Annotation of elwix/config/etc/uboot/snmpd.config, revision 1.2

1.2     ! misho       1: # $FreeBSD: src/etc/snmpd.config,v 1.14 2012/11/17 01:49:02 svnexp Exp $
        !             2: #
        !             3: # Example configuration file for bsnmpd(1).
        !             4: #
        !             5: 
        !             6: #
        !             7: # Set some common variables
        !             8: #
        !             9: location := "Room 200"
        !            10: contact := "sysmeister@elwix.org"
        !            11: system := 1    # FreeBSD
        !            12: traphost := localhost
        !            13: trapport := 162
        !            14: 
        !            15: #
        !            16: # Set the SNMP engine ID.
        !            17: #
        !            18: # The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
        !            19: # this configuration file, an ID is assigned based on the value of the
        !            20: # kern.hostid variable
        !            21: # engine := 0x80:0x10:0x08:0x10:0x80:0x25
        !            22: # snmpEngineID = $(engine)
        !            23: 
        !            24: # Change this!
        !            25: read := "public"
        !            26: # Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
        !            27: # string to enable write access.
        !            28: write := "geheim"
        !            29: trap := "mytrap"
        !            30: 
        !            31: #
        !            32: # Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
        !            33: #
        !            34: 
        !            35: NoAuthProtocol         := 1.3.6.1.6.3.10.1.1.1
        !            36: HMACMD5AuthProtocol    := 1.3.6.1.6.3.10.1.1.2
        !            37: HMACSHAAuthProtocol    := 1.3.6.1.6.3.10.1.1.3
        !            38: NoPrivProtocol         := 1.3.6.1.6.3.10.1.2.1
        !            39: DESPrivProtocol                := 1.3.6.1.6.3.10.1.2.2
        !            40: AesCfb128Protocol      := 1.3.6.1.6.3.10.1.2.4
        !            41: 
        !            42: #
        !            43: # Enumerations from SNMP-FRAMEWORK-MIB
        !            44: #
        !            45: 
        !            46: # Security models
        !            47: securityModelAny       := 0
        !            48: securityModelSNMPv1    := 1
        !            49: securityModelSNMPv2c   := 2
        !            50: securityModelUSM       := 3
        !            51: 
        !            52: # Message Processing models
        !            53: MPmodelSNMPv1          := 0
        !            54: MPmodelSNMPv2c         := 1
        !            55: MPmodelSNMPv3          := 3
        !            56: 
        !            57: # Security levels
        !            58: noAuthNoPriv := 1
        !            59: authNoPriv := 2
        !            60: authPriv := 3
        !            61: 
        !            62: 
        !            63: # SNMPv3 USM User definition
        !            64: #
        !            65: # The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
        !            66: # SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
        !            67: # 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
        !            68: # usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
        !            69: # with a private password "bsnmptest", localized for the above engine ID.
        !            70: #
        !            71: #user1 := "bsnmp"
        !            72: #user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
        !            73: 
        !            74: #
        !            75: # Configuration
        !            76: #
        !            77: %snmpd
        !            78: begemotSnmpdDebugDumpPdus      = 2
        !            79: begemotSnmpdDebugSyslogPri     = 7
        !            80: 
        !            81: #
        !            82: # Set the read and write communities.
        !            83: #
        !            84: # The default value of the community strings is NULL (note, that this is
        !            85: # different from the empty string). This disables both read and write access.
        !            86: # To enable read access only the read community string must be set. Setting
        !            87: # the write community string enables both read and write access with that
        !            88: # string.
        !            89: #
        !            90: # Be sure to understand the security implications of SNMPv2 - the community
        !            91: # strings are readable on the wire!
        !            92: #
        !            93: begemotSnmpdCommunityString.0.1        = $(read)
        !            94: # begemotSnmpdCommunityString.0.2      = $(write)
        !            95: begemotSnmpdCommunityDisable   = 1
        !            96: 
        !            97: # open standard SNMP ports
        !            98: begemotSnmpdPortStatus.0.0.0.0.161 = 1
        !            99: 
        !           100: # open a unix domain socket
        !           101: begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
        !           102: begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
        !           103: 
        !           104: # send traps to the traphost
        !           105: begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
        !           106: begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
        !           107: begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
        !           108: 
        !           109: sysContact     = $(contact)
        !           110: sysLocation    = $(location)
        !           111: sysObjectId    = 1.3.6.1.4.1.12325.1.1.2.1.$(system)
        !           112: 
        !           113: snmpEnableAuthenTraps = 2
        !           114: 
        !           115: #
        !           116: # SNMPv3 User-based security module - must be loaded for SNMPv3 USM
        !           117: #
        !           118: #begemotSnmpdModulePath."usm"  = "/usr/lib/snmp_usm.so"
        !           119: 
        !           120: #
        !           121: # SNMPv3 USM User definition.
        !           122: #
        !           123: 
        !           124: #%usm
        !           125: 
        !           126: #
        !           127: # The following block creates a user with name "bsnmp" and sets privacy
        !           128: # and encryption options to SHA256 message digests and AES encryption
        !           129: # for this user.
        !           130: # 
        !           131: # usmUserStatus.$(engine).$(user1) = 5
        !           132: # usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
        !           133: # usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
        !           134: # usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
        !           135: # usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
        !           136: # usmUserStatus.$(engine).$(user1) = 1
        !           137: #
        !           138: 
        !           139: #
        !           140: # The following block creates a user with name "public" with no authentication
        !           141: # or encryption options.
