-
Notifications
You must be signed in to change notification settings - Fork 0
/
snmpd.conf
196 lines (150 loc) · 6.35 KB
/
snmpd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
###############################################################################
# SNMPd Configuration File for v1, v2c, and v3 users
###############################################################################
###############################################################################
# SNMP v1 and v2c Setup
###############################################################################
# System Information
sysLocation "Server Room"
sysContact "support@lextudio.com"
# Enable SNMPv1 and SNMPv2c access with public community strings
# Use these settings for SNMPv1 and SNMPv2c clients
# Replace "public" and "private" with your actual community strings.
# Read-only community (public) for SNMPv1 and SNMPv2c
rocommunity public default
# Read-write community (private) for SNMPv1 and SNMPv2c
rwcommunity private default
###############################################################################
# SNMPv3 Setup
###############################################################################
# This section defines SNMPv3 users with various authentication and encryption settings.
# You can use the command line `snmpusm` or `snmpvacm` to create users or manually define them in this config file.
# Define SNMPv3 users with different authentication and privacy (encryption) settings
# Users with no auth and no priv
createUser usr-none-none
# Users with MD5 auth and no privacy (authNoPriv)
createUser usr-md5-none MD5 "authkey1"
# Users with MD5 auth and DES privacy (authPriv)
createUser usr-md5-des MD5 "authkey1" DES "privkey1"
# Users with MD5 auth and Cisco AES encryption
createUser usr-md5-aes MD5 "authkey1" AES "privkey1"
createUser usr-md5-aes192 MD5 "authkey1" AES192C "privkey1"
createUser usr-md5-aes256 MD5 "authkey1" AES256C "privkey1"
# Users with SHA1 auth and no privacy (authNoPriv)
createUser usr-sha-none SHA "authkey1"
# Users with SHA1 auth and DES privacy (authPriv)
createUser usr-sha-des SHA "authkey1" DES "privkey1"
# Users with SHA1 auth and Cisco AES encryption
createUser usr-sha-aes SHA "authkey1" AES "privkey1"
createUser usr-sha-aes192 SHA "authkey1" AES192C "privkey1"
createUser usr-sha-aes256 SHA "authkey1" AES256C "privkey1"
# Users with SHA224 auth and no privacy (authNoPriv)
createUser usr-sha224-none SHA224 "authkey1"
# Users with SHA224 auth and DES privacy (authPriv)
createUser usr-sha224-des SHA224 "authkey1" DES "privkey1"
# Users with SHA224 auth and Cisco AES encryption
createUser usr-sha224-aes SHA224 "authkey1" AES "privkey1"
createUser usr-sha224-aes192 SHA224 "authkey1" AES192C "privkey1"
createUser usr-sha224-aes256 SHA224 "authkey1" AES256C "privkey1"
# Users with SHA256 auth and no privacy (authNoPriv)
createUser usr-sha256-none SHA256 "authkey1"
# Users with SHA256 auth and DES privacy (authPriv)
createUser usr-sha256-des SHA256 "authkey1" DES "privkey1"
# Users with SHA256 auth and Cisco AES encryption
createUser usr-sha256-aes SHA256 "authkey1" AES "privkey1"
createUser usr-sha256-aes192 SHA256 "authkey1" AES192C "privkey1"
createUser usr-sha256-aes256 SHA256 "authkey1" AES256C "privkey1"
# Users with SHA384 auth and no privacy (authNoPriv)
createUser usr-sha384-none SHA384 "authkey1"
# Users with SHA384 auth and DES privacy (authPriv)
createUser usr-sha384-des SHA384 "authkey1" DES "privkey1"
# Users with SHA384 auth and Cisco AES encryption
createUser usr-sha384-aes SHA384 "authkey1" AES "privkey1"
createUser usr-sha384-aes192 SHA384 "authkey1" AES192C "privkey1"
createUser usr-sha384-aes256 SHA384 "authkey1" AES256C "privkey1"
# Users with SHA512 auth and no privacy (authNoPriv)
createUser usr-sha512-none SHA512 "authkey1"
# Users with SHA512 auth and DES privacy (authPriv)
createUser usr-sha512-des SHA512 "authkey1" DES "privkey1"
# Users with SHA512 auth and Cisco AES encryption
createUser usr-sha512-aes SHA512 "authkey1" AES "privkey1"
createUser usr-sha512-aes192 SHA512 "authkey1" AES192C "privkey1"
createUser usr-sha512-aes256 SHA512 "authkey1" AES256C "privkey1"
###############################################################################
# Access Control (Optional)
###############################################################################
# Define access levels for SNMPv3 users (rouser for read-only, rwuser for read-write)
# Adjust based on your security requirements
# Read-only access
rouser usr-none-none noauth
rouser usr-md5-none auth
rouser usr-md5-des priv
rouser usr-md5-aes priv
rouser usr-md5-aes192 priv
rouser usr-md5-aes256 priv
rouser usr-sha-none auth
rouser usr-sha-des priv
rouser usr-sha-aes priv
rouser usr-sha-aes192 priv
rouser usr-sha-aes256 priv
rouser usr-sha224-none auth
rouser usr-sha224-des priv
rouser usr-sha224-aes priv
rouser usr-sha224-aes192 priv
rouser usr-sha224-aes256 priv
rouser usr-sha256-none auth
rouser usr-sha256-des priv
rouser usr-sha256-aes priv
rouser usr-sha256-aes192 priv
rouser usr-sha256-aes256 priv
rouser usr-sha384-none auth
rouser usr-sha384-des priv
rouser usr-sha384-aes priv
rouser usr-sha384-aes192 priv
rouser usr-sha384-aes256 priv
rouser usr-sha512-none auth
rouser usr-sha512-des priv
rouser usr-sha512-aes priv
rouser usr-sha512-aes192 priv
rouser usr-sha512-aes256 priv
# Read-write access
rwuser usr-md5-none auth
rwuser usr-md5-des priv
rwuser usr-md5-aes priv
rwuser usr-md5-aes192 priv
rwuser usr-md5-aes256 priv
rwuser usr-sha-none auth
rwuser usr-sha-des priv
rwuser usr-sha-aes priv
rwuser usr-sha-aes192 priv
rwuser usr-sha-aes256 priv
rwuser usr-sha224-none auth
rwuser usr-sha224-des priv
rwuser usr-sha224-aes priv
rwuser usr-sha224-aes192 priv
rwuser usr-sha224-aes256 priv
rwuser usr-sha256-none auth
rwuser usr-sha256-des priv
rwuser usr-sha256-aes priv
rwuser usr-sha256-aes192 priv
rwuser usr-sha256-aes256 priv
rwuser usr-sha384-none auth
rwuser usr-sha384-des priv
rwuser usr-sha384-aes priv
rwuser usr-sha384-aes192 priv
rwuser usr-sha384-aes256 priv
rwuser usr-sha512-none auth
rwuser usr-sha512-des priv
rwuser usr-sha512-aes priv
rwuser usr-sha512-aes192 priv
rwuser usr-sha512-aes256 priv
###############################################################################
# Agent Behavior and Logging
###############################################################################
# Listen for SNMP requests on all interfaces (default UDP port 161)
agentAddress udp:161,udp6:161
# Logging and debugging options
# Send logs to /var/log/snmpd.log
# logfile /var/log/snmpd.log
# Enable agent logging (uncomment to enable)
# debugsnmpd