HardenedBSD/etc/snmpd.config
loos fadef92e14 Adds the bsnmp module to export the temperature data from lm75 sensors on
the system.

Together with lm75(4) this module allows easy temperature monitoring over
SNMP, specially for embedded systems.

Manual page reviewed by:        brueffer (D128)
2014-06-01 03:14:03 +00:00

308 lines
8.5 KiB
Plaintext

# $FreeBSD$
#
# Example configuration file for bsnmpd(1).
#
#
# Set some common variables
#
location := "Room 200"
contact := "sysmeister@example.com"
system := 1 # FreeBSD
traphost := localhost
trapport := 162
#
# Set the SNMP engine ID.
#
# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
# this configuration file, an ID is assigned based on the value of the
# kern.hostid variable
# engine := 0x80:0x10:0x08:0x10:0x80:0x25
# snmpEngineID = $(engine)
# Change this!
read := "public"
# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
# string to enable write access.
write := "geheim"
trap := "mytrap"
#
# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
#
NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1
HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2
HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3
NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1
DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2
AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4
#
# Enumerations from SNMP-FRAMEWORK-MIB
#
# Security models
securityModelAny := 0
securityModelSNMPv1 := 1
securityModelSNMPv2c := 2
securityModelUSM := 3
# Message Processing models
MPmodelSNMPv1 := 0
MPmodelSNMPv2c := 1
MPmodelSNMPv3 := 3
# Security levels
noAuthNoPriv := 1
authNoPriv := 2
authPriv := 3
# SNMPv3 USM User definition
#
# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
# with a private password "bsnmptest", localized for the above engine ID.
#
#user1 := "bsnmp"
#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
#
# Configuration
#
%snmpd
begemotSnmpdDebugDumpPdus = 2
begemotSnmpdDebugSyslogPri = 7
#
# Set the read and write communities.
#
# The default value of the community strings is NULL (note, that this is
# different from the empty string). This disables both read and write access.
# To enable read access only the read community string must be set. Setting
# the write community string enables both read and write access with that
# string.
#
# Be sure to understand the security implications of SNMPv2 - the community
# strings are readable on the wire!
#
begemotSnmpdCommunityString.0.1 = $(read)
# begemotSnmpdCommunityString.0.2 = $(write)
begemotSnmpdCommunityDisable = 1
# open standard SNMP ports
begemotSnmpdPortStatus.0.0.0.0.161 = 1
# open a unix domain socket
begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
# send traps to the traphost
begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
sysContact = $(contact)
sysLocation = $(location)
sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system)
snmpEnableAuthenTraps = 2
#
# SNMPv3 User-based security module - must be loaded for SNMPv3 USM
#
#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"
#
# SNMPv3 USM User definition.
#
#%usm
#
# The following block creates a user with name "bsnmp" and sets privacy
# and encryption options to SHA256 message digests and AES encryption
# for this user.
#
# usmUserStatus.$(engine).$(user1) = 5
# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
# usmUserStatus.$(engine).$(user1) = 1
#
#
# The following block creates a user with name "public" with no authentication
# or encryption options.
#
# usmUserStatus.$(engine).$(read) = 5
# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
# usmUserStatus.$(engine).$(read) = 1
#
#
# SNMPv3 View-based Access Control module
#
#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"
#
# Definition of view-based access control entries.
#
#%vacm
# Definition of a SNMPv1 group
# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
# Definition of SNMPv2 group
# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
# Definition of SNMPv3 group with users "bsnmp" and "public"
# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
# vacmGroupName.$(securityModelUSM).$(user1) = $(write)
# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
# vacmGroupName.$(securityModelUSM).$(read) = $(write)
#
# The OID of the .iso.org.dod.internet subtree
#
# internetoid := 1.3.6.1
# internetoidlen := 4
#
# Definitions of two views
#
# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4
#
# Access control
#
#
# Read-only access for SNMPv1 users
#
# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
#
# Read-write access for SNMPv2 users
#
# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
#
# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
#
# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
#
#Read-write-notify access to restricted for SNMPv3 USM users with authPriv
#
# vacmAccessStatus.$(write)."".3.$(authPriv) = 4
# vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted"
# vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted"
# vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted"
#
# SNMPv3 Notification Targets
#
# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so"
#%target
# Send notifications to target tag "test"
# tag := "test"
# snmpNotifyRowStatus.$(tag) = 4
# snmpNotifyTag.$(tag) = $(tag)
# tagremote := "testremote"
# snmpNotifyRowStatus.$(tagremote) = 4
# snmpNotifyTag.$(tagremote) = $(tagremote)
#
# Specify the target parameters for the notifications - send with the credentials
# of user "bsnmp"
#
# snmpTargetParamsRowStatus.$(tag) = 5
# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
# snmpTargetParamsSecurityName.$(tag) = $(user1)
# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
# snmpTargetParamsRowStatus.$(tag) = 1
#
# Define the notifications' target address - port 162 on localhost
#
# snmpTargetAddrRowStatus.$(tag) = 5
# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
# snmpTargetAddrTagList.$(tag) = "test notification"
# snmpTargetAddrParams.$(tag) = $(tag)
# snmpTargetAddrRowStatus.$(tag) = 1
#
# Define the notifications' target address - port 162 on 10.0.0.1
#
# snmpTargetAddrRowStatus.$(tagremote) = 5
# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
# snmpTargetAddrTagList.$(tagremote) = $(tagremote)
# snmpTargetAddrParams.$(tagremote) = $(tag)
# snmpTargetAddrRowStatus.$(tagremote) = 1
#
# Load MIB-2 module
#
begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so"
# Force a polling rate for the 64-bit interface counters in case
# the automatic computation is wrong (which may be the case if an interface
# announces the wrong bit rate via its MIB).
#%mibII
#begemotIfForcePoll = 2000
# Netgraph module
#
#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
#
#%netgraph
#begemotNgControlNodeName = "snmpd"
#
# LM75 Sensor module
#
#begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so"
#
# pf(4) module
#
#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so"
#
# Host resources module
# This requires the mibII module.
#
#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
#
# Bridge module
# This requires the mibII module.
#
#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
#
# Wireless module
# This requires the mibII module.
#
#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"