snmpd.config revision 216301 
1145184Sglebius# $FreeBSD: head/etc/snmpd.config 216301 2010-12-08 17:34:07Z syrinx $
2145184Sglebius#
3145184Sglebius# Example configuration file for bsnmpd(1).
4145184Sglebius#
5145184Sglebius
6145184Sglebius#
7145184Sglebius# Set some common variables
8145184Sglebius#
9145184Sglebiuslocation := "Room 200"
10155768Scericontact := "sysmeister@example.com"
11145184Sglebiussystem := 1	# FreeBSD
12155458Sglebiustraphost := localhost
13145184Sglebiustrapport := 162
14145184Sglebius
15216300Ssyrinx#
16216300Ssyrinx# Set the SNMP engine ID.
17216300Ssyrinx#
18216300Ssyrinx# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
19216300Ssyrinx# this configuration file, an ID is assigned based on the value of the
20216300Ssyrinx# kern.hostid variable
21216300Ssyrinx# engine := 0x80:0x10:0x08:0x10:0x80:0x25
22216300Ssyrinx# snmpEngineID = $(engine)
23216300Ssyrinx
24145184Sglebius# Change this!
25145184Sglebiusread := "public"
26165685Smaxim# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
27165685Smaxim# string to enable write access.
28145184Sglebiuswrite := "geheim"
29145184Sglebiustrap := "mytrap"
30145184Sglebius
31216300Ssyrinx# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
32216300SsyrinxNoAuthProtocol		:= 1.3.6.1.6.3.10.1.1.1
33216300SsyrinxHMACMD5AuthProtocol	:= 1.3.6.1.6.3.10.1.1.2
34216300SsyrinxHMACSHAAuthProtocol	:= 1.3.6.1.6.3.10.1.1.3
35216300SsyrinxNoPrivProtocol		:= 1.3.6.1.6.3.10.1.2.1
36216300SsyrinxDESPrivProtocol		:= 1.3.6.1.6.3.10.1.2.2
37216300SsyrinxAesCfb128Protocol	:= 1.3.6.1.6.3.10.1.2.4
38216300Ssyrinx
39145184Sglebius#
40216300Ssyrinx# SNMPv3 USM User definition
41216300Ssyrinx#
42216300Ssyrinx# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
43216300Ssyrinx# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
44216300Ssyrinx# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
45216300Ssyrinx# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
46216301Ssyrinx# with a private password "bsnmp", localized for the above engine ID.
47216300Ssyrinx#
48216300Ssyrinx# user1 := "bsnmp"
49216300Ssyrinx# user1passwd := 0x1b:0x6d:0x9e:0x94:0xbe:0x19:0x17:0xfb:0xde:0x60:0x46:0xfe:0x59:0x6f:0x61:0x95:0xf2:0xc9:0x57:0x1f
50216300Ssyrinx
51216300Ssyrinx#
52145184Sglebius# Configuration
53145184Sglebius#
54145184Sglebius%snmpd
55145184SglebiusbegemotSnmpdDebugDumpPdus	= 2
56145184SglebiusbegemotSnmpdDebugSyslogPri	= 7
57145184Sglebius
58154186Sharti#
59154186Sharti# Set the read and write communities.
60154186Sharti#
61154186Sharti# The default value of the community strings is NULL (note, that this is
62154186Sharti# different from the empty string). This disables both read and write access.
63154186Sharti# To enable read access only the read community string must be set. Setting
64154186Sharti# the write community string enables both read and write access with that
65154186Sharti# string.
66154186Sharti#
67154186Sharti# Be sure to understand the security implications of SNMPv2 - the community
68154186Sharti# strings are readable on the wire!
