Index: etc/Makefile =================================================================== --- etc/Makefile +++ etc/Makefile @@ -168,11 +168,6 @@ ${DESTDIR}/etc/services; .endif -.if ${MK_BSNMP} != "no" - cd ${.CURDIR}; \ - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ - snmpd.config ${DESTDIR}/etc; -.endif .if ${MK_TCSH} == "no" sed -i "" -e 's;/bin/csh;/bin/sh;' ${DESTDIR}/etc/master.passwd .endif Index: etc/snmpd.config =================================================================== --- etc/snmpd.config +++ etc/snmpd.config @@ -1,322 +0,0 @@ -# $FreeBSD$ -# -# Example configuration file for bsnmpd(1). -# - -# -# Set some common variables -# -location := "Room 200" -contact := "sysmeister@example.com" -system := 1 # FreeBSD -traphost := localhost -trapport := 162 - -# -# Set the SNMP engine ID. -# -# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via -# this configuration file, an ID is assigned based on the value of the -# kern.hostid variable -# engine := 0x80:0x10:0x08:0x10:0x80:0x25 -# snmpEngineID = $(engine) - -# Change this! -read := "public" -# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community -# string to enable write access. -write := "geheim" -trap := "mytrap" - -# -# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options -# - -NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 -HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 -HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 -NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1 -DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 -AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 - -# -# Enumerations from SNMP-FRAMEWORK-MIB -# - -# Security models -securityModelAny := 0 -securityModelSNMPv1 := 1 -securityModelSNMPv2c := 2 -securityModelUSM := 3 - -# Message Processing models -MPmodelSNMPv1 := 0 -MPmodelSNMPv2c := 1 -MPmodelSNMPv3 := 3 - -# Security levels -noAuthNoPriv := 1 -authNoPriv := 2 -authPriv := 3 - - -# SNMPv3 USM User definition -# -# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, -# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking -# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other -# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" -# with a private password "bsnmptest", localized for the above engine ID. -# -#user1 := "bsnmp" -#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60 - -# -# Configuration -# -%snmpd -begemotSnmpdDebugDumpPdus = 2 -begemotSnmpdDebugSyslogPri = 7 - -# -# Set the read and write communities. -# -# The default value of the community strings is NULL (note, that this is -# different from the empty string). This disables both read and write access. -# To enable read access only the read community string must be set. Setting -# the write community string enables both read and write access with that -# string. -# -# Be sure to understand the security implications of SNMPv2 - the community -# strings are readable on the wire! -# -begemotSnmpdCommunityString.0.1 = $(read) -# begemotSnmpdCommunityString.0.2 = $(write) -begemotSnmpdCommunityDisable = 1 - -# open standard SNMP ports -begemotSnmpdPortStatus.0.0.0.0.161 = 1 - -# open a unix domain socket -begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 -begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 - -# send traps to the traphost -begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 -begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 -begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) - -sysContact = $(contact) -sysLocation = $(location) -sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) - -snmpEnableAuthenTraps = 2 - -# Uncomment `begemotSnmpdModulePath.".." = ".."' entries below to enable -# modules - -# -# Control configuration for the modules in the module specific sections, e.g. -# the "usm" module (begemotSnmpdModulePath."usm") can be controlled in the -# %usm specific section. You must uncomment the section specific header in -# order to use the enclosed variables, e.g. `usmUserStatus.$(engine).$(user1)` -# can only be used if %usm is uncommented. -# -# Modules are loaded in the order listed, so they must be before any -# dependent modules, e.g. "mibII" vs "bridge". -# - -# -# MIB-2 module -# -begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" - -# -# Bridge module -# This requires the mibII module. -# -#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" - -# -# Host resources module -# This requires the mibII module. -# -#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" - -# -# LM75 Sensor module -# -#begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so" - -# -# Netgraph module -# -#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so" - -# -# pf(4) module -# -#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so" - -# -# SNMPv3 Notification Targets -# -# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so" - -# -# SNMPv3 User-based security module - must be loaded for SNMPv3 USM -# -#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" - -# -# SNMPv3 View-based Access Control module -# -#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so" - -# -# Wireless module -# This requires the mibII module. -# -#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so" - -# -# SNMPv3 USM User definition. -# - -#%usm - -# -# The following block creates a user with name "bsnmp" and sets privacy -# and encryption options to SHA256 message digests and AES encryption -# for this user. -# -# usmUserStatus.