Blame SOURCES/net-snmp.redhat.conf

700982
###############################################################################
700982
#
700982
# snmpd.conf:
700982
#   An example configuration file for configuring the ucd-snmp snmpd agent.
700982
#
700982
###############################################################################
700982
#
700982
# This file is intended to only be as a starting point.  Many more
700982
# configuration directives exist than are mentioned in this file.  For 
700982
# full details, see the snmpd.conf(5) manual page.
700982
#
700982
# All lines beginning with a '#' are comments and are intended for you
700982
# to read.  All other lines are configuration commands for the agent.
700982
700982
###############################################################################
700982
# Access Control
700982
###############################################################################
700982
700982
# As shipped, the snmpd demon will only respond to queries on the
700982
# system mib group until this file is replaced or modified for
700982
# security purposes.  Examples are shown below about how to increase the
700982
# level of access.
700982
700982
# By far, the most common question I get about the agent is "why won't
700982
# it work?", when really it should be "how do I configure the agent to
700982
# allow me to access it?"
700982
#
700982
# By default, the agent responds to the "public" community for read
700982
# only access, if run out of the box without any configuration file in 
700982
# place.  The following examples show you other ways of configuring
700982
# the agent so that you can change the community names, and give
700982
# yourself write access to the mib tree as well.
700982
#
700982
# For more information, read the FAQ as well as the snmpd.conf(5)
700982
# manual page.
700982
700982
####
700982
# First, map the community name "public" into a "security name"
700982
700982
#       sec.name  source          community
700982
com2sec notConfigUser  default       public
700982
700982
####
700982
# Second, map the security name into a group name:
700982
700982
#       groupName      securityModel securityName
700982
group   notConfigGroup v1           notConfigUser
700982
group   notConfigGroup v2c           notConfigUser
700982
700982
####
700982
# Third, create a view for us to let the group have rights to:
700982
700982
# Make at least  snmpwalk -v 1 localhost -c public system fast again.
700982
#       name           incl/excl     subtree         mask(optional)
700982
view    systemview    included   .1.3.6.1.2.1.1
700982
view    systemview    included   .1.3.6.1.2.1.25.1.1
700982
700982
####
700982
# Finally, grant the group read-only access to the systemview view.
700982
700982
#       group          context sec.model sec.level prefix read   write  notif
700982
access  notConfigGroup ""      any       noauth    exact  systemview none none
700982
700982
# -----------------------------------------------------------------------------
700982
700982
# Here is a commented out example configuration that allows less
700982
# restrictive access.
700982
700982
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
700982
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
700982
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
700982
700982
##       sec.name  source          community
700982
#com2sec local     localhost       COMMUNITY
700982
#com2sec mynetwork NETWORK/24      COMMUNITY
700982
700982
##     group.name sec.model  sec.name
700982
#group MyRWGroup  any        local
700982
#group MyROGroup  any        mynetwork
700982
#
700982
#group MyRWGroup  any        otherv3user
700982
#...
