Annotation of elwix/config/etc/default/snmpd.config, revision 1.3
1.2 misho 1: # $FreeBSD: src/etc/snmpd.config,v 1.14 2012/11/17 01:49:02 svnexp Exp $
1.1 misho 2: #
3: # Example configuration file for bsnmpd(1).
4: #
5:
6: #
7: # Set some common variables
8: #
1.3 ! misho 9: location := "ELWIX"
1.1 misho 10: contact := "sysmeister@elwix.org"
11: system := 1 # FreeBSD
12: traphost := localhost
13: trapport := 162
14:
1.2 misho 15: #
16: # Set the SNMP engine ID.
17: #
18: # The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
19: # this configuration file, an ID is assigned based on the value of the
20: # kern.hostid variable
21: # engine := 0x80:0x10:0x08:0x10:0x80:0x25
22: # snmpEngineID = $(engine)
23:
1.1 misho 24: # Change this!
1.3 ! misho 25: read := "elwix"
1.1 misho 26: # Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
27: # string to enable write access.
1.3 ! misho 28: write := "31w1x"
! 29: trap := "ELWIX"
1.1 misho 30:
31: #
1.2 misho 32: # Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
33: #
34:
35: NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1
36: HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2
37: HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3
38: NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1
39: DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2
40: AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4
41:
42: #
43: # Enumerations from SNMP-FRAMEWORK-MIB
44: #
45:
46: # Security models
47: securityModelAny := 0
48: securityModelSNMPv1 := 1
49: securityModelSNMPv2c := 2
50: securityModelUSM := 3
51:
52: # Message Processing models
53: MPmodelSNMPv1 := 0
54: MPmodelSNMPv2c := 1
55: MPmodelSNMPv3 := 3
56:
57: # Security levels
58: noAuthNoPriv := 1
59: authNoPriv := 2
60: authPriv := 3
61:
62:
63: # SNMPv3 USM User definition
64: #
65: # The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
66: # SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
67: # 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
68: # usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
69: # with a private password "bsnmptest", localized for the above engine ID.
70: #
71: #user1 := "bsnmp"
72: #user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
73:
74: #
1.1 misho 75: # Configuration
76: #
77: %snmpd
78: begemotSnmpdDebugDumpPdus = 2
79: begemotSnmpdDebugSyslogPri = 7
80:
81: #
82: # Set the read and write communities.
83: #
84: # The default value of the community strings is NULL (note, that this is
85: # different from the empty string). This disables both read and write access.
86: # To enable read access only the read community string must be set. Setting
87: # the write community string enables both read and write access with that
88: # string.
89: #
90: # Be sure to understand the security implications of SNMPv2 - the community
91: # strings are readable on the wire!
92: #
93: begemotSnmpdCommunityString.0.1 = $(read)
94: # begemotSnmpdCommunityString.0.2 = $(write)
95: begemotSnmpdCommunityDisable = 1
96:
97: # open standard SNMP ports
98: begemotSnmpdPortStatus.0.0.0.0.161 = 1
99:
100: # open a unix domain socket
101: begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
102: begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
103:
104: # send traps to the traphost
105: begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
106: begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
107: begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
108:
109: sysContact = $(contact)
110: sysLocation = $(location)
111: sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system)
112:
113: snmpEnableAuthenTraps = 2
114:
115: #
1.2 misho 116: # SNMPv3 User-based security module - must be loaded for SNMPv3 USM
117: #
118: #begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"
119:
120: #
121: # SNMPv3 USM User definition.
122: #
123:
124: #%usm
125:
126: #
127: # The following block creates a user with name "bsnmp" and sets privacy
128: # and encryption options to SHA256 message digests and AES encryption
129: # for this user.
130: #
131: # usmUserStatus.$(engine).$(user1) = 5
132: # usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
133: # usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
134: # usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
135: # usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
136: # usmUserStatus.$(engine).$(user1) = 1
137: #
138:
139: #
140: # The following block creates a user with name "public" with no authentication
141: # or encryption options.
142: #
143: # usmUserStatus.$(engine).$(read) = 5
144: # usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
145: # usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
146: # usmUserStatus.$(engine).$(read) = 1
147: #
148:
149: #
150: # SNMPv3 View-based Access Control module
151: #
152: #begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"
153:
154: #
155: # Definition of view-based access control entries.
