svn commit: r316262 - in projects/bsnmp-ipv6-mib: contrib/bsnmp/snmpd etc etc/newsyslog.conf.d etc/syslog.d
Ngie Cooper
ngie at FreeBSD.org
Thu Mar 30 07:31:03 UTC 2017
Author: ngie
Date: Thu Mar 30 07:31:01 2017
New Revision: 316262
URL: https://svnweb.freebsd.org/changeset/base/316262
Log:
bsnmpd: change default process name/prefix from "snmpd" to "bsnmpd"
This is being done to prevent collisions between other snmp daemons,
like snmpd from net-snmp.
Add logging infrastructure hooks (newsyslog, syslogd) to support the
commit.
MFC after: 1 month
Reviewed by: arch@ (no objection)
Sponsored by: Dell EMC Isilon
Added:
projects/bsnmp-ipv6-mib/etc/bsnmpd.config
- copied unchanged from r316261, projects/bsnmp-ipv6-mib/etc/snmpd.config
projects/bsnmp-ipv6-mib/etc/syslog.d/
projects/bsnmp-ipv6-mib/etc/syslog.d/Makefile (contents, props changed)
projects/bsnmp-ipv6-mib/etc/syslog.d/bsnmpd.conf (contents, props changed)
Deleted:
projects/bsnmp-ipv6-mib/etc/snmpd.config
Modified:
projects/bsnmp-ipv6-mib/contrib/bsnmp/snmpd/main.c
projects/bsnmp-ipv6-mib/etc/Makefile
projects/bsnmp-ipv6-mib/etc/newsyslog.conf.d/Makefile
Modified: projects/bsnmp-ipv6-mib/contrib/bsnmp/snmpd/main.c
==============================================================================
--- projects/bsnmp-ipv6-mib/contrib/bsnmp/snmpd/main.c Thu Mar 30 07:17:23 2017 (r316261)
+++ projects/bsnmp-ipv6-mib/contrib/bsnmp/snmpd/main.c Thu Mar 30 07:31:01 2017 (r316262)
@@ -1480,7 +1480,7 @@ main(int argc, char *argv[])
FILE *fp;
int background = 1;
struct tport *p;
- const char *prefix = "snmpd";
+ const char *prefix = "bsnmpd";
struct lmodule *m;
char *value = NULL, *option; /* XXX */
struct transport *t;
@@ -1592,7 +1592,7 @@ main(int argc, char *argv[])
/*
* Initialize hosts_access(3) handler.
*/
- request_init(&req, RQ_DAEMON, "snmpd", 0);
+ request_init(&req, RQ_DAEMON, "bsnmpd", 0);
sock_methods(&req);
#endif
Modified: projects/bsnmp-ipv6-mib/etc/Makefile
==============================================================================
--- projects/bsnmp-ipv6-mib/etc/Makefile Thu Mar 30 07:17:23 2017 (r316261)
+++ projects/bsnmp-ipv6-mib/etc/Makefile Thu Mar 30 07:31:01 2017 (r316262)
@@ -8,7 +8,8 @@ FILESGROUPS= FILES
# No need as it is empty and just causes rebuilds since this file does so much.
UPDATE_DEPENDFILE= no
SUBDIR= \
- newsyslog.conf.d
+ newsyslog.conf.d \
+ syslog.d
.if ${MK_SENDMAIL} != "no"
SUBDIR+=sendmail
Copied: projects/bsnmp-ipv6-mib/etc/bsnmpd.config (from r316261, projects/bsnmp-ipv6-mib/etc/snmpd.config)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ projects/bsnmp-ipv6-mib/etc/bsnmpd.config Thu Mar 30 07:31:01 2017 (r316262, copy of r316261, projects/bsnmp-ipv6-mib/etc/snmpd.config)
@@ -0,0 +1,328 @@
+# $FreeBSD$
+#
+# Example configuration file for bsnmpd(1).
+#
+
+#
+# Set some common variables
+#
+location := "Room 200"
+contact := "sysmeister at example.com"
+system := 1 # FreeBSD
+traphost := localhost
+trapport := 162
+
+#
+# Set the SNMP engine ID.
+#
+# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
+# this configuration file, an ID is assigned based on the value of the
+# kern.hostid variable
+# engine := 0x80:0x10:0x08:0x10:0x80:0x25
+# snmpEngineID = $(engine)
+
+# Change this!
