1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198
|
This distribution implements the internet draft "User-based Security
Model for SNMPv2". The work is based on the original CMU SNMP agent
and application code. The work started as an effort based on the
SNMPv1 agent and borrowed pieces of the SNMPv2 agent as required.
Many thanks to Steve Waldbusser for his code, used as the base for
this work.
Some notes about this release...
- Traps have not been tested.
- there are no documents describing the configuration file (/etc/snmpd.conf)
Read the config file to learn its syntax.
- The code has been only been tested on a Sun Sparc running SunOS 4.1.1.
The agent is very SunOS specific. The applications should be portable
to other systems.
- only the empty contextSelector is used by the agent.
- there is no privacy support, only MD5 auth support.
---
To build the system, perform the following steps:
1. cd to the directory containing this file (README.usec).
2. cd snmplib; make
3. cd ../apps; make
4. done.
---
The agent may be installed by entering the command from the apps directory
as root:
cd apps; ./agent-boot.sh [-mini | -semi | -very] password
This installs the agent and its configuration files in /etc. There are
three configuration files:
/etc/ contents
----- --------
snmpd.agentinfo agentBoots object
snmpd.conf user, view, and access rights information
snmpd.mib mib object definitions
The snmpd.conf file contains one user, public, with an authentication
key based on the password provided. The security posture for public,
when it performs operations without authentication, is defined by the
using one of three switches:
switch security posture
------ ----------------
-mini read-only access to the internet subtree
-semi read-only access to the system subtree and agent statistics
-very read-only access to the agent statistics
Alternatively, some basic functionality may be tested by following
these steps:
1. cd apps
2. setenv MIBFILE ../mib.txt
This tells the applications where to find a MIB for performing
symbolic name to object-identifier translations.
3. Install the agent configuration file (snmpd.conf) in /etc/snmpd.conf
4. echo 0 > /etc/snmpd.agentinfo
5. Start the SNMP agent as root.
To start the agent issue the command "snmpd" (with the optional
-d to dump the packets that are sent/received).
6. Try an application. For example...
snmpget <hostname> /public system.sysDescr.0
---
The agent and applications are all SNMPv1/SNMPv2c/SNMPv2u compatible.
The version is that the application will use is selected by inspecting
the first character of the community string provided to the
application, as follows:
o if the first character of the community string is a "+" then
the SNMPv2c (community-based SNMPv2 as specified in RFC 1901)
is used (the remainder of the community string is used as the
actual community string);
o if the first character of the community string is a "/" then
the SNMPv2u (User-based security model) is used (see the note
below for more details);
o all other community strings select SNMPv1.
A community string that begins with a slash selects the SNMPv2u
protocol. The "community" string is parsed to build the parameters
for the communication. The format of the string is:
/userName/[authKey]/[privKey]/[contextSelector]
Trailing slashes may be omitted. Both authKey and privKey may be
specified as hex or as a human readable password. To specify a hex
key, the key must begin with "0x" and be followed by exactly 32 hex
digits (to form a 16 octet key). If a human readable password is
entered, the password is passed through the "password to key algorithm"
to generate the 16 octet key. The password to key algorithm is
specified in the "User-Based Security Model for SNMPv2" RFC.
A "+" or "/" character may not start a SNMPv1 community string and may
not be contained within any SNMPv2 parameters (this is an
*implementation* restriction).
Some "community" string examples:
/joe -- qos=noAuth/noPriv, context="", userName="joe"
/boneless/chicken/ranch -- qos=auth/priv, context="", userName="boneless"
authKey=pw2key("chicken"), privKey=pw2key("ranch")
*note* privacy not supported, trying this will generate
a UnsupportedQoS report.
/maplesyrup/sugarbush//other
-- qos=auth/noPriv, context="other", userName="maplesyrup"
authKey=pw2key("sugarbush",agentID)
/glenn/0x4ca25023b00a6689ef21cb1b6fa9cb0e
-- qos=auth/noPriv, context="", userName="glenn"
authKey=4ca25023b00a6689ef21cb1b6fa9cb0e
(the authKey is keyed using an agentID)
+public -- SNMPv2c using public as the community string
public -- SNMPv1 using public as the community string
Copyright information
---------------------
The original CMU copyright stills applies:
/***********************************************************
Copyright 1988, 1989 by Carnegie Mellon University
All Rights Reserved
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of CMU not be
used in advertising or publicity pertaining to distribution of the
software without specific, written prior permission.
CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
******************************************************************/
The modifications are also copyright as outlined below:
/***********************************************************
Copyright 1995 by Glenn Waters
All Rights Reserved
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted.
provided that that the name Glenn Waters not be used in advertising or
publicity pertaining to distribution of the software without specific,
written prior permission.
Glenn Waters DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
EVENT SHALL Glenn Waters BE LIABLE FOR ANY SPECIAL, INDIRECT OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
******************************************************************/
Glenn Waters
gwaters@bnr.ca
|