# # Copyright (c) 2001-2003 # Fraunhofer Institute for Open Communication Systems (FhG Fokus). # All rights reserved. # # Author: Harti Brandt # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $Begemot: bsnmp/snmpd/snmpd.config,v 1.16 2006/02/14 09:04:20 brandt_h Exp $ # # Example configuration file for testing. # # # Set some common variables # host := foo.bar.com location := "Room 200" contact := "sysmeister@bar.com" system := 1 # FreeBSD traphost := localhost trapport := 162 read := "public" write := "geheim" # take care - this allows writing trap := "mytrap" securityModelSNMPv1 := 1 securityModelSNMPv2c := 2 noAuthNoPriv := 1 # # Configuration # %snmpd begemotSnmpdDebugDumpPdus = 2 begemotSnmpdDebugSyslogPri = 7 begemotSnmpdDebugSnmpTrace = 0 # # Set community strings. # # Each community string has a permission attached to it - 1 for read only # and 2 for read/write. Default is 1. Community strings must be unique. # # Be sure to understand the security implications of SNMPv2 - the community # strings are readable on the wire! # begemotSnmpdCommunityString.0.1 = $(read) begemotSnmpdCommunityPermission.0.1 = 1 #begemotSnmpdCommunityString.0.2 = $(write) #begemotSnmpdCommunityPermission.0.2 = 2 #begemotSnmpdCommunityString.0.3 = "otherPublic" begemotSnmpdCommunityDisable = 1 # open standard SNMP ports # 0.0.0.0:161 begemotSnmpdTransInetStatus.1.4.0.0.0.0.161.1 = 4 # test the port table; IPv4 address # 127.0.0.1:10161 begemotSnmpdTransInetStatus.1.4.127.0.0.1.10161.1 = 4 # test the port table; IPv6 address # ::1:10162 begemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.10162.1 = 4 # :::10163 begemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.10163.1 = 4 # fe80::1%1:10164 - requires inet fe80::1%em0/64 begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.10164.1 = 4 # fe80::1%2:10164 - requires inet fe80::1%em1/64 begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.10164.1 = 4 # fe80::1:10170 - should fail (no scope index) # begemotSnmpdTransInetStatus.2.16.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.10170.1 = 4 # fe80::1%0:10170 - should fail (default scope index for link local address) # begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.10170.1 = 4 # test the port table; DNS address # :10165 UDPv4 and UDPv6 begemotSnmpdTransInetStatus.16.0.10165.1 = 4 # 127.0.0.1:10166 # ::1:10166 begemotSnmpdTransInetStatus.16."localhost".10166.1 = 4 # ::1:10167 begemotSnmpdTransInetStatus.16."localhost6".10167.1 = 4 # fe80::1%em0:10168 - requires inet fe80::$em0/64 begemotSnmpdTransInetStatus.16."fe80::1%em0".10168.1 = 4 # fe80::1%em1:10169 - requires inet fe80::$em1/64 begemotSnmpdTransInetStatus.16."fe80::1%em1".10169.1 = 4 # open a unix domain socket # begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 # begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 # send traps to the traphost begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) sysContact = $(contact) sysLocation = $(location) sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) snmpEnableAuthenTraps = 2 # # Load MIB-2 module # #begemotSnmpdModulePath."mibII" = "../snmp_mibII/.libs/snmp_mibII.so" begemotSnmpdModulePath."mibII" = "/usr/local/lib/snmp_mibII.so" # # SNMPv3 notification targets # #begemotSnmpdModulePath."target" = "../snmp_target/.libs/snmp_target.so" begemotSnmpdModulePath."target" = "/usr/local/lib/snmp_target.so" # # SNMPv3 user-based security module # #begemotSnmpdModulePath."usm" = "../snmp_usm/.libs/snmp_usm.so" begemotSnmpdModulePath."usm" = "/usr/local/lib/snmp_usm.so" # # SNMPv3 view-based access control module # #begemotSnmpdModulePath."vacm" = "../snmp_vacm/.libs/snmp_vacm.so" begemotSnmpdModulePath."vacm" = "/usr/local/lib/snmp_vacm.so" # # Netgraph module # # begemotSnmpdModulePath."netgraph" = "/usr/local/lib/snmp_netgraph.so" # %netgraph # begemotNgControlNodeName = "snmpd" %vacm internetoid := 1.3.6.1 internetoidlen := 4 vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4 vacmGroupName.$(securityModelSNMPv1).$(read) = $(read) vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(read) = 4 vacmGroupName.$(securityModelSNMPv2c).$(read) = $(read) vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4 vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write) vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4 vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet" vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 vacmAccessStatus.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" vacmAccessReadViewName.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" vacmAccessWriteViewName.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"