+read := "public"
+# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
+# string to enable write access.
+write := "geheim"
+trap := "mytrap"
+
+#
+# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
+#
+
+NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1
+HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2
+HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3
+NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1
+DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2
+AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4
+
+#
+# Enumerations from SNMP-FRAMEWORK-MIB
+#
+
+# Security models
+securityModelAny := 0
+securityModelSNMPv1 := 1
+securityModelSNMPv2c := 2
+securityModelUSM := 3
+
+# Message Processing models
+MPmodelSNMPv1 := 0
+MPmodelSNMPv2c := 1
+MPmodelSNMPv3 := 3
+
+# Security levels
+noAuthNoPriv := 1
+authNoPriv := 2
+authPriv := 3
+
+
+# SNMPv3 USM User definition
+#
+# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
+# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
+# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
+# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
+# with a private password "bsnmptest", localized for the above engine ID.
+#
+#user1 := "bsnmp"
+#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
+
+#
+# Configuration
+#
+%snmpd
+begemotSnmpdDebugDumpPdus = 2
+begemotSnmpdDebugSyslogPri = 7
+
+#
+# Set the read and write communities.
+#
+# The default value of the community strings is NULL (note, that this is
+# different from the empty string). This disables both read and write access.
+# To enable read access only the read community string must be set. Setting
+# the write community string enables both read and write access with that
+# string.
+#
+# Be sure to understand the security implications of SNMPv2 - the community
+# strings are readable on the wire!
+#
+begemotSnmpdCommunityString.0.1 = $(read)
+# begemotSnmpdCommunityString.0.2 = $(write)
+begemotSnmpdCommunityDisable = 1
+
+# open standard SNMP ports
+begemotSnmpdPortStatus.0.0.0.0.161 = 1
+
+# open a unix domain socket
+begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
+begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
+
+# send traps to the traphost
+begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
+begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
+begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
+
+sysContact = $(contact)
+sysLocation = $(location)
+sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system)
+
+snmpEnableAuthenTraps = 2
+
+# Uncomment `begemotSnmpdModulePath.".." = ".."' entries below to enable
+# modules
+
+#
+# Control configuration for the modules in the module specific sections, e.g.
+# the "usm" module (begemotSnmpdModulePath."usm") can be controlled in the
+# %usm specific section. You must uncomment the section specific header in
+# order to use the enclosed variables, e.g. `usmUserStatus.$(engine).$(user1)`
+# can only be used if %usm is uncommented.
+#
+# Modules are loaded in the order listed, so they must be before any
+# dependent modules, e.g. "mibII" vs "bridge".
+#
+
+#
+# MIB-2 module
+#
+begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so"
+
+#
+# Bridge module
+# This requires the mibII module.
+#
+#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
+
+#
+# Host resources module
+# This requires the mibII module.
+#
+#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
+
+#
+# IPv6 module
+# This requires the mibII module.
+#
+#begemotSnmpdModulePath."ipv6MIB" = "/usr/lib/snmp_ipv6MIB.so"
+
+#
+# LM75 Sensor module
+#
+#begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so"
+
+#
+# Netgraph module
+#
+#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
+
+#
+# pf(4) module
+#
+#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so"
+
+#
+# SNMPv3 Notification Targets
+#
+# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so"
+
+#
+# SNMPv3 User-based security module - must be loaded for SNMPv3 USM
+#
+#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"
+
+#
+# SNMPv3 View-based Access Control module
+#
+#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"
+
+#
+# Wireless module
+# This requires the mibII module.
+#
+#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"
+
+#
+# SNMPv3 USM User definition.
+#
+
+#%usm
+
+#
+# The following block creates a user with name "bsnmp" and sets privacy
+# and encryption options to SHA256 message digests and AES encryption
+# for this user.
+#
+# usmUserStatus.$(engine).$(user1) = 5
+# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
+# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
+# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
+# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
+# usmUserStatus.$(engine).$(user1) = 1
+#
+
+#
+# The following block creates a user with name "public" with no authentication
+# or encryption options.
+#
+# usmUserStatus.$(engine).$(read) = 5
+# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
+# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
+# usmUserStatus.$(engine).$(read) = 1
+#
+
+#
+# Definition of view-based access control entries.