700982
700982
##           incl/excl subtree                          mask
700982
#view all    included  .1                               80
700982
700982
## -or just the mib2 tree-
700982
700982
#view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc
700982
700982
700982
##                context sec.model sec.level prefix read   write  notif
700982
#access MyROGroup ""      any       noauth    0      all    none   none
700982
#access MyRWGroup ""      any       noauth    0      all    all    all
700982
700982
700982
###############################################################################
700982
# Sample configuration to make net-snmpd RFC 1213.
700982
# Unfortunately v1 and v2c don't allow any user based authentification, so
700982
# opening up the default config is not an option from a security point.
700982
#
700982
# WARNING: If you uncomment the following lines you allow write access to your
700982
# snmpd daemon from any source! To avoid this use different names for your
700982
# community or split out the write access to a different community and 
700982
# restrict it to your local network.
700982
# Also remember to comment the syslocation and syscontact parameters later as
700982
# otherwise they are still read only (see FAQ for net-snmp).
700982
#
700982
700982
# First, map the community name "public" into a "security name"
700982
#       sec.name        source          community
700982
#com2sec notConfigUser   default         public
700982
700982
# Second, map the security name into a group name:
700982
#       groupName       securityModel   securityName
700982
#group   notConfigGroup  v1              notConfigUser
700982
#group   notConfigGroup  v2c             notConfigUser
700982
700982
# Third, create a view for us to let the group have rights to:
700982
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
700982
#       name            incl/excl       subtree mask(optional)
700982
#view    roview          included        .1
700982
#view    rwview          included        system.sysContact
700982
#view    rwview          included        system.sysName
700982
#view    rwview          included        system.sysLocation
700982
#view    rwview          included        interfaces.ifTable.ifEntry.ifAdminStatus
700982
#view    rwview          included        at.atTable.atEntry.atPhysAddress
700982
#view    rwview          included        at.atTable.atEntry.atNetAddress
700982
#view    rwview          included        ip.ipForwarding
700982
#view    rwview          included        ip.ipDefaultTTL
700982
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteDest
700982
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
700982
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
700982
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
700982
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
700982
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
700982
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteType
700982
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteAge
700982
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMask
700982
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
700982
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
700982
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
700982
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
700982
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
700982
#view    rwview          included        tcp.tcpConnTable.tcpConnEntry.tcpConnState
700982
#view    rwview          included        egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
700982
#view    rwview          included        snmp.snmpEnableAuthenTraps
700982
700982
# Finally, grant the group read-only access to the systemview view.
700982
#       group          context sec.model sec.level prefix read   write  notif
700982
#access  notConfigGroup ""      any       noauth    exact  roview rwview none
700982
700982
700982
700982
###############################################################################
700982
# System contact information
700982
#
700982
700982
# It is also possible to set the sysContact and sysLocation system
700982
# variables through the snmpd.conf file:
700982
700982
syslocation Unknown (edit /etc/snmp/snmpd.conf)
