snmpd.config revision 216300
1# $FreeBSD: head/etc/snmpd.config 216300 2010-12-08 17:27:59Z syrinx $ 2# 3# Example configuration file for bsnmpd(1). 4# 5 6# 7# Set some common variables 8# 9location := "Room 200" 10contact := "sysmeister@example.com" 11system := 1 # FreeBSD 12traphost := localhost 13trapport := 162 14 15# 16# Set the SNMP engine ID. 17# 18# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via 19# this configuration file, an ID is assigned based on the value of the 20# kern.hostid variable 21# engine := 0x80:0x10:0x08:0x10:0x80:0x25 22# snmpEngineID = $(engine) 23 24# Change this! 25read := "public" 26# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community 27# string to enable write access. 28write := "geheim" 29trap := "mytrap" 30 31# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options 32NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 33HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 34HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 35NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1 36DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 37AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 38 39# 40# SNMPv3 USM User definition 41# 42# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, 43# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking 44# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other 45# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" 46# which a private password "bsnmp", localized for the above engine ID. 47# 48# user1 := "bsnmp" 49# user1passwd := 0x1b:0x6d:0x9e:0x94:0xbe:0x19:0x17:0xfb:0xde:0x60:0x46:0xfe:0x59:0x6f:0x61:0x95:0xf2:0xc9:0x57:0x1f 50 51# 52# Configuration 53# 54%snmpd 55begemotSnmpdDebugDumpPdus = 2 56begemotSnmpdDebugSyslogPri = 7 57 58# 59# Set the read and write communities. 60# 61# The default value of the community strings is NULL (note, that this is 62# different from the empty string). This disables both read and write access. 63# To enable read access only the read community string must be set. Setting 64# the write community string enables both read and write access with that 65# string. 66# 67# Be sure to understand the security implications of SNMPv2 - the community 68# strings are readable on the wire! 69# 70begemotSnmpdCommunityString.0.1 = $(read) 71# begemotSnmpdCommunityString.0.2 = $(write) 72begemotSnmpdCommunityDisable = 1 73 74# open standard SNMP ports 75begemotSnmpdPortStatus.0.0.0.0.161 = 1 76 77# open a unix domain socket 78begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 79begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 80 81# send traps to the traphost 82begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 83begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 84begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) 85 86sysContact = $(contact) 87sysLocation = $(location) 88sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) 89 90snmpEnableAuthenTraps = 2 91 92# 93# Load MIB-2 module 94# 95begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" 96 97# Force a polling rate for the 64-bit interface counters in case 98# the automatic computation is wrong (which may be the case if an interface 99# announces the wrong bit rate via its MIB). 100#%mibII 101#begemotIfForcePoll = 2000 102 103# 104# SNMPv3 User-based security module - must be loaded for SNMPv3 USM 105# 106#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" 107 108# 109# SNMPv3 USM User definition. 110# 111 112#%usm 113 114# 115# The following block creates a user with name "bsnmp" and sets privacy 116# and encryption options to SHA256 message digests and AES encryption 117# for this user. 118# 119# usmUserStatus.$(engine).$(user1) = 5 120# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol) 121# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd) 122# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol) 123# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd) 124# usmUserStatus.$(engine).$(user1) = 1 125# 126 127# 128# The following block creates a user with name "public" with no authentication 129# or encyption options. 130# 131# usmUserStatus.$(engine).$(read) = 5 132# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol) 133# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol) 134# usmUserStatus.$(engine).$(read) = 1 135# 136 137# 138# SNMPv3 View-based Access Control module 139# 140#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so" 141 142# 143# Definition of view-based access control entries. 144# 145#%vacm 146 147# Definition of a SNMPv1 group 148# vacmSecurityToGroupStatus.1.$(read) = 4 149# vacmGroupName.1.$(read) = $(read) 150 151# Definition of SNMPv2 group 152# vacmSecurityToGroupStatus.2.$(write) = 4 153# vacmGroupName.2.$(write) = $(write) 154 155# Definition of SNMPv3 group with users "bsnmp" and "public" 156# vacmSecurityToGroupStatus.3.$(user1) = 4 157# vacmGroupName.3.$(user1) = $(write) 158# vacmSecurityToGroupStatus.3.$(read) = 4 159# vacmGroupName.3.$(read) = $(write) 160 161# 162# The OID of the .iso.org.dod.internet subtree 163# 164# internetoid := 1.3.6.1 165# internetoidlen := 4 166 167# Enumerated values for the privacy options 168# noAuthNoPriv := 1 169# authNoPriv := 2 170# authPriv := 3 171 172# 173# Definitions of two views 174# 175# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 176# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4 177 178# 179# Access control 180# 181 182# 183# Read-only access for SNMPv1 users 184# 185# vacmAccessStatus.$(read)."".1.1 = 4 186# vacmAccessReadViewName.$(read)."".1.1 = "internet" 187 188# 189# Read-write access for SNMPv2 users 190# 191# vacmAccessStatus.$(write)."".2.1 = 4 192# vacmAccessReadViewName.$(write)."".2.1 = "internet" 193# vacmAccessWriteViewName.$(write)."".2.1 = "internet" 194 195# 196# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv 197# 198# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 199# vacmAccessReadViewName.$(write)."".3.$(noAuthNoPriv) = "internet" 200# vacmAccessWriteViewName.$(write)."".3.$(noAuthNoPriv) = "internet" 201# vacmAccessNotifyViewName.$(write)."".3.$(noAuthNoPriv) = "internet" 202 203# 204#Read-write-notify access to restricted for SNMPv3 USM users with authPriv 205# 206# vacmAccessStatus.$(write)."".3.$(authPriv) = 4 207# vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted" 208# vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted" 209# vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted" 210 211# Netgraph module 212# 213#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so" 214# 215#%netgraph 216#begemotNgControlNodeName = "snmpd" 217 218# 219# pf(4) module 220# 221#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so" 222 223# 224# Host resources module 225# This requires the mibII module. 226# 227#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" 228 229# 230# Bridge module 231# This requires the mibII module. 232# 233#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" 234 235# 236# Wireless module 237# This requires the mibII module. 238# 239#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so" 240