69154186Sharti#
70145184SglebiusbegemotSnmpdCommunityString.0.1	= $(read)
71154186Sharti# begemotSnmpdCommunityString.0.2	= $(write)
72145184SglebiusbegemotSnmpdCommunityDisable	= 1
73145184Sglebius
74145184Sglebius# open standard SNMP ports
75163823ShartibegemotSnmpdPortStatus.0.0.0.0.161 = 1
76145184Sglebius
77145184Sglebius# open a unix domain socket
78145184SglebiusbegemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
79145184SglebiusbegemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
80145184Sglebius
81145184Sglebius# send traps to the traphost
82145184SglebiusbegemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
83145184SglebiusbegemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
84145184SglebiusbegemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
85145184Sglebius
86145184SglebiussysContact	= $(contact)
87145184SglebiussysLocation	= $(location)
88145184SglebiussysObjectId 	= 1.3.6.1.4.1.12325.1.1.2.1.$(system)
89145184Sglebius
90145184SglebiussnmpEnableAuthenTraps = 2
91145184Sglebius
92145184Sglebius#
93145184Sglebius# Load MIB-2 module
94145184Sglebius#
95145184SglebiusbegemotSnmpdModulePath."mibII"	= "/usr/lib/snmp_mibII.so"
96145184Sglebius
97156070Sharti# Force a polling rate for the 64-bit interface counters in case
98156070Sharti# the automatic computation is wrong (which may be the case if an interface
99156070Sharti# announces the wrong bit rate via its MIB).
100156070Sharti#%mibII
101156070Sharti#begemotIfForcePoll = 2000
102156070Sharti
103145184Sglebius#
104216300Ssyrinx# SNMPv3 User-based security module - must be loaded for SNMPv3 USM
105216300Ssyrinx#
106216300Ssyrinx#begemotSnmpdModulePath."usm"	= "/usr/lib/snmp_usm.so"
107216300Ssyrinx
108216300Ssyrinx#
109216300Ssyrinx# SNMPv3 USM User definition.
110216300Ssyrinx#
111216300Ssyrinx
112216300Ssyrinx#%usm
113216300Ssyrinx
114216300Ssyrinx#
115216300Ssyrinx# The following block creates a user with name "bsnmp" and sets privacy
116216300Ssyrinx# and encryption options to SHA256 message digests and AES encryption
117216300Ssyrinx# for this user.
118216300Ssyrinx# 
119216300Ssyrinx# usmUserStatus.$(engine).$(user1) = 5
120216300Ssyrinx# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
121216300Ssyrinx# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
122216300Ssyrinx# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
123216300Ssyrinx# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
124216300Ssyrinx# usmUserStatus.$(engine).$(user1) = 1
125216300Ssyrinx#
126216300Ssyrinx
127216300Ssyrinx#
128216300Ssyrinx# The following block creates a user with name "public" with no authentication
129216301Ssyrinx# or encryption options.
130216300Ssyrinx#
131216300Ssyrinx# usmUserStatus.$(engine).$(read) = 5
132216300Ssyrinx# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
133216300Ssyrinx# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
134216300Ssyrinx# usmUserStatus.$(engine).$(read) = 1
135216300Ssyrinx#
136216300Ssyrinx
137216300Ssyrinx#
138216300Ssyrinx# SNMPv3 View-based Access Control module
139216300Ssyrinx#
140216300Ssyrinx#begemotSnmpdModulePath."vacm"	= "/usr/lib/snmp_vacm.so"
141216300Ssyrinx
142216300Ssyrinx#
143216300Ssyrinx# Definition of view-based access control entries.