700982
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
700982
700982
# Example output of snmpwalk:
700982
#   % snmpwalk -v 1 localhost -c public system
700982
#   system.sysDescr.0 = "SunOS name sun4c"
700982
#   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
700982
#   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
700982
#   system.sysContact.0 = "Me <me@somewhere.org>"
700982
#   system.sysName.0 = "name"
700982
#   system.sysLocation.0 = "Right here, right now."
700982
#   system.sysServices.0 = 72
700982
700982
700982
###############################################################################
700982
# Logging
700982
#
700982
700982
# We do not want annoying "Connection from UDP: " messages in syslog.
700982
# If the following option is commented out, snmpd will print each incoming
700982
# connection, which can be useful for debugging.
700982
700982
dontLogTCPWrappersConnects yes
700982
700982
# -----------------------------------------------------------------------------
700982
700982
700982
###############################################################################
700982
# Process checks.
700982
#
700982
#  The following are examples of how to use the agent to check for
700982
#  processes running on the host.  The syntax looks something like:
700982
#
700982
#  proc NAME [MAX=0] [MIN=0]
700982
#
700982
#  NAME:  the name of the process to check for.  It must match
700982
#         exactly (ie, http will not find httpd processes).
700982
#  MAX:   the maximum number allowed to be running.  Defaults to 0.
700982
#  MIN:   the minimum number to be running.  Defaults to 0.
700982
700982
#
700982
#  Examples (commented out by default):
700982
#
700982
700982
#  Make sure mountd is running
700982
#proc mountd
700982
700982
#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
700982
#proc ntalkd 4
700982
700982
#  Make sure at least one sendmail, but less than or equal to 10 are running.
700982
#proc sendmail 10 1
700982
700982
#  A snmpwalk of the process mib tree would look something like this:
700982
# 
700982
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
700982
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
700982
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
700982
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
700982
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
700982
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
700982
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
700982
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
700982
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
700982
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
700982
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
700982
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
700982
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
700982
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
700982
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
700982
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
700982
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
700982
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
700982
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
700982
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
700982
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
700982
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
700982
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
700982
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
700982
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
700982
#
700982
#  Note that the errorFlag for mountd is set to 1 because one is not
700982
#  running (in this case an rpc.mountd is, but thats not good enough),
700982
#  and the ErrMessage tells you what's wrong.  The configuration
700982
#  imposed in the snmpd.conf file is also shown.  
700982
# 
700982
#  Special Case:  When the min and max numbers are both 0, it assumes
700982
#  you want a max of infinity and a min of 1.
700982
#
700982
700982
700982
# -----------------------------------------------------------------------------
700982
700982
700982
###############################################################################
700982
# Executables/scripts
700982
#
700982
700982
#
700982
#  You can also have programs run by the agent that return a single
700982
#  line of output and an exit code.  Here are two examples.
700982
#
700982
#  exec NAME PROGRAM [ARGS ...]
700982
#
700982
#  NAME:     A generic name. The name must be unique for each exec statement.
700982
#  PROGRAM:  The program to run.  Include the path!
700982
#  ARGS:     optional arguments to be passed to the program
700982
700982
# a simple hello world
700982
700982
#exec echotest /bin/echo hello world
700982
700982
# Run a shell script containing:
700982
#
700982
# #!/bin/sh
700982
# echo hello world
700982
# echo hi there
700982
# exit 35
700982
#
700982
# Note:  this has been specifically commented out to prevent
700982
# accidental security holes due to someone else on your system writing
700982
# a /tmp/shtest before you do.  Uncomment to use it.
700982
#
700982
#exec shelltest /bin/sh /tmp/shtest
700982
700982
# Then, 
700982
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
700982
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
700982
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
700982
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
700982
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
700982
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
700982
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
700982
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
700982
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
700982
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
700982
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
700982
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
700982
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
700982
700982
# Note that the second line of the /tmp/shtest shell script is cut
700982
# off.  Also note that the exit status of 35 was returned.
700982
700982
# -----------------------------------------------------------------------------
700982
700982
700982
###############################################################################
700982
# disk checks
700982
#
700982
700982
# The agent can check the amount of available disk space, and make
700982
# sure it is above a set limit.  
700982
700982
# disk PATH [MIN=100000]
700982
#
700982
# PATH:  mount path to the disk in question.
700982
# MIN:   Disks with space below this value will have the Mib's errorFlag set.
700982
#        Default value = 100000.
700982
700982
# Check the / partition and make sure it contains at least 10 megs.
700982
700982
#disk / 10000
700982
700982
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
700982
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
700982
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F 
700982
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
700982
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
700982
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
700982
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
700982
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
700982
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
700982
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
700982
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
700982
700982
# -----------------------------------------------------------------------------
700982
700982
700982
###############################################################################
700982
# load average checks
700982
#
700982
700982
# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
700982
#
700982
# 1MAX:   If the 1 minute load average is above this limit at query
700982
#         time, the errorFlag will be set.
700982
# 5MAX:   Similar, but for 5 min average.
700982
# 15MAX:  Similar, but for 15 min average.
700982
700982
# Check for loads:
700982
#load 12 14 14
700982
700982
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
700982
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
700982
700982
# -----------------------------------------------------------------------------
700982
700982
700982
###############################################################################
700982
# Extensible sections.
700982
# 
700982
700982
# This alleviates the multiple line output problem found in the
700982
# previous executable mib by placing each mib in its own mib table:
700982
700982
# Run a shell script containing:
700982
#
700982
# #!/bin/sh
700982
# echo hello world
700982
# echo hi there
700982
# exit 35
700982
#
700982
# Note:  this has been specifically commented out to prevent
700982
# accidental security holes due to someone else on your system writing
700982
# a /tmp/shtest before you do.  Uncomment to use it.
700982
#
700982
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
700982
700982
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
700982
# enterprises.ucdavis.50.1.1 = 1
700982
# enterprises.ucdavis.50.2.1 = "shelltest"
700982
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
700982
# enterprises.ucdavis.50.100.1 = 35
700982
# enterprises.ucdavis.50.101.1 = "hello world."
700982
# enterprises.ucdavis.50.101.2 = "hi there."
700982
# enterprises.ucdavis.50.102.1 = 0
700982
700982
# Now the Output has grown to two lines, and we can see the 'hi
700982
# there.' output as the second line from our shell script.
700982
#
700982
# Note that you must alter the mib.txt file to be correct if you want
700982
# the .50.* outputs above to change to reasonable text descriptions.
700982
700982
# Other ideas:
700982
# 
700982
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps 
700982
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
700982
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
700982
700982
# -----------------------------------------------------------------------------
700982
700982
700982
###############################################################################
700982
# Pass through control.
700982
# 
700982
700982
# Usage:
700982
#   pass MIBOID EXEC-COMMAND
700982
#
700982
# This will pass total control of the mib underneath the MIBOID
700982
# portion of the mib to the EXEC-COMMAND.  
700982
#
700982
# Note:  You'll have to change the path of the passtest script to your
700982
# source directory or install it in the given location.
700982
# 
700982
# Example:  (see the script for details)
700982
#           (commented out here since it requires that you place the
700982
#           script in the right location. (its not installed by default))
700982
700982
# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
700982
700982
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
700982
# enterprises.ucdavis.255.1 = "life the universe and everything"
700982
# enterprises.ucdavis.255.2.1 = 42
700982
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
700982
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
700982
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
700982
# enterprises.ucdavis.255.5 = 42
700982
# enterprises.ucdavis.255.6 = Gauge: 42
700982
#
700982
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
700982
# enterprises.ucdavis.255.5 = 42
700982
#
700982
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
700982
# enterprises.ucdavis.255.1 = "New string"
700982
#
700982
700982
# For specific usage information, see the man/snmpd.conf.5 manual page
700982
# as well as the local/passtest script used in the above example.
700982
700982
###############################################################################
700982
# Further Information
700982
#
700982
#  See the snmpd.conf manual page, and the output of "snmpd -H".