1f06ca4afSHartmut Brandt# 2f06ca4afSHartmut Brandt# Copyright (c) 2001-2003 3f06ca4afSHartmut Brandt# Fraunhofer Institute for Open Communication Systems (FhG Fokus). 4f06ca4afSHartmut Brandt# All rights reserved. 5f06ca4afSHartmut Brandt# 6f06ca4afSHartmut Brandt# Author: Harti Brandt <harti@freebsd.org> 7f06ca4afSHartmut Brandt# 8896052c1SHartmut Brandt# Redistribution and use in source and binary forms, with or without 9896052c1SHartmut Brandt# modification, are permitted provided that the following conditions 10896052c1SHartmut Brandt# are met: 11896052c1SHartmut Brandt# 1. Redistributions of source code must retain the above copyright 12896052c1SHartmut Brandt# notice, this list of conditions and the following disclaimer. 13f06ca4afSHartmut Brandt# 2. Redistributions in binary form must reproduce the above copyright 14f06ca4afSHartmut Brandt# notice, this list of conditions and the following disclaimer in the 15f06ca4afSHartmut Brandt# documentation and/or other materials provided with the distribution. 16f06ca4afSHartmut Brandt# 17896052c1SHartmut Brandt# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18896052c1SHartmut Brandt# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19896052c1SHartmut Brandt# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20896052c1SHartmut Brandt# ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 21896052c1SHartmut Brandt# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22896052c1SHartmut Brandt# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23896052c1SHartmut Brandt# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24896052c1SHartmut Brandt# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25896052c1SHartmut Brandt# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26896052c1SHartmut Brandt# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27896052c1SHartmut Brandt# SUCH DAMAGE. 28f06ca4afSHartmut Brandt# 29748b5b1eSHartmut Brandt# $Begemot: bsnmp/snmpd/snmpd.config,v 1.16 2006/02/14 09:04:20 brandt_h Exp $ 30f06ca4afSHartmut Brandt# 31*0bf56da3SHartmut Brandt# Example configuration file for testing. 32f06ca4afSHartmut Brandt# 33f06ca4afSHartmut Brandt 34f06ca4afSHartmut Brandt# 35f06ca4afSHartmut Brandt# Set some common variables 36f06ca4afSHartmut Brandt# 37f06ca4afSHartmut Brandthost := foo.bar.com 38f06ca4afSHartmut Brandtlocation := "Room 200" 39f06ca4afSHartmut Brandtcontact := "sysmeister@bar.com" 40f06ca4afSHartmut Brandtsystem := 1 # FreeBSD 41*0bf56da3SHartmut Brandttraphost := localhost 42f06ca4afSHartmut Brandttrapport := 162 43f06ca4afSHartmut Brandt 44f06ca4afSHartmut Brandtread := "public" 45*0bf56da3SHartmut Brandtwrite := "geheim" # take care - this allows writing 46f06ca4afSHartmut Brandttrap := "mytrap" 47f06ca4afSHartmut Brandt 48*0bf56da3SHartmut BrandtsecurityModelSNMPv1 := 1 49*0bf56da3SHartmut BrandtsecurityModelSNMPv2c := 2 50*0bf56da3SHartmut Brandt 51*0bf56da3SHartmut BrandtnoAuthNoPriv := 1 52*0bf56da3SHartmut Brandt 53f06ca4afSHartmut Brandt# 54f06ca4afSHartmut Brandt# Configuration 55f06ca4afSHartmut Brandt# 56f06ca4afSHartmut Brandt%snmpd 57f06ca4afSHartmut BrandtbegemotSnmpdDebugDumpPdus = 2 58f06ca4afSHartmut BrandtbegemotSnmpdDebugSyslogPri = 7 59*0bf56da3SHartmut BrandtbegemotSnmpdDebugSnmpTrace = 0 60f06ca4afSHartmut Brandt 61d4199d75SHartmut Brandt# 62*0bf56da3SHartmut Brandt# Set community strings. 63d4199d75SHartmut Brandt# 64*0bf56da3SHartmut Brandt# Each community string has a permission attached to it - 1 for read only 65*0bf56da3SHartmut Brandt# and 2 for read/write. Default is 1. Community strings must be unique. 