! 152: #begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"
! 153:
! 154: #
! 155: # Definition of view-based access control entries.
! 156: #
! 157: #%vacm
! 158:
! 159: # Definition of a SNMPv1 group
! 160: # vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
! 161: # vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
! 162:
! 163: # Definition of SNMPv2 group
! 164: # vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
! 165: # vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
! 166:
! 167: # Definition of SNMPv3 group with users "bsnmp" and "public"
! 168: # vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
! 169: # vacmGroupName.$(securityModelUSM).$(user1) = $(write)
! 170: # vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
! 171: # vacmGroupName.$(securityModelUSM).$(read) = $(write)
! 172:
! 173: #
! 174: # The OID of the .iso.org.dod.internet subtree
! 175: #
! 176: # internetoid := 1.3.6.1
! 177: # internetoidlen := 4
! 178:
! 179: #
! 180: # Definitions of two views
! 181: #
! 182: # vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
! 183: # vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4
! 184:
! 185: #
! 186: # Access control
! 187: #
! 188:
! 189: #
! 190: # Read-only access for SNMPv1 users
! 191: #
! 192: # vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
! 193: # vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
! 194:
! 195: #
! 196: # Read-write access for SNMPv2 users
! 197: #
! 198: # vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
! 199: # vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
! 200: # vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
! 201:
! 202: #
! 203: # Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
! 204: #
! 205: # vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
! 206: # vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
! 207: # vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
! 208: # vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
! 209:
! 210: #
! 211: #Read-write-notify access to restricted for SNMPv3 USM users with authPriv
! 212: #
! 213: # vacmAccessStatus.$(write)."".3.$(authPriv) = 4
! 214: # vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted"
! 215: # vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted"
! 216: # vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted"
! 217:
! 218: #
! 219: # SNMPv3 Notification Targets
! 220: #
! 221: # begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so"
! 222:
! 223: #%target
! 224: # Send notifications to target tag "test"
! 225: # tag := "test"
! 226: # snmpNotifyRowStatus.$(tag) = 4
! 227: # snmpNotifyTag.$(tag) = $(tag)
! 228:
! 229: # tagremote := "testremote"
! 230: # snmpNotifyRowStatus.$(tagremote) = 4
! 231: # snmpNotifyTag.$(tagremote) = $(tagremote)
! 232:
! 233: #
! 234: # Specify the target parameters for the notifications - send with the credentials
! 235: # of user "bsnmp"
! 236: #
! 237: # snmpTargetParamsRowStatus.$(tag) = 5
! 238: # snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
! 239: # snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
! 240: # snmpTargetParamsSecurityName.$(tag) = $(user1)
! 241: # snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
! 242: # snmpTargetParamsRowStatus.$(tag) = 1
! 243:
! 244: #
! 245: # Define the notifications' target address - port 162 on localhost
! 246: #
! 247: # snmpTargetAddrRowStatus.$(tag) = 5
! 248: # snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
! 249: # snmpTargetAddrTagList.$(tag) = "test notification"
! 250: # snmpTargetAddrParams.$(tag) = $(tag)
! 251: # snmpTargetAddrRowStatus.$(tag) = 1
! 252:
! 253: #
! 254: # Define the notifications' target address - port 162 on 10.0.0.1
! 255: #
! 256: # snmpTargetAddrRowStatus.$(tagremote) = 5
! 257: # snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
! 258: # snmpTargetAddrTagList.$(tagremote) = $(tagremote)
! 259: # snmpTargetAddrParams.$(tagremote) = $(tag)
! 260: # snmpTargetAddrRowStatus.$(tagremote) = 1
! 261:
! 262: #
1.1 misho 263: # Load MIB-2 module
264: #
1.2 ! misho 265: begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so"
1.1 misho 266:
267: # Force a polling rate for the 64-bit interface counters in case
268: # the automatic computation is wrong (which may be the case if an interface
269: # announces the wrong bit rate via its MIB).
270: #%mibII
271: #begemotIfForcePoll = 2000
272:
1.2 ! misho 273:
1.1 misho 274: # Netgraph module
275: #
1.2 ! misho 276: #begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
1.1 misho 277: #
278: #%netgraph
279: #begemotNgControlNodeName = "snmpd"
280:
281: #
282: # pf(4) module
283: #
1.2 ! misho 284: #begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so"
1.1 misho 285:
286: #
287: # Host resources module
288: # This requires the mibII module.
289: #
1.2 ! misho 290: #begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
1.1 misho 291:
292: #
293: # Bridge module
294: # This requires the mibII module.
295: #
1.2 ! misho 296: #begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
1.1 misho 297:
298: #
299: # Wireless module
300: # This requires the mibII module.
301: #
1.2 ! misho 302: #begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to snmpd.config CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / elwix / config / etc / default