""" Detailed VACM configuration +++++++++++++++++++++++++++ Serves MIB subtrees under different conditions: * Respond to SNMPv2c commands * with SNMP community "public" * over IPv4/UDP, listening at 127.0.0.1:161 * Serve MIB under non-default contextName `abcd` * Allow access to `SNMPv2-MIB::system` subtree * Although deny access to `SNMPv2-MIB::sysUpTime` by a bit mask * Use partial context name matching (`a`) This example demonstrates detailed VACM configuration performed via low-level VACM calls: `addContext`, `addVacmGroup`, `addVacmAccess` and `addVacmView`. Each function populates one of the tables defined in `SNMP-VIEW-BASED-ACM-MIB` and used strictly as described in the above mentioned MIB. The following Net-SNMP's commands will GET a value at this Agent: | $ snmpget -v2c -c public 127.0.0.1 SNMPv2-MIB::sysLocation.0 However this command will fail: | $ snmpget -v2c -c public 127.0.0.1 SNMPv2-MIB::sysUpTime.0 This command will not reveal `SNMPv2-MIB::sysUpTime.0` among other objects: | $ snmpwalk -v2c -c public 127.0.0.1 SNMPv2-MIB::system """# from pysnmp.entity import engine, config from pysnmp.entity.rfc3413 import cmdrsp, context from pysnmp.carrier.asyncore.dgram import udp # Create SNMP engine with autogenernated engineID and pre-bound # to socket transport dispatcher snmpEngine = engine.SnmpEngine() # Transport setup # UDP over IPv4 config.addTransport( snmpEngine, udp.domainName, udp.UdpTransport().openServerMode(('127.0.0.1', 161)) ) # Register default MIB instrumentation controller with a new SNMP context contextName = 'abcd' snmpContext = context.SnmpContext(snmpEngine) snmpContext.registerContextName( contextName, snmpEngine.msgAndPduDsp.mibInstrumController) # Add new SNMP community name, map it to a new security name and # SNMP context securityName = 'my-area' communityName = 'public' config.addV1System( snmpEngine, securityName, communityName, contextEngineId=snmpContext.contextEngineId, contextName=contextName) # VACM configuration settings securityModel = 2 # SNMPv2c securityLevel = 1 # noAuthNoPriv vacmGroup = 'my-group' readViewName = 'my-read-view' # We will match by context name prefix contextPrefix = contextName[:1] # Populate SNMP-VIEW-BASED-ACM-MIB::vacmContextTable config.addContext(snmpEngine, contextName) # Populate SNMP-VIEW-BASED-ACM-MIB::vacmSecurityToGroupTable config.addVacmGroup( snmpEngine, vacmGroup, securityModel, securityName) # Populate SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable config.addVacmAccess( snmpEngine, vacmGroup, contextPrefix, securityModel, securityLevel, 'prefix', readViewName, '', '') # Populate SNMP-VIEW-BASED-ACM-MIB::vacmViewTreeFamilyTable # Allow the whole system subtree config.addVacmView( snmpEngine, readViewName, 'included', '1.3.6.1.2.1.1.1', '1.1.1.1.1.1.1.0') # ...but exclude one sub-branch (just one scalar OID) config.addVacmView( snmpEngine, readViewName, 'excluded', '1.3.6.1.2.1.1.3', '1.1.1.1.1.1.1.1') # Register SNMP Applications at the SNMP engine for particular SNMP context cmdrsp.GetCommandResponder(snmpEngine, snmpContext) cmdrsp.SetCommandResponder(snmpEngine, snmpContext) cmdrsp.NextCommandResponder(snmpEngine, snmpContext) # Register an imaginary never-ending job to keep I/O dispatcher running forever snmpEngine.transportDispatcher.jobStarted(1) # Run I/O dispatcher which would receive queries and send responses try: snmpEngine.transportDispatcher.runDispatcher() except Exception: snmpEngine.transportDispatcher.closeDispatcher() raise