        !           142: #
        !           143: # usmUserStatus.$(engine).$(read) = 5
        !           144: # usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
        !           145: # usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
        !           146: # usmUserStatus.$(engine).$(read) = 1
        !           147: #
        !           148: 
        !           149: #
        !           150: # SNMPv3 View-based Access Control module
        !           151: #
        !           152: #begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"
        !           153: 
        !           154: #
        !           155: # Definition of view-based access control entries.
        !           156: #
        !           157: #%vacm
        !           158: 
        !           159: # Definition of a SNMPv1 group
        !           160: # vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
        !           161: # vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
        !           162: 
        !           163: # Definition of SNMPv2 group
        !           164: # vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
        !           165: # vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
        !           166: 
        !           167: # Definition of SNMPv3 group with users "bsnmp" and "public"
        !           168: # vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
        !           169: # vacmGroupName.$(securityModelUSM).$(user1) = $(write)
        !           170: # vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
        !           171: # vacmGroupName.$(securityModelUSM).$(read) = $(write)
        !           172: 
        !           173: # 
        !           174: # The OID of the .iso.org.dod.internet subtree
        !           175: #
        !           176: # internetoid := 1.3.6.1
        !           177: # internetoidlen := 4
        !           178: 
        !           179: #
        !           180: # Definitions of two views
        !           181: #
        !           182: # vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
        !           183: # vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4
        !           184: 
        !           185: #
        !           186: # Access control
        !           187: #
        !           188: 
        !           189: #
        !           190: # Read-only access for SNMPv1 users
        !           191: #
        !           192: # vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
        !           193: # vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
        !           194: 
        !           195: #
        !           196: # Read-write access for SNMPv2 users 
        !           197: #
        !           198: # vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
        !           199: # vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
        !           200: # vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
        !           201: 
        !           202: #
        !           203: # Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
        !           204: #
        !           205: # vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
        !           206: # vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
        !           207: # vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
        !           208: # vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
        !           209: 
        !           210: #
        !           211: #Read-write-notify access to restricted for SNMPv3 USM users with authPriv
        !           212: #
        !           213: # vacmAccessStatus.$(write)."".3.$(authPriv) = 4
        !           214: # vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted"
        !           215: # vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted"
        !           216: # vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted"
        !           217: 
        !           218: #
        !           219: # SNMPv3 Notification Targets
        !           220: #
        !           221: # begemotSnmpdModulePath."target"      = "/usr/lib/snmp_target.so"
        !           222: 
        !           223: #%target
        !           224: # Send notifications to target tag "test"
        !           225: # tag          := "test"
        !           226: # snmpNotifyRowStatus.$(tag) = 4
        !           227: # snmpNotifyTag.$(tag) = $(tag)
        !           228: 
        !           229: # tagremote            := "testremote"
        !           230: # snmpNotifyRowStatus.$(tagremote) = 4
        !           231: # snmpNotifyTag.$(tagremote) = $(tagremote)
        !           232: 
        !           233: #
        !           234: # Specify the target parameters for the notifications - send with the credentials
        !           235: # of user "bsnmp"
        !           236: #
        !           237: # snmpTargetParamsRowStatus.$(tag) = 5
        !           238: # snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
        !           239: # snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
        !           240: # snmpTargetParamsSecurityName.$(tag) = $(user1)
        !           241: # snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
        !           242: # snmpTargetParamsRowStatus.$(tag) = 1
        !           243: 
        !           244: #
        !           245: # Define the notifications' target address - port 162 on localhost
        !           246: #
        !           247: # snmpTargetAddrRowStatus.$(tag) = 5
        !           248: # snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
        !           249: # snmpTargetAddrTagList.$(tag) = "test notification"
        !           250: # snmpTargetAddrParams.$(tag) = $(tag)
        !           251: # snmpTargetAddrRowStatus.$(tag) = 1
        !           252: 
        !           253: #
        !           254: # Define the notifications' target address - port 162 on 10.0.0.1
        !           255: #
        !           256: # snmpTargetAddrRowStatus.$(tagremote) = 5
        !           257: # snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
        !           258: # snmpTargetAddrTagList.$(tagremote) = $(tagremote)
        !           259: # snmpTargetAddrParams.$(tagremote) = $(tag)
        !           260: # snmpTargetAddrRowStatus.$(tagremote) = 1
        !           261: 
        !           262: #
        !           263: # Load MIB-2 module
        !           264: #
        !           265: begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so"
        !           266: 
        !           267: # Force a polling rate for the 64-bit interface counters in case
        !           268: # the automatic computation is wrong (which may be the case if an interface
        !           269: # announces the wrong bit rate via its MIB).
        !           270: #%mibII
        !           271: #begemotIfForcePoll = 2000
        !           272: 
        !           273: 
        !           274: # Netgraph module
        !           275: #
        !           276: #begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
        !           277: #
        !           278: #%netgraph
        !           279: #begemotNgControlNodeName = "snmpd"
        !           280: 
        !           281: #
        !           282: # pf(4) module
        !           283: #
        !           284: #begemotSnmpdModulePath."pf"   = "/usr/lib/snmp_pf.so"
        !           285: 
        !           286: #
        !           287: # Host resources module
        !           288: #  This requires the mibII module.
        !           289: #
        !           290: #begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
        !           291: 
        !           292: #
        !           293: # Bridge module
        !           294: #  This requires the mibII module.
        !           295: #
        !           296: #begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
        !           297: 
        !           298: #
        !           299: # Wireless module
        !           300: #  This requires the mibII module.
        !           301: #
        !           302: #begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>