mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-26 19:03:48 +01:00
fadef92e14
the system. Together with lm75(4) this module allows easy temperature monitoring over SNMP, specially for embedded systems. Manual page reviewed by: brueffer (D128)
308 lines
8.5 KiB
Plaintext
308 lines
8.5 KiB
Plaintext
# $FreeBSD$
|
|
#
|
|
# Example configuration file for bsnmpd(1).
|
|
#
|
|
|
|
#
|
|
# Set some common variables
|
|
#
|
|
location := "Room 200"
|
|
contact := "sysmeister@example.com"
|
|
system := 1 # FreeBSD
|
|
traphost := localhost
|
|
trapport := 162
|
|
|
|
#
|
|
# Set the SNMP engine ID.
|
|
#
|
|
# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
|
|
# this configuration file, an ID is assigned based on the value of the
|
|
# kern.hostid variable
|
|
# engine := 0x80:0x10:0x08:0x10:0x80:0x25
|
|
# snmpEngineID = $(engine)
|
|
|
|
# Change this!
|
|
read := "public"
|
|
# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
|
|
# string to enable write access.
|
|
write := "geheim"
|
|
trap := "mytrap"
|
|
|
|
#
|
|
# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
|
|
#
|
|
|
|
NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1
|
|
HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2
|
|
HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3
|
|
NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1
|
|
DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2
|
|
AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4
|
|
|
|
#
|
|
# Enumerations from SNMP-FRAMEWORK-MIB
|
|
#
|
|
|
|
# Security models
|
|
securityModelAny := 0
|
|
securityModelSNMPv1 := 1
|
|
securityModelSNMPv2c := 2
|
|
securityModelUSM := 3
|
|
|
|
# Message Processing models
|
|
MPmodelSNMPv1 := 0
|
|
MPmodelSNMPv2c := 1
|
|
MPmodelSNMPv3 := 3
|
|
|
|
# Security levels
|
|
noAuthNoPriv := 1
|
|
authNoPriv := 2
|
|
authPriv := 3
|
|
|
|
|
|
# SNMPv3 USM User definition
|
|
#
|
|
# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
|
|
# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
|
|
# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
|
|
# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
|
|
# with a private password "bsnmptest", localized for the above engine ID.
|
|
#
|
|
#user1 := "bsnmp"
|
|
#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
|
|
|
|
#
|
|
# Configuration
|
|
#
|
|
%snmpd
|
|
begemotSnmpdDebugDumpPdus = 2
|
|
begemotSnmpdDebugSyslogPri = 7
|
|
|
|
#
|
|
# Set the read and write communities.
|
|
#
|
|
# The default value of the community strings is NULL (note, that this is
|
|
# different from the empty string). This disables both read and write access.
|
|
# To enable read access only the read community string must be set. Setting
|
|
# the write community string enables both read and write access with that
|
|
# string.
|
|
#
|
|
# Be sure to understand the security implications of SNMPv2 - the community
|
|
# strings are readable on the wire!
|
|
#
|
|
begemotSnmpdCommunityString.0.1 = $(read)
|
|
# begemotSnmpdCommunityString.0.2 = $(write)
|
|
begemotSnmpdCommunityDisable = 1
|
|
|
|
# open standard SNMP ports
|
|
begemotSnmpdPortStatus.0.0.0.0.161 = 1
|
|
|
|
# open a unix domain socket
|
|
begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
|
|
begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
|
|
|
|
# send traps to the traphost
|
|
begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
|
|
begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
|
|
begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
|
|
|
|
sysContact = $(contact)
|
|
sysLocation = $(location)
|
|
sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system)
|
|
|
|
snmpEnableAuthenTraps = 2
|
|
|
|
#
|
|
# SNMPv3 User-based security module - must be loaded for SNMPv3 USM
|
|
#
|
|
#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"
|
|
|
|
#
|
|
# SNMPv3 USM User definition.
|
|
#
|
|
|
|
#%usm
|
|
|
|
#
|
|
# The following block creates a user with name "bsnmp" and sets privacy
|
|
# and encryption options to SHA256 message digests and AES encryption
|
|
# for this user.
|
|
#
|
|
# usmUserStatus.$(engine).$(user1) = 5
|
|
# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
|
|
# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
|
|
# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
|
|
# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
|
|
# usmUserStatus.$(engine).$(user1) = 1
|
|
#
|
|
|
|
#
|
|
# The following block creates a user with name "public" with no authentication
|
|
# or encryption options.
|
|
#
|
|
# usmUserStatus.$(engine).$(read) = 5
|
|
# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
|
|
# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
|
|
# usmUserStatus.$(engine).$(read) = 1
|
|
#
|
|
|
|
#
|
|
# SNMPv3 View-based Access Control module
|
|
#
|
|
#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"