156: #
157: #%vacm
158:
159: # Definition of a SNMPv1 group
160: # vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
161: # vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
162:
163: # Definition of SNMPv2 group
164: # vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
165: # vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
166:
167: # Definition of SNMPv3 group with users "bsnmp" and "public"
168: # vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
169: # vacmGroupName.$(securityModelUSM).$(user1) = $(write)
170: # vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
171: # vacmGroupName.$(securityModelUSM).$(read) = $(write)
172:
173: #
174: # The OID of the .iso.org.dod.internet subtree
175: #
176: # internetoid := 1.3.6.1
177: # internetoidlen := 4
178:
179: #
180: # Definitions of two views
181: #
182: # vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
183: # vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4
184:
185: #
186: # Access control
187: #
188:
189: #
190: # Read-only access for SNMPv1 users
191: #
192: # vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
193: # vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
194:
195: #
196: # Read-write access for SNMPv2 users
197: #
198: # vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
199: # vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
200: # vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
201:
202: #
203: # Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
204: #
205: # vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
206: # vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
207: # vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
208: # vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
209:
210: #
211: #Read-write-notify access to restricted for SNMPv3 USM users with authPriv
212: #
213: # vacmAccessStatus.$(write)."".3.$(authPriv) = 4
214: # vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted"
215: # vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted"
216: # vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted"
217:
218: #
219: # SNMPv3 Notification Targets
220: #
221: # begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so"
222:
223: #%target
224: # Send notifications to target tag "test"
225: # tag := "test"
226: # snmpNotifyRowStatus.$(tag) = 4
227: # snmpNotifyTag.$(tag) = $(tag)
228:
229: # tagremote := "testremote"
230: # snmpNotifyRowStatus.$(tagremote) = 4
231: # snmpNotifyTag.$(tagremote) = $(tagremote)
232:
233: #
234: # Specify the target parameters for the notifications - send with the credentials
235: # of user "bsnmp"
236: #
237: # snmpTargetParamsRowStatus.$(tag) = 5
238: # snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
239: # snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
240: # snmpTargetParamsSecurityName.$(tag) = $(user1)
241: # snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
242: # snmpTargetParamsRowStatus.$(tag) = 1
243:
244: #
245: # Define the notifications' target address - port 162 on localhost
246: #
247: # snmpTargetAddrRowStatus.$(tag) = 5
248: # snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
249: # snmpTargetAddrTagList.$(tag) = "test notification"
250: # snmpTargetAddrParams.$(tag) = $(tag)
251: # snmpTargetAddrRowStatus.$(tag) = 1
252:
253: #
254: # Define the notifications' target address - port 162 on 10.0.0.1
255: #
256: # snmpTargetAddrRowStatus.$(tagremote) = 5
257: # snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
258: # snmpTargetAddrTagList.$(tagremote) = $(tagremote)
259: # snmpTargetAddrParams.$(tagremote) = $(tag)
260: # snmpTargetAddrRowStatus.$(tagremote) = 1
261:
262: #
1.1 misho 263: # Load MIB-2 module
264: #
1.2 misho 265: begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so"
1.1 misho 266:
267: # Force a polling rate for the 64-bit interface counters in case
268: # the automatic computation is wrong (which may be the case if an interface
269: # announces the wrong bit rate via its MIB).
270: #%mibII
271: #begemotIfForcePoll = 2000
272:
1.2 misho 273:
1.1 misho 274: # Netgraph module
275: #
1.2 misho 276: #begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
1.1 misho 277: #
278: #%netgraph
279: #begemotNgControlNodeName = "snmpd"
280:
281: #
282: # pf(4) module
283: #
1.2 misho 284: #begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so"
1.1 misho 285:
286: #
287: # Host resources module
288: # This requires the mibII module.
289: #
1.2 misho 290: #begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
1.1 misho 291:
292: #
293: # Bridge module
294: # This requires the mibII module.
295: #
1.2 misho 296: #begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
1.1 misho 297:
298: #
299: # Wireless module
300: # This requires the mibII module.
301: #
1.2 misho 302: #begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to snmpd.config CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / elwix / config / etc / default