Annotation of elwix/config/etc/default/snmpd.config, revision 1.4
1.4 ! misho 1: # $FreeBSD: head/etc/snmpd.config 311601 2017-01-07 09:03:40Z ngie $
1.1 misho 2: #
3: # Example configuration file for bsnmpd(1).
4: #
5:
6: #
7: # Set some common variables
8: #
1.3 misho 9: location := "ELWIX"
1.1 misho 10: contact := "sysmeister@elwix.org"
11: system := 1 # FreeBSD
12: traphost := localhost
13: trapport := 162
14:
1.2 misho 15: #
16: # Set the SNMP engine ID.
17: #
18: # The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
19: # this configuration file, an ID is assigned based on the value of the
20: # kern.hostid variable
21: # engine := 0x80:0x10:0x08:0x10:0x80:0x25
22: # snmpEngineID = $(engine)
23:
1.1 misho 24: # Change this!
1.3 misho 25: read := "elwix"
1.1 misho 26: # Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
27: # string to enable write access.
1.3 misho 28: write := "31w1x"
29: trap := "ELWIX"
1.1 misho 30:
31: #
1.2 misho 32: # Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
33: #
34:
35: NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1
36: HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2
37: HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3
38: NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1
39: DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2
40: AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4
41:
42: #
43: # Enumerations from SNMP-FRAMEWORK-MIB
44: #
45:
46: # Security models
47: securityModelAny := 0
48: securityModelSNMPv1 := 1
49: securityModelSNMPv2c := 2
50: securityModelUSM := 3
51:
52: # Message Processing models
53: MPmodelSNMPv1 := 0
54: MPmodelSNMPv2c := 1
55: MPmodelSNMPv3 := 3
56:
57: # Security levels
58: noAuthNoPriv := 1
59: authNoPriv := 2
60: authPriv := 3
61:
62:
63: # SNMPv3 USM User definition
64: #
65: # The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
66: # SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
67: # 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
68: # usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
69: # with a private password "bsnmptest", localized for the above engine ID.
70: #
71: #user1 := "bsnmp"
72: #user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
73:
74: #
1.1 misho 75: # Configuration
76: #
77: %snmpd
78: begemotSnmpdDebugDumpPdus = 2
79: begemotSnmpdDebugSyslogPri = 7
80:
81: #
82: # Set the read and write communities.
83: #
84: # The default value of the community strings is NULL (note, that this is
85: # different from the empty string). This disables both read and write access.
86: # To enable read access only the read community string must be set. Setting
87: # the write community string enables both read and write access with that
88: # string.
89: #
90: # Be sure to understand the security implications of SNMPv2 - the community
91: # strings are readable on the wire!
92: #
93: begemotSnmpdCommunityString.0.1 = $(read)
94: # begemotSnmpdCommunityString.0.2 = $(write)
95: begemotSnmpdCommunityDisable = 1
96:
97: # open standard SNMP ports
98: begemotSnmpdPortStatus.0.0.0.0.161 = 1
99:
100: # open a unix domain socket
101: begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
102: begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
103:
104: # send traps to the traphost
105: begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
106: begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
107: begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
108:
109: sysContact = $(contact)
110: sysLocation = $(location)
111: sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system)
112:
113: snmpEnableAuthenTraps = 2
114:
1.4 ! misho 115: # Uncomment `begemotSnmpdModulePath.".." = ".."' entries below to enable
! 116: # modules
! 117:
! 118: #
! 119: # Control configuration for the modules in the module specific sections, e.g.
! 120: # the "usm" module (begemotSnmpdModulePath."usm") can be controlled in the
! 121: # %usm specific section. You must uncomment the section specific header in
! 122: # order to use the enclosed variables, e.g. `usmUserStatus.$(engine).$(user1)`
! 123: # can only be used if %usm is uncommented.
! 124: #
! 125: # Modules are loaded in the order listed, so they must be before any
! 126: # dependent modules, e.g. "mibII" vs "bridge".
! 127: #
! 128:
! 129: #
! 130: # MIB-2 module
! 131: #
! 132: begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so"
! 133:
! 134: #
! 135: # Bridge module
! 136: # This requires the mibII module.
! 137: #
! 138: #begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
! 139:
! 140: #
! 141: # Host resources module
! 142: # This requires the mibII module.
! 143: #
! 144: #begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
! 145:
! 146: #
! 147: # LM75 Sensor module
! 148: #
! 149: #begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so"
! 150:
! 151: #
! 152: # Netgraph module
! 153: #
! 154: #begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
! 155:
! 156: #
! 157: # pf(4) module
! 158: #
! 159: #begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so"
! 160:
! 161: #
! 162: # SNMPv3 Notification Targets
! 163: #
! 164: # begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so"
! 165:
1.1 misho 166: #
1.2 misho 167: # SNMPv3 User-based security module - must be loaded for SNMPv3 USM
168: #
169: #begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"
170:
171: #
1.4 ! misho 172: # SNMPv3 View-based Access Control module
! 173: #
! 174: #begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"
! 175:
! 176: #
! 177: # Wireless module
! 178: # This requires the mibII module.