|
|
|
|
#
|
|
# Definition of view-based access control entries.
|
|
#
|
|
#%vacm
|
|
|
|
# Definition of a SNMPv1 group
|
|
# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
|
|
# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
|
|
|
|
# Definition of SNMPv2 group
|
|
# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
|
|
# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
|
|
|
|
# Definition of SNMPv3 group with users "bsnmp" and "public"
|
|
# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
|
|
# vacmGroupName.$(securityModelUSM).$(user1) = $(write)
|
|
# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
|
|
# vacmGroupName.$(securityModelUSM).$(read) = $(write)
|
|
|
|
#
|
|
# The OID of the .iso.org.dod.internet subtree
|
|
#
|
|
# internetoid := 1.3.6.1
|
|
# internetoidlen := 4
|
|
|
|
#
|
|
# Definitions of two views
|
|
#
|
|
# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
|
|
# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4
|
|
|
|
#
|
|
# Access control
|
|
#
|
|
|
|
#
|
|
# Read-only access for SNMPv1 users
|
|
#
|
|
# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
|
|
# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
|
|
|
|
#
|
|
# Read-write access for SNMPv2 users
|
|
#
|
|
# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
|
|
# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
|
|
# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
|
|
|
|
#
|
|
# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
|
|
#
|
|
# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
|
|
# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
|
|
# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
|
|
# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
|
|
|
|
#
|
|
#Read-write-notify access to restricted for SNMPv3 USM users with authPriv
|
|
#
|
|
# vacmAccessStatus.$(write)."".3.$(authPriv) = 4
|
|
# vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted"
|
|
# vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted"
|
|
# vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted"
|
|
|
|
#
|
|
# SNMPv3 Notification Targets
|
|
#
|
|
# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so"
|
|
|
|
#%target
|
|
# Send notifications to target tag "test"
|
|
# tag := "test"
|
|
# snmpNotifyRowStatus.$(tag) = 4
|
|
# snmpNotifyTag.$(tag) = $(tag)
|
|
|
|
# tagremote := "testremote"
|
|
# snmpNotifyRowStatus.$(tagremote) = 4
|
|
# snmpNotifyTag.$(tagremote) = $(tagremote)
|
|
|
|
#
|
|
# Specify the target parameters for the notifications - send with the credentials
|
|
# of user "bsnmp"
|
|
#
|
|
# snmpTargetParamsRowStatus.$(tag) = 5
|
|
# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
|
|
# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
|
|
# snmpTargetParamsSecurityName.$(tag) = $(user1)
|
|
# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
|
|
# snmpTargetParamsRowStatus.$(tag) = 1
|
|
|
|
#
|
|
# Define the notifications' target address - port 162 on localhost
|
|
#
|
|
# snmpTargetAddrRowStatus.$(tag) = 5
|
|
# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
|
|
# snmpTargetAddrTagList.$(tag) = "test notification"
|
|
# snmpTargetAddrParams.$(tag) = $(tag)
|
|
# snmpTargetAddrRowStatus.$(tag) = 1
|
|
|
|
#
|
|
# Define the notifications' target address - port 162 on 10.0.0.1
|
|
#
|
|
# snmpTargetAddrRowStatus.$(tagremote) = 5
|
|
# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
|
|
# snmpTargetAddrTagList.$(tagremote) = $(tagremote)
|
|
# snmpTargetAddrParams.$(tagremote) = $(tag)
|
|
# snmpTargetAddrRowStatus.$(tagremote) = 1
|
|
|
|
#
|
|
# Load MIB-2 module
|
|
#
|
|
begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so"
|
|
|
|
# Force a polling rate for the 64-bit interface counters in case
|
|
# the automatic computation is wrong (which may be the case if an interface
|
|
# announces the wrong bit rate via its MIB).
|
|
#%mibII
|
|
#begemotIfForcePoll = 2000
|
|
|
|
|
|
# Netgraph module
|
|
#
|
|
#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
|
|
#
|
|
#%netgraph
|
|
#begemotNgControlNodeName = "snmpd"
|
|
|
|
#
|
|
# LM75 Sensor module
|
|
#
|
|
#begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so"
|
|
|
|
#
|
|
# pf(4) module
|
|
#
|
|
#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so"
|
|
|
|
#
|
|
# Host resources module
|
|
# This requires the mibII module.
|
|
#
|
|
#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
|
|
|
|
#
|
|
# Bridge module
|
|
# This requires the mibII module.
|
|
#
|
|
#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
|
|
|
|
#
|
|
# Wireless module
|
|
# This requires the mibII module.
|
|
#
|
|
#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"
|