docs/156187: Add bsnmpd to handbook

Mark Meyer ofosos at googlemail.com
Wed Apr 6 08:30:20 UTC 2011 

Thanks for your comments. I attached a revised patch. See below.

2011/4/6 Benjamin Kaduk <kaduk at mit.edu>
>
>
> It's not clear that the ordinality of the installation is relevant.


It is not relevant.


> I think "the default configuration is runnable" is more clear.
>

I don't want to overuse 'default', otherwise changed.


> I have a general preference for "everyone" over "everybody" that I cannot
> really justify to this audience and will refrain from noting all
> occurrences.  However, here I think "anyone" or "everyone" is preferable.
>

I prefer to follow you there.


>  +       guess it, will be able to read from your systems management
>>
>
> no comma.
>

Fixed.


>  +       data.  The community will however be transferred in plain text
>>
>> +       over the wire, thus potentially leaking an otherwise secure
>> +       password to an attacker.</para></note>
>>
>
> "thus" is perhaps spurious; the whole sentence could probably be reworded
> to make it more clear that valuable passwords should not be used as they are
> sent in cleartext.


Now reads: " Choose the community string wisely.  Everyone able to guess it
will be able to read from your systems management data.  The community
string is transferred in cleartext over the network, potentially leaking a
valuable password to an attacker."

Express that the user doesn't want to use the very weak "public", or his/her
valuable user credentials. Do you have an opinion about starting the third
sentence with "But"?

"enable"


Done.

Can you reword to avoid the awkwardness of treating the screenshot as part
> of the sentence?


"Start bsnmpd:"

Do you have a preference to end the sentence preceding the <screen> in a
full stop or in a colon?

+      <screen>&prompt.root; <userinput>/etc/rc.d/bsnmpd
>> start</userinput></screen>
>> +
>> +      <para>will start <application>bsnmpd</application>
>> +       immediately. To test your setup, run
>> +       an <application>bsnmpget</application> from the machine you
>> +       installed on.</para>
>>
>
> "machine you installed on" is a somewhat awkward phrase.


I used "your system" elsewhere. The idea that you're doing this locally
should be evident.


>  +
>> +      <screen>&prompt.root; <userinput>/usr/local/bin/bsnmpget -s
>> superprivate at localhost sysContact</userinput>
>> +sysContact.0 = sysmeister at example.com</screen>
>> +
>> +      <para>The command should dump the value you entered in your
>>
>
> s/dump/print/, I think (having not tried running the command)


Changed.


>  +       configuration.</para>
>>
>
> Maybe name bsnmpd.config explicitly?
>

Done.

Other changes: some markup, removed the word "now" preceding instructions
(superfluous).

- Mark
-------------- next part --------------
Index: en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml
===================================================================
RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml,v
retrieving revision 1.129
diff -u -r1.129 chapter.sgml
--- en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml	4 Apr 2011 05:23:33 -0000	1.129
+++ en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml	6 Apr 2011 07:14:20 -0000
@@ -5383,6 +5383,126 @@
 	by local users.</para>
     </sect2>
   </sect1>
+
+  <sect1 id="network-bsnmpd">
+    <sect1info>
+      <authorgroup>
+        <author>
+          <firstname>Mark</firstname>
+          <surname>Meyer</surname>
+          <contrib>Contributed by </contrib>
+        </author>
+      </authorgroup>
+      <authorgroup>
+        <author>
+          <contrib>Updated by </contrib>
+          <othername>The &os; Documentation Project</othername>
+        </author>
+      </authorgroup>
+    </sect1info>
+
+    <title>The <application>bsnmpd</application> Server</title>
+
+    <sect2 id="network-bsnmpd-overview">
+      <title>Overview</title>
+
+      <para>With your installation of FreeBSD, bsnmpd is
+        provided as the default software implementing SNMPv2.  For the
+        purpose of testing we will assume you're trying to connect to
+        this service from your local system.</para>
+
+      <note><para>To run the tests in this section you will additionally
+	need <filename role="package">net-mgmt/bsnmptools</filename>,
+	which you can install via the bsnmptools package or
+	port.</para></note>
+
+    </sect2>
+
+    <sect2 id="network-bsnmpd-configuring">
+      <title>Configuring <application>bsnmpd</application></title>
+
+      <para>The bsnmpd configuration resides
+	in <filename>/etc/snmpd.config</filename> and is already
+	runnable.  By default bsnmpd allows anyone to read any
+	variable using the community <literal>public</literal>.  If
+	you don't want anyone to read your SNMP variables, choose a
+	different read community and edit the configuration setting
+	accordingly:</para>
+
+      <programlisting>read := "<replaceable>superprivate</replaceable>"</programlisting>
+
+      <note><para>Choose the community string wisely.  Everyone able
+	to guess it will be able to read from your systems management
+	data.  The community string is transferred in cleartext over
+	the network, potentially leaking a valuable password to an
+	attacker.</para></note>
+
+      <para>The variables "location" and "contact" can be set. They
+	are intended to reflect the physical location and system
+	administration contact respectively:</para>
+
+      <programlisting>location := "Room 200"
+contact := "sysmeister at example.com"</programlisting>
+
+      <para>If you want to send SNMP traps to a specific port, set
+	both <literal>traphost</literal>
+	and <literal>trapport</literal> variables:</para>
+
+      <programlisting>traphost := monitor.example.com
+trapport := 162</programlisting>
+
+    </sect2>
+
+    <sect2 id="network-bsnmpd-running">
+      <title>Running <application>bsnmpd</application></title>
+
+      <para>To run bsnmpd at system startup, add the following to your
+	<filename>/etc/rc.conf</filename>:</para>
+
+      <programlisting>bsnmpd_enable="YES"</programlisting>
+
+      <para>Start <application>bsnmpd</application>:</para>
+
+      <screen>&prompt.root; <userinput>/etc/rc.d/bsnmpd start</userinput></screen>
+
+      <para>To test your setup, run
+	<application>bsnmpget</application> on
+	your system.</para>
+
+      <screen>&prompt.root; <userinput>/usr/local/bin/bsnmpget -s <replaceable>superprivate</replaceable>@localhost sysContact</userinput>
+sysContact.0 = sysmeister at example.com</screen>
+
+      <para>The command should print the value you entered
+	in <filename>/etc/snmpd.config</filename>.</para>
+
+    </sect2>
+
+    <sect2 id="network-bsnmpd-module">
+      <title>Loading a module</title>
+
+      <para>Most of the bsnmpd functionality is available via
+	modules. For demonstration purposes we will load the host
+	resources module, which we will query for how much ram this
+	system has. In <filename>snmpd.config</filename> the mib-2 module is
+	already activated. We will add the host resources
+	module. Search for the following line and uncomment it, by
+	removing the hash sign in front:</para>
+
+      <programlisting>begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"</programlisting>
+
+      <para>Restart <application>bsnmpd</application>:</para>
+
+      <screen>&prompt.root; <userinput>/etc/rc.d/bsnmpd restart</userinput></screen>
+
+      <para>Now you are able to query the amount of RAM (in kilobytes)
+	this system has:</para>
+
+      <screen>&prompt.root; <userinput>/usr/local/bin/bsnmpwalk -s <replaceable>superprivate</replaceable>@localhost -n 1.3.6.1.2.1.25.2.2</userinput>
+1.3.6.1.2.1.25.2.2 = 511392</screen>
+
+    </sect2>
+  </sect1>
+
 </chapter>
 
 <!--

More information about the freebsd-doc mailing list