! 179: #
! 180: #begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"
! 181:
! 182: #
1.2 misho 183: # SNMPv3 USM User definition.
184: #
185:
186: #%usm
187:
188: #
189: # The following block creates a user with name "bsnmp" and sets privacy
190: # and encryption options to SHA256 message digests and AES encryption
191: # for this user.
1.4 ! misho 192: #
1.2 misho 193: # usmUserStatus.$(engine).$(user1) = 5
194: # usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
195: # usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
196: # usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
197: # usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
198: # usmUserStatus.$(engine).$(user1) = 1
199: #
200:
201: #
202: # The following block creates a user with name "public" with no authentication
203: # or encryption options.
204: #
205: # usmUserStatus.$(engine).$(read) = 5
206: # usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
207: # usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
208: # usmUserStatus.$(engine).$(read) = 1
209: #
210:
211: #
212: # Definition of view-based access control entries.
213: #
214: #%vacm
215:
216: # Definition of a SNMPv1 group
217: # vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
218: # vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
219:
220: # Definition of SNMPv2 group
221: # vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
222: # vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
223:
224: # Definition of SNMPv3 group with users "bsnmp" and "public"
225: # vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
226: # vacmGroupName.$(securityModelUSM).$(user1) = $(write)
227: # vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
228: # vacmGroupName.$(securityModelUSM).$(read) = $(write)
229:
1.4 ! misho 230: #
1.2 misho 231: # The OID of the .iso.org.dod.internet subtree
232: #
233: # internetoid := 1.3.6.1
234: # internetoidlen := 4
235:
236: #
237: # Definitions of two views
238: #
239: # vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
240: # vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4
241:
242: #
243: # Access control
244: #
245:
246: #
247: # Read-only access for SNMPv1 users
248: #
249: # vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
250: # vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
251:
252: #
1.4 ! misho 253: # Read-write access for SNMPv2 users
1.2 misho 254: #
255: # vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
256: # vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
257: # vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
258:
259: #
260: # Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
261: #
262: # vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
263: # vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
264: # vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
265: # vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
266:
267: #
268: #Read-write-notify access to restricted for SNMPv3 USM users with authPriv
269: #
1.4 ! misho 270: # vacmAccessStatus.$(write)."".$(securityModelUSM).$(authPriv) = 4
! 271: # vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
! 272: # vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
! 273: # vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
1.2 misho 274:
275: #%target
276: # Send notifications to target tag "test"
277: # tag := "test"
278: # snmpNotifyRowStatus.$(tag) = 4
279: # snmpNotifyTag.$(tag) = $(tag)
280:
281: # tagremote := "testremote"
282: # snmpNotifyRowStatus.$(tagremote) = 4
283: # snmpNotifyTag.$(tagremote) = $(tagremote)
284:
285: #
286: # Specify the target parameters for the notifications - send with the credentials
287: # of user "bsnmp"
288: #
289: # snmpTargetParamsRowStatus.$(tag) = 5
290: # snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
291: # snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
292: # snmpTargetParamsSecurityName.$(tag) = $(user1)
293: # snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
294: # snmpTargetParamsRowStatus.$(tag) = 1
295:
296: #
297: # Define the notifications' target address - port 162 on localhost
298: #
299: # snmpTargetAddrRowStatus.$(tag) = 5
300: # snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
301: # snmpTargetAddrTagList.$(tag) = "test notification"
302: # snmpTargetAddrParams.$(tag) = $(tag)
303: # snmpTargetAddrRowStatus.$(tag) = 1
304:
305: #
306: # Define the notifications' target address - port 162 on 10.0.0.1
307: #
308: # snmpTargetAddrRowStatus.$(tagremote) = 5
309: # snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
310: # snmpTargetAddrTagList.$(tagremote) = $(tagremote)
311: # snmpTargetAddrParams.$(tagremote) = $(tag)
312: # snmpTargetAddrRowStatus.$(tagremote) = 1
313:
1.1 misho 314: # Force a polling rate for the 64-bit interface counters in case
315: # the automatic computation is wrong (which may be the case if an interface
316: # announces the wrong bit rate via its MIB).
317: #%mibII
318: #begemotIfForcePoll = 2000
319:
320: #%netgraph
321: #begemotNgControlNodeName = "snmpd"
322:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to snmpd.config CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / elwix / config / etc / default