$(engine).$(user1) = 5 -# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol) -# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd) -# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol) -# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd) -# usmUserStatus.$(engine).$(user1) = 1 -# - -# -# The following block creates a user with name "public" with no authentication -# or encryption options. -# -# usmUserStatus.$(engine).$(read) = 5 -# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol) -# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol) -# usmUserStatus.$(engine).$(read) = 1 -# - -# -# Definition of view-based access control entries. -# -#%vacm - -# Definition of a SNMPv1 group -# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4 -# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read) - -# Definition of SNMPv2 group -# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4 -# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write) - -# Definition of SNMPv3 group with users "bsnmp" and "public" -# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4 -# vacmGroupName.$(securityModelUSM).$(user1) = $(write) -# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4 -# vacmGroupName.$(securityModelUSM).$(read) = $(write) - -# -# The OID of the .iso.org.dod.internet subtree -# -# internetoid := 1.3.6.1 -# internetoidlen := 4 - -# -# Definitions of two views -# -# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 -# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4 - -# -# Access control -# - -# -# Read-only access for SNMPv1 users -# -# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4 -# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet" - -# -# Read-write access for SNMPv2 users -# -# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 -# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" -# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" - -# -# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv -# -# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 -# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" -# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" -# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" - -# -#Read-write-notify access to restricted for SNMPv3 USM users with authPriv -# -# vacmAccessStatus.$(write)."".$(securityModelUSM).$(authPriv) = 4 -# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" -# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" -# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" - -#%target -# Send notifications to target tag "test" -# tag := "test" -# snmpNotifyRowStatus.$(tag) = 4 -# snmpNotifyTag.$(tag) = $(tag) - -# tagremote := "testremote" -# snmpNotifyRowStatus.$(tagremote) = 4 -# snmpNotifyTag.$(tagremote) = $(tagremote) - -# -# Specify the target parameters for the notifications - send with the credentials -# of user "bsnmp" -# -# snmpTargetParamsRowStatus.$(tag) = 5 -# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3) -# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM) -# snmpTargetParamsSecurityName.$(tag) = $(user1) -# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv) -# snmpTargetParamsRowStatus.$(tag) = 1 - -# -# Define the notifications' target address - port 162 on localhost -# -# snmpTargetAddrRowStatus.$(tag) = 5 -# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2 -# snmpTargetAddrTagList.$(tag) = "test notification" -# snmpTargetAddrParams.$(tag) = $(tag) -# snmpTargetAddrRowStatus.$(tag) = 1 - -# -# Define the notifications' target address - port 162 on 10.0.0.1 -# -# snmpTargetAddrRowStatus.$(tagremote) = 5 -# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2 -# snmpTargetAddrTagList.$(tagremote) = $(tagremote) -# snmpTargetAddrParams.$(tagremote) = $(tag) -# snmpTargetAddrRowStatus.$(tagremote) = 1 - -# Force a polling rate for the 64-bit interface counters in case -# the automatic computation is wrong (which may be the case if an interface -# announces the wrong bit rate via its MIB). -#%mibII -#begemotIfForcePoll = 2000 - -#%netgraph -#begemotNgControlNodeName = "snmpd" - Index: usr.sbin/bsnmpd/bsnmpd/Makefile =================================================================== --- usr.sbin/bsnmpd/bsnmpd/Makefile +++ usr.sbin/bsnmpd/bsnmpd/Makefile @@ -7,6 +7,8 @@ CONTRIB=${SRCTOP}/contrib/bsnmp .PATH: ${CONTRIB}/snmpd +CONFS= snmpd.config +CONFSMODE= 600 PROG= bsnmpd SRCS= main.c action.c config.c export.c trap.c trans_udp.c trans_lsock.c SRCS+= oid.h tree.c tree.h