# $FreeBSD: head/etc/snmpd.config 216301 2010-12-08 17:34:07Z syrinx $ # # Example configuration file for bsnmpd(1). # # # Set some common variables # location := "Room 200" contact := "sysmeister@example.com" system := 1 # FreeBSD traphost := localhost trapport := 162 # # Set the SNMP engine ID. # # The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via # this configuration file, an ID is assigned based on the value of the # kern.hostid variable # engine := 0x80:0x10:0x08:0x10:0x80:0x25 # snmpEngineID = $(engine) # Change this! read := "public" # Uncomment begemotSnmpdCommunityString.0.2 below that sets the community # string to enable write access. write := "geheim" trap := "mytrap" # Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1 DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 # # SNMPv3 USM User definition # # The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, # SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking # 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other # usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" # with a private password "bsnmp", localized for the above engine ID. # # user1 := "bsnmp" # user1passwd := 0x1b:0x6d:0x9e:0x94:0xbe:0x19:0x17:0xfb:0xde:0x60:0x46:0xfe:0x59:0x6f:0x61:0x95:0xf2:0xc9:0x57:0x1f # # Configuration # %snmpd begemotSnmpdDebugDumpPdus = 2 begemotSnmpdDebugSyslogPri = 7 # # Set the read and write communities. # # The default value of the community strings is NULL (note, that this is # different from the empty string). This disables both read and write access. # To enable read access only the read community string must be set. Setting # the write community string enables both read and write access with that # string. # # Be sure to understand the security implications of SNMPv2 - the community # strings are readable on the wire! # begemotSnmpdCommunityString.0.1 = $(read) # begemotSnmpdCommunityString.0.2 = $(write) begemotSnmpdCommunityDisable = 1 # open standard SNMP ports begemotSnmpdPortStatus.0.0.0.0.161 = 1 # open a unix domain socket begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 # send traps to the traphost begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) sysContact = $(contact) sysLocation = $(location) sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) snmpEnableAuthenTraps = 2 # # Load MIB-2 module # begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" # Force a polling rate for the 64-bit interface counters in case # the automatic computation is wrong (which may be the case if an interface # announces the wrong bit rate via its MIB). #%mibII #begemotIfForcePoll = 2000 # # SNMPv3 User-based security module - must be loaded for SNMPv3 USM # #begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" # # SNMPv3 USM User definition. # #%usm # # The following block creates a user with name "bsnmp" and sets privacy # and encryption options to SHA256 message digests and AES encryption # for this user. # # usmUserStatus.$(engine).$(user1) = 5 # usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol) # usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd) # usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol) # usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd) # usmUserStatus.$(engine).$(user1) = 1 # # # The following block creates a user with name "public" with no authentication # or encryption options. # # usmUserStatus.$(engine).$(read) = 5 # usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol) # usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol) # usmUserStatus.$(engine).$(read) = 1 # # # SNMPv3 View-based Access Control module # #begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so" # # Definition of view-based access control entries. # #%vacm # Definition of a SNMPv1 group # vacmSecurityToGroupStatus.1.$(read) = 4 # vacmGroupName.1.$(read) = $(read) # Definition of SNMPv2 group # vacmSecurityToGroupStatus.2.$(write) = 4 # vacmGroupName.2.$(write) = $(write) # Definition of SNMPv3 group with users "bsnmp" and "public" # vacmSecurityToGroupStatus.3.$(user1) = 4 # vacmGroupName.3.$(user1) = $(write) # vacmSecurityToGroupStatus.3.$(read) = 4 # vacmGroupName.3.$(read) = $(write) # # The OID of the .iso.org.dod.internet subtree # # internetoid := 1.3.6.1 # internetoidlen := 4 # Enumerated values for the privacy options # noAuthNoPriv := 1 # authNoPriv := 2 # authPriv := 3 # # Definitions of two views # # vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 # vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4 # # Access control # # # Read-only access for SNMPv1 users # # vacmAccessStatus.$(read)."".1.1 = 4 # vacmAccessReadViewName.$(read)."".1.1 = "internet" # # Read-write access for SNMPv2 users # # vacmAccessStatus.$(write)."".2.1 = 4 # vacmAccessReadViewName.$(write)."".2.1 = "internet" # vacmAccessWriteViewName.$(write)."".2.1 = "internet" # # Read-write-notify access for SNMPv3 USM users with noAuthNoPriv # # vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 # vacmAccessReadViewName.$(write)."".3.$(noAuthNoPriv) = "internet" # vacmAccessWriteViewName.$(write)."".3.$(noAuthNoPriv) = "internet" # vacmAccessNotifyViewName.$(write)."".3.$(noAuthNoPriv) = "internet" # #Read-write-notify access to restricted for SNMPv3 USM users with authPriv # # vacmAccessStatus.$(write)."".3.$(authPriv) = 4 # vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted" # vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted" # vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted" # Netgraph module # #begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so" # #%netgraph #begemotNgControlNodeName = "snmpd" # # pf(4) module # #begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so" # # Host resources module # This requires the mibII module. # #begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" # # Bridge module # This requires the mibII module. # #begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" # # Wireless module # This requires the mibII module. # #begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"