+#
+#%vacm
+
+# Definition of a SNMPv1 group
+# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
+# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
+
+# Definition of SNMPv2 group
+# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
+# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
+
+# Definition of SNMPv3 group with users "bsnmp" and "public"
+# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
+# vacmGroupName.$(securityModelUSM).$(user1) = $(write)
+# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
+# vacmGroupName.$(securityModelUSM).$(read) = $(write)
+
+#
+# The OID of the .iso.org.dod.internet subtree
+#
+# internetoid := 1.3.6.1
+# internetoidlen := 4
+
+#
+# Definitions of two views
+#
+# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
+# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4
+
+#
+# Access control
+#
+
+#
+# Read-only access for SNMPv1 users
+#
+# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
+# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
+
+#
+# Read-write access for SNMPv2 users
+#
+# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
+# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
+# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
+
+#
+# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
+#
+# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
+# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
+# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
+# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
+
+#
+#Read-write-notify access to restricted for SNMPv3 USM users with authPriv
+#
+# vacmAccessStatus.$(write)."".$(securityModelUSM).$(authPriv) = 4
+# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
+# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
+# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
+
+#%target
+# Send notifications to target tag "test"
+# tag := "test"
+# snmpNotifyRowStatus.$(tag) = 4
+# snmpNotifyTag.$(tag) = $(tag)
+
+# tagremote := "testremote"
+# snmpNotifyRowStatus.$(tagremote) = 4
+# snmpNotifyTag.$(tagremote) = $(tagremote)
+
+#
+# Specify the target parameters for the notifications - send with the credentials
+# of user "bsnmp"
+#
+# snmpTargetParamsRowStatus.$(tag) = 5
+# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
+# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
+# snmpTargetParamsSecurityName.$(tag) = $(user1)
+# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
+# snmpTargetParamsRowStatus.$(tag) = 1
+
+#
+# Define the notifications' target address - port 162 on localhost
+#
+# snmpTargetAddrRowStatus.$(tag) = 5
+# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
+# snmpTargetAddrTagList.$(tag) = "test notification"
+# snmpTargetAddrParams.$(tag) = $(tag)
+# snmpTargetAddrRowStatus.$(tag) = 1
+
+#
+# Define the notifications' target address - port 162 on 10.0.0.1
+#
+# snmpTargetAddrRowStatus.$(tagremote) = 5
+# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
+# snmpTargetAddrTagList.$(tagremote) = $(tagremote)
+# snmpTargetAddrParams.$(tagremote) = $(tag)
+# snmpTargetAddrRowStatus.$(tagremote) = 1
+
+# Force a polling rate for the 64-bit interface counters in case
+# the automatic computation is wrong (which may be the case if an interface
+# announces the wrong bit rate via its MIB).
+#%mibII
+#begemotIfForcePoll = 2000
+
+#%netgraph
+#begemotNgControlNodeName = "snmpd"
+
Modified: projects/bsnmp-ipv6-mib/etc/newsyslog.conf.d/Makefile
==============================================================================
--- projects/bsnmp-ipv6-mib/etc/newsyslog.conf.d/Makefile Thu Mar 30 07:17:23 2017 (r316261)
+++ projects/bsnmp-ipv6-mib/etc/newsyslog.conf.d/Makefile Thu Mar 30 07:31:01 2017 (r316262)
@@ -6,6 +6,10 @@ BINDIR= /etc/newsyslog.conf.d
FILES=
+.if ${MK_BSNMP} != "no"
+FILES+= bsnmpd.conf
+.endif
+
.if ${MK_OFED} != "no"
FILES+= opensm.conf
.endif
Added: projects/bsnmp-ipv6-mib/etc/syslog.d/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ projects/bsnmp-ipv6-mib/etc/syslog.d/Makefile Thu Mar 30 07:31:01 2017 (r316262)
@@ -0,0 +1,13 @@
+# $FreeBSD$
+
+.include <src.opts.mk>
+
+BINDIR= /etc/syslog.d
+
+FILES=
+
+.if ${MK_BSNMP} != "no"
+FILES+= bsnmpd.conf
+.endif
+
+.include <bsd.prog.mk>
Added: projects/bsnmp-ipv6-mib/etc/syslog.d/bsnmpd.conf
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ projects/bsnmp-ipv6-mib/etc/syslog.d/bsnmpd.conf Thu Mar 30 07:31:01 2017 (r316262)
@@ -0,0 +1,2 @@
+# $FreeBSD$
+bsnmpd.* /var/log/bsnmpd.log
More information about the svn-src-projects
mailing list