144216300Ssyrinx#
145216300Ssyrinx#%vacm
146216300Ssyrinx
147216300Ssyrinx# Definition of a SNMPv1 group
148216300Ssyrinx# vacmSecurityToGroupStatus.1.$(read) = 4
149216300Ssyrinx# vacmGroupName.1.$(read) = $(read)
150216300Ssyrinx
151216300Ssyrinx# Definition of SNMPv2 group
152216300Ssyrinx# vacmSecurityToGroupStatus.2.$(write) = 4
153216300Ssyrinx# vacmGroupName.2.$(write) = $(write)
154216300Ssyrinx
155216300Ssyrinx# Definition of SNMPv3 group with users "bsnmp" and "public"
156216300Ssyrinx# vacmSecurityToGroupStatus.3.$(user1) = 4
157216300Ssyrinx# vacmGroupName.3.$(user1) = $(write)
158216300Ssyrinx# vacmSecurityToGroupStatus.3.$(read) = 4
159216300Ssyrinx# vacmGroupName.3.$(read) = $(write)
160216300Ssyrinx
161216300Ssyrinx# 
162216300Ssyrinx# The OID of the .iso.org.dod.internet subtree
163216300Ssyrinx#
164216300Ssyrinx# internetoid := 1.3.6.1
165216300Ssyrinx# internetoidlen := 4
166216300Ssyrinx
167216300Ssyrinx# Enumerated values for the privacy options
168216300Ssyrinx# noAuthNoPriv := 1
169216300Ssyrinx# authNoPriv := 2
170216300Ssyrinx# authPriv := 3
171216300Ssyrinx
172216300Ssyrinx#
173216300Ssyrinx# Definitions of two views
174216300Ssyrinx#
175216300Ssyrinx# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
176216300Ssyrinx# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4
177216300Ssyrinx
178216300Ssyrinx#
179216300Ssyrinx# Access control
180216300Ssyrinx#
181216300Ssyrinx
182216300Ssyrinx#
183216300Ssyrinx# Read-only access for SNMPv1 users
184216300Ssyrinx#
185216300Ssyrinx# vacmAccessStatus.$(read)."".1.1 = 4
186216300Ssyrinx# vacmAccessReadViewName.$(read)."".1.1 = "internet"
187216300Ssyrinx
188216300Ssyrinx#
189216300Ssyrinx# Read-write access for SNMPv2 users 
190216300Ssyrinx#
191216300Ssyrinx# vacmAccessStatus.$(write)."".2.1 = 4
192216300Ssyrinx# vacmAccessReadViewName.$(write)."".2.1 = "internet"
193216300Ssyrinx# vacmAccessWriteViewName.$(write)."".2.1 = "internet"
194216300Ssyrinx
195216300Ssyrinx#
196216300Ssyrinx# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
197216300Ssyrinx#
198216300Ssyrinx# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
199216300Ssyrinx# vacmAccessReadViewName.$(write)."".3.$(noAuthNoPriv) = "internet"
200216300Ssyrinx# vacmAccessWriteViewName.$(write)."".3.$(noAuthNoPriv) = "internet"
201216300Ssyrinx# vacmAccessNotifyViewName.$(write)."".3.$(noAuthNoPriv) = "internet"
202216300Ssyrinx
203216300Ssyrinx#
204216300Ssyrinx#Read-write-notify access to restricted for SNMPv3 USM users with authPriv
205216300Ssyrinx#
206216300Ssyrinx# vacmAccessStatus.$(write)."".3.$(authPriv) = 4
207216300Ssyrinx# vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted"
208216300Ssyrinx# vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted"
209216300Ssyrinx# vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted"
210216300Ssyrinx
211145184Sglebius# Netgraph module
212145184Sglebius#
213145184Sglebius#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
214145184Sglebius#
215145184Sglebius#%netgraph
216145184Sglebius#begemotNgControlNodeName = "snmpd"
217145184Sglebius
218145184Sglebius#
219145184Sglebius# pf(4) module
220145184Sglebius#
221145184Sglebius#begemotSnmpdModulePath."pf"	= "/usr/lib/snmp_pf.so"
222154177Sharti
223154177Sharti#
224154177Sharti# Host resources module
225154177Sharti#  This requires the mibII module.
226154177Sharti#
227154177Sharti#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
228165419Ssyrinx
229165419Ssyrinx#
230165419Ssyrinx# Bridge module
231165419Ssyrinx#  This requires the mibII module.
232165419Ssyrinx#
233165419Ssyrinx#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
234210503Ssyrinx
235210503Ssyrinx#
236210503Ssyrinx# Wireless module
237210503Ssyrinx#  This requires the mibII module.
238210503Ssyrinx#
239210503Ssyrinx#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"
240