xref: /freebsd/contrib/bsnmp/snmpd/snmpd.config (revision 6419bb52) 
1#
2# Copyright (c) 2001-2003
3#	Fraunhofer Institute for Open Communication Systems (FhG Fokus).
4#	All rights reserved.
5#
6# Author: Harti Brandt <harti@freebsd.org>
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11# 1. Redistributions of source code must retain the above copyright
12#    notice, this list of conditions and the following disclaimer.
13# 2. Redistributions in binary form must reproduce the above copyright
14#    notice, this list of conditions and the following disclaimer in the
15#    documentation and/or other materials provided with the distribution.
16#
17# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20# ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27# SUCH DAMAGE.
28#
29# $Begemot: bsnmp/snmpd/snmpd.config,v 1.16 2006/02/14 09:04:20 brandt_h Exp $
30#
31# Example configuration file for testing.
32#
33
34#
35# Set some common variables
36#
37host := foo.bar.com
38location := "Room 200"
39contact := "sysmeister@bar.com"
40system := 1	# FreeBSD
41traphost := localhost
42trapport := 162
43
44read := "public"
45write := "geheim"	# take care - this allows writing
46trap := "mytrap"
47
48securityModelSNMPv1     := 1
49securityModelSNMPv2c    := 2
50
51noAuthNoPriv := 1
52
53#
54# Configuration
55#
56%snmpd
57begemotSnmpdDebugDumpPdus	= 2
58begemotSnmpdDebugSyslogPri	= 7
59begemotSnmpdDebugSnmpTrace	= 0
60
61#
62# Set community strings.
63#
64# Each community string has a permission attached to it - 1 for read only
65# and 2 for read/write. Default is 1. Community strings must be unique.
66#
67# Be sure to understand the security implications of SNMPv2 - the community
68# strings are readable on the wire!
69#
70begemotSnmpdCommunityString.0.1	= $(read)
71begemotSnmpdCommunityPermission.0.1 = 1
72#begemotSnmpdCommunityString.0.2 = $(write)
73#begemotSnmpdCommunityPermission.0.2 = 2
74#begemotSnmpdCommunityString.0.3 = "otherPublic"
75begemotSnmpdCommunityDisable	= 1
76
77# open standard SNMP ports
78# 0.0.0.0:161
79begemotSnmpdTransInetStatus.1.4.0.0.0.0.161.1 = 4
80
81# test the port table; IPv4 address
82# 127.0.0.1:10161
83begemotSnmpdTransInetStatus.1.4.127.0.0.1.10161.1 = 4
84
85# test the port table; IPv6 address
86# ::1:10162
87begemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.10162.1 = 4
88# :::10163
89begemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.10163.1 = 4
90# fe80::1%1:10164 - requires inet fe80::1%em0/64
91begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.10164.1 = 4
92# fe80::1%2:10164 - requires inet fe80::1%em1/64
93begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.10164.1 = 4
94# fe80::1:10170 - should fail (no scope index)
95# begemotSnmpdTransInetStatus.2.16.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.10170.1 = 4
96# fe80::1%0:10170 - should fail (default scope index for link local address)
97# begemotSnmpdTransInetStatus.4.20.254.128.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.10170.1 = 4
98
99# test the port table; DNS address
100# :10165 UDPv4 and UDPv6
101begemotSnmpdTransInetStatus.16.0.10165.1 = 4
102# 127.0.0.1:10166
103# ::1:10166
104begemotSnmpdTransInetStatus.16."localhost".10166.1 = 4
105# ::1:10167
106begemotSnmpdTransInetStatus.16."localhost6".10167.1 = 4
107# fe80::1%em0:10168 - requires inet fe80::$em0/64
108begemotSnmpdTransInetStatus.16."fe80::1%em0".10168.1 = 4
109# fe80::1%em1:10169 - requires inet fe80::$em1/64
110begemotSnmpdTransInetStatus.16."fe80::1%em1".10169.1 = 4
111
112# open a unix domain socket
113# begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
114# begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
115
116# send traps to the traphost
117begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
118begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
119begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
120
121sysContact	= $(contact)
122sysLocation	= $(location)
123sysObjectId 	= 1.3.6.1.4.1.12325.1.1.2.1.$(system)
124
125snmpEnableAuthenTraps = 2
126
127#
128# Load MIB-2 module
129#
130#begemotSnmpdModulePath."mibII"	= "../snmp_mibII/.libs/snmp_mibII.so"
131begemotSnmpdModulePath."mibII"	= "/usr/local/lib/snmp_mibII.so"
132
133#
134# SNMPv3 notification targets
135#
136#begemotSnmpdModulePath."target"	= "../snmp_target/.libs/snmp_target.so"
137begemotSnmpdModulePath."target"	= "/usr/local/lib/snmp_target.so"
138
139#
140# SNMPv3 user-based security module
141#
142#begemotSnmpdModulePath."usm"	= "../snmp_usm/.libs/snmp_usm.so"
143begemotSnmpdModulePath."usm"	= "/usr/local/lib/snmp_usm.so"
144
145#
146# SNMPv3 view-based access control module
147#
148#begemotSnmpdModulePath."vacm"	= "../snmp_vacm/.libs/snmp_vacm.so"
149begemotSnmpdModulePath."vacm"	= "/usr/local/lib/snmp_vacm.so"
150
151#
152# Netgraph module
153#
154# begemotSnmpdModulePath."netgraph" = "/usr/local/lib/snmp_netgraph.so"
155# %netgraph
156# begemotNgControlNodeName = "snmpd"
157
158%vacm
159
160internetoid := 1.3.6.1
161internetoidlen := 4
162
163vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
164vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
165
166vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(read) = 4
167vacmGroupName.$(securityModelSNMPv2c).$(read) = $(read)
168
169vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
170vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
171
172vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
173
174vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
175vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
176
177vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
178vacmAccessStatus.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
179vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
180vacmAccessReadViewName.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
181vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
182vacmAccessWriteViewName.$(read)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
183
184