1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
This distribution implements the internet draft "User-based Security
Model for SNMPv2". The work is based on the original CMU SNMP agent
and application code. The work started as an effort based on the
SNMPv1 agent and borrowed pieces of the SNMPv2 agent as required.
Many thanks to Steve Waldbusser for his code, used as the base for
this work.
Some notes about this release...
- Traps have not been tested.
- there are no documents describing the configuration file (/etc/snmpd.conf)
Read the config file to learn its syntax.
- The code has been only been tested on a Sun Sparc running SunOS 4.1.1.
The agent is very SunOS specific. The applications should be portable
to other systems.
- only the empty contextSelector is used by the agent.
- there is no privacy support, only MD5 auth support.
---
To build the system, perform the following steps:
1. cd to the directory containing this file (README.usec).
2. cd snmplib; make
3. cd ../apps; make
4. done.
---
The agent may be installed by entering the command from the apps directory
as root:
cd apps; ./agent-boot.sh [-mini | -semi | -very] password
This installs the agent and its configuration files in /etc. There are
three configuration files:
/etc/ contents
----- --------
snmpd.agentinfo agentBoots object
snmpd.conf user, view, and access rights information
snmpd.mib mib object definitions
The snmpd.conf file contains one user, public, with an authentication
key based on the password provided. The security posture for public,
when it performs operations without authentication, is defined by the
using one of three switches:
switch security posture
------ ----------------
-mini read-only access to the internet subtree
-semi read-only access to the system subtree and agent statistics
-very read-only access to the agent statistics
Alternatively, some basic functionality may be tested by following
these steps:
1. cd apps
2. setenv MIBFILE ../mib.txt
This tells the applications where to find a MIB for performing
symbolic name to object-identifier translations.
3. Install the agent configuration file (snmpd.conf) in /etc/snmpd.conf
4. echo 0 > /etc/snmpd.agentinfo
5. Start the SNMP agent as root.
To start the agent issue the command "snmpd" (with the optional
-d to dump the packets that are sent/received).
6. Try an application. For example...
snmpget <hostname> /public system.sysDescr.0
---
The agent and applications are all SNMPv1/SNMPv2c/SNMPv2u compatible.
The version is that the application will use is selected by inspecting
the first character of the community string provided to the
application, as follows:
o if the first character of the community string is a "+" then
the SNMPv2c (community-based SNMPv2 as specified in RFC 1901)
is used (the remainder of the community string is used as the
actual community string);
o if the first character of the community string is a "/" then
the SNMPv2u (User-based security model) is used (see the note
below for more details);
o all other community strings select SNMPv1.
A community string that begins with a slash selects the SNMPv2u
protocol. The "community" string is parsed to build the parameters
for the communication. The format of the string is:
/userName/[authKey]/[privKey]/[contextSelector]
Trailing slashes may be omitted. Both authKey and privKey may be
specified as hex or as a human readable password. To specify a hex
key, the key must begin with "0x" and be followed by exactly 32 hex
digits (to form a 16 octet key). If a human readable password is
entered, the password is passed through the "password to key algorithm"
to generate the 16 octet key. The password to key algorithm is
specified in the "User-Based Security Model for SNMPv2" RFC.
A "+" or "/" character may not start a SNMPv1 community string and may
not be contained within any SNMPv2 parameters (this is an
*implementation* restriction).
Some "community" string examples:
/joe -- qos=noAuth/noPriv, context="", userName="joe"
/boneless/chicken/ranch -- qos=auth/priv, context="", userName="boneless"
authKey=pw2key("chicken"), privKey=pw2key("ranch")
*note* privacy not supported, trying this will generate
a UnsupportedQoS report.
/maplesyrup/sugarbush//other
-- qos=auth/noPriv, context="other", userName="maplesyrup"
authKey=pw2key("sugarbush",agentID)
/glenn/0x4ca25023b00a6689ef21cb1b6fa9cb0e
-- qos=auth/noPriv, context="", userName="glenn"
authKey=4ca25023b00a6689ef21cb1b6fa9cb0e
(the authKey is keyed using an agentID)
+public -- SNMPv2c using public as the community string
public -- SNMPv1 using public as the community string
Copyright information
---------------------
The original CMU copyright stills applies:
/***********************************************************
Copyright 1988, 1989 by Carnegie Mellon University
All Rights Reserved
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of CMU not be
used in advertising or publicity pertaining to distribution of the
software without specific, written prior permission.
CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
******************************************************************/
The modifications are also copyright as outlined below:
/***********************************************************
Copyright 1995 by Glenn Waters
All Rights Reserved
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted.
provided that that the name Glenn Waters not be used in advertising or
publicity pertaining to distribution of the software without specific,
written prior permission.
Glenn Waters DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
EVENT SHALL Glenn Waters BE LIABLE FOR ANY SPECIAL, INDIRECT OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
******************************************************************/
Glenn Waters
gwaters@bnr.ca
|