66d4199d75SHartmut Brandt# 67d4199d75SHartmut Brandt# Be sure to understand the security implications of SNMPv2 - the community 68d4199d75SHartmut Brandt# strings are readable on the wire! 69d4199d75SHartmut Brandt# 70f06ca4afSHartmut BrandtbegemotSnmpdCommunityString.0.1 = $(read) 71*0bf56da3SHartmut BrandtbegemotSnmpdCommunityPermission.0.1 = 1 72d4199d75SHartmut Brandt#begemotSnmpdCommunityString.0.2 = $(write) 73*0bf56da3SHartmut Brandt#begemotSnmpdCommunityPermission.0.2 = 2 74f3afd27fSAndrey V. Elsukov#begemotSnmpdCommunityString.0.3 = "otherPublic" 75f06ca4afSHartmut BrandtbegemotSnmpdCommunityDisable = 1 76f06ca4afSHartmut Brandt 77f06ca4afSHartmut Brandt# open standard SNMP ports 78*0bf56da3SHartmut Brandt# 0.0.0.0:161 79*0bf56da3SHartmut BrandtbegemotSnmpdTransInetStatus.1.4.0.0.0.0.161.1 = 4 8004d17814SAndrey V. Elsukov 81*0bf56da3SHartmut Brandt# test the port table; IPv4 address 82*0bf56da3SHartmut Brandt# 127.0.0.1:10161 83*0bf56da3SHartmut BrandtbegemotSnmpdTransInetStatus.1.4.127.0.0.1.10161.1 = 4 8404d17814SAndrey V. Elsukov 85*0bf56da3SHartmut Brandt# test the port table; IPv6 address 86*0bf56da3SHartmut Brandt# ::1:10162 87*0bf56da3SHartmut BrandtbegemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.10162.1 = 4 88*0bf56da3SHartmut Brandt# :::10163 89*0bf56da3SHartmut BrandtbegemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.10163.1 = 4 90*0bf56da3SHartmut Brandt# fe80::1%1:10164 - requires inet fe80::1%em0/64 91*0bf56da3SHartmut BrandtbegemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.10164.1 = 4 92*0bf56da3SHartmut Brandt# fe80::1%2:10164 - requires inet fe80::1%em1/64 93*0bf56da3SHartmut BrandtbegemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.10164.1 = 4 94*0bf56da3SHartmut Brandt# fe80::1:10170 - should fail (no scope index) 95*0bf56da3SHartmut Brandt# begemotSnmpdTransInetStatus.2.16.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.10170.1 = 4 96*0bf56da3SHartmut Brandt# fe80::1%0:10170 - should fail (default scope index for link local address) 97*0bf56da3SHartmut Brandt# begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.10170.1 = 4 9804d17814SAndrey V. Elsukov 99*0bf56da3SHartmut Brandt# test the port table; DNS address 100*0bf56da3SHartmut Brandt# :10165 UDPv4 and UDPv6 101*0bf56da3SHartmut BrandtbegemotSnmpdTransInetStatus.16.0.10165.1 = 4 102*0bf56da3SHartmut Brandt# 127.0.0.1:10166 103*0bf56da3SHartmut Brandt# ::1:10166 104*0bf56da3SHartmut BrandtbegemotSnmpdTransInetStatus.16."localhost".10166.1 = 4 105*0bf56da3SHartmut Brandt# ::1:10167 106*0bf56da3SHartmut BrandtbegemotSnmpdTransInetStatus.16."localhost6".10167.1 = 4 107*0bf56da3SHartmut Brandt# fe80::1%em0:10168 - requires inet fe80::$em0/64 108*0bf56da3SHartmut BrandtbegemotSnmpdTransInetStatus.16."fe80::1%em0".10168.1 = 4 109*0bf56da3SHartmut Brandt# fe80::1%em1:10169 - requires inet fe80::$em1/64 110*0bf56da3SHartmut BrandtbegemotSnmpdTransInetStatus.16."fe80::1%em1".10169.1 = 4 111f06ca4afSHartmut Brandt 112f06ca4afSHartmut Brandt# open a unix domain socket 113*0bf56da3SHartmut Brandt# begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 114*0bf56da3SHartmut Brandt# begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 115f06ca4afSHartmut Brandt 116f06ca4afSHartmut Brandt# send traps to the traphost 1178eecd77aSHartmut BrandtbegemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 1188eecd77aSHartmut BrandtbegemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 1198eecd77aSHartmut BrandtbegemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) 120f06ca4afSHartmut Brandt 121f06ca4afSHartmut BrandtsysContact = $(contact) 122f06ca4afSHartmut BrandtsysLocation = $(location) 123f06ca4afSHartmut BrandtsysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) 124f06ca4afSHartmut Brandt 125f06ca4afSHartmut BrandtsnmpEnableAuthenTraps = 2 126f06ca4afSHartmut Brandt 127f06ca4afSHartmut Brandt# 128f06ca4afSHartmut Brandt# Load MIB-2 module 129f06ca4afSHartmut Brandt# 130*0bf56da3SHartmut Brandt#begemotSnmpdModulePath."mibII" = "../snmp_mibII/.libs/snmp_mibII.so" 131f06ca4afSHartmut BrandtbegemotSnmpdModulePath."mibII" = "/usr/local/lib/snmp_mibII.so" 132f06ca4afSHartmut Brandt 133f06ca4afSHartmut Brandt# 134*0bf56da3SHartmut Brandt# SNMPv3 notification targets 135*0bf56da3SHartmut Brandt# 136*0bf56da3SHartmut Brandt#begemotSnmpdModulePath."target" = "../snmp_target/.libs/snmp_target.so" 137*0bf56da3SHartmut BrandtbegemotSnmpdModulePath."target" = "/usr/local/lib/snmp_target.so" 138*0bf56da3SHartmut Brandt 139*0bf56da3SHartmut Brandt# 140*0bf56da3SHartmut Brandt# SNMPv3 user-based security module 141*0bf56da3SHartmut Brandt# 142*0bf56da3SHartmut Brandt#begemotSnmpdModulePath."usm" = "../snmp_usm/.libs/snmp_usm.so" 143*0bf56da3SHartmut BrandtbegemotSnmpdModulePath."usm" = "/usr/local/lib/snmp_usm.so" 144*0bf56da3SHartmut Brandt 145*0bf56da3SHartmut Brandt# 146*0bf56da3SHartmut Brandt# SNMPv3 view-based access control module 147*0bf56da3SHartmut Brandt# 148*0bf56da3SHartmut Brandt#begemotSnmpdModulePath."vacm" = "../snmp_vacm/.libs/snmp_vacm.so" 149*0bf56da3SHartmut BrandtbegemotSnmpdModulePath."vacm" = "/usr/local/lib/snmp_vacm.so" 150*0bf56da3SHartmut Brandt 151*0bf56da3SHartmut Brandt# 152f06ca4afSHartmut Brandt# Netgraph module 153f06ca4afSHartmut Brandt# 154*0bf56da3SHartmut Brandt# begemotSnmpdModulePath."netgraph" = "/usr/local/lib/snmp_netgraph.so" 155*0bf56da3SHartmut Brandt# %netgraph 156*0bf56da3SHartmut Brandt# begemotNgControlNodeName = "snmpd" 157f06ca4afSHartmut Brandt 158*0bf56da3SHartmut Brandt%vacm 159*0bf56da3SHartmut Brandt 160*0bf56da3SHartmut Brandtinternetoid := 1.3.6.1 161*0bf56da3SHartmut Brandtinternetoidlen := 4 162*0bf56da3SHartmut Brandt 163*0bf56da3SHartmut BrandtvacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4 164*0bf56da3SHartmut BrandtvacmGroupName.$(securityModelSNMPv1).$(read) = $(read) 165*0bf56da3SHartmut Brandt 166*0bf56da3SHartmut BrandtvacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(read) = 4 167*0bf56da3SHartmut BrandtvacmGroupName.$(securityModelSNMPv2c).$(read) = $(read) 168*0bf56da3SHartmut Brandt 169*0bf56da3SHartmut BrandtvacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4 170*0bf56da3SHartmut BrandtvacmGroupName.$(securityModelSNMPv2c).$(write) = $(write) 171*0bf56da3SHartmut Brandt 172*0bf56da3SHartmut BrandtvacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 173*0bf56da3SHartmut Brandt 174*0bf56da3SHartmut BrandtvacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4 175*0bf56da3SHartmut BrandtvacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet" 176*0bf56da3SHartmut Brandt 177*0bf56da3SHartmut BrandtvacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 178*0bf56da3SHartmut BrandtvacmAccessStatus.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 179*0bf56da3SHartmut BrandtvacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" 180*0bf56da3SHartmut BrandtvacmAccessReadViewName.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" 181*0bf56da3SHartmut BrandtvacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" 182*0bf56da3SHartmut BrandtvacmAccessWriteViewName.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" 183*0bf56da3SHartmut Brandt 184