1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
|
#! /bin/sh -f
##
## etc/installconf: June 1996
##
## installconf is cloned from apps/agent-boot.sh, which is
## still present from the original SunOS distribution.
##
## special: if run as -mini (in the meaning of minimal restrictions)
## the ident-table and the process-table are nevertheless
## excluded for the v1 `public' community string,
## but with the `private' v1 community string are included,
## with all permissions included.
##
## hopefully the README.linux had told you about...
##
usage() {
echo "usage: installconf [-mini/-semi/-very] password" 1>&2
echo " use -mini, -semi, or -very only exactly once" 1>&2
exit 1
}
##
## the path we expect `installconf':
##
P=cmu-snmp-linux-3.1/etc/
##
## path to installed snmpd:
##
AGENT=/usr/sbin/snmpd
##
## files to create:
##
CONF=/etc/snmpd.conf
INFO=/etc/snmpd.agentinfo
TMP=/tmp/snmpd.$$
trap "rm -f $TMP" 1 2 3 13 15
##
## parse arguments:
##
for A in "$@"
do
case "$A" in
-mini|-semi|-very)
if [ ! -z "$POSTURE" ]; then
usage
fi
POSTURE="$A"
;;
-*) echo "unknown option: $A" 1>&2
usage
;;
*) if [ ! -z "$PASSWORD" ]; then
usage
else
PASSWORD="$A"
fi
;;
esac
done
if [ "$PASSWORD" = "" ] ; then
usage
fi
if [ -z "$POSTURE" ]; then
## use the restricted view (not the mini)
LEVEL=xmini
else
LEVEL="`echo $POSTURE | sed -e s%-%%`"
fi
##
## lookup path to ifconfig:
##
ifc="ifconfig"
for f in /bin /sbin /etc /usr/bin /usr/sbin $PATH ; do
if [ -x $f/$ifc ] ; then ifc=$f/$ifc ; fi
done
##
## extract IP address:
##
IP=`$ifc -a \
| sed -n -e 's/127.0.0.1//' \
-e 's/.*addr[ :]*\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\)[^0-9].*/\1/p' \
-e 's/.*inet *\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\)[^0-9].*/\1/p' \
| head -1`
if [ -z "$IP" ]; then
echo "unable to determine IP-address" 1>&2
exit 1
fi
echo guessed host ip-address: $IP
AGENTID=`echo $IP | awk '{ split($0,quad,".")
printf "%02x%02x%02x%02x", 0, 0, 0, 35;
printf "%02x%02x%02x%02x", quad[1], quad[2], quad[3], quad[4];
printf "%02x%02x%02x%02x\n", 0, 0, 0, 0;
}'`
##
## lookup path to authkey:
##
aut=authkey
for f in . apps .. ../apps /bin /sbin /etc /usr/bin /usr/sbin $PATH ; do
if [ -x $f/$aut ] ; then aut=$f/$aut ; fi
done
if [ ! -x "$aut" ] ; then
echo error: cannot find authkey.
echo please run me from $P
exit 1
fi
echo -n "generating key from password... "
KEY=`$aut "$PASSWORD" "$AGENTID" | awk '{ print $NF }'`
if [ -z "$KEY" ]; then
echo "error: empty key."
exit 1
fi
echo "done."
##
## init agent restarts info file:
##
if [ ! -f $INFO ]; then
if (echo 0 > $INFO) 2>/dev/null; then
echo "created $INFO"
else
echo "error: unable to create $INFO, you must do so by hand..."
echo "run \`echo 0 > $INFO'"
fi
else
echo "warning: file $INFO already exists - not changed"
fi
cat <<_NASE_ > $TMP
#
# snmpd.conf - created `date`
#
#
# view configuration
#
# viewName OID included/excluded
#
# internet
view all .1.3.6.1 included
# internet
view mini .1.3.6.1 included
# for v1 public exclude exclude mib-2.ident.identInfo
# and mib-2.host.hrSWRun in the mini view:
view xmini .1.3.6.1 included
view xmini .1.3.6.1.2.1.24.1 excluded
view xmini .1.3.6.1.2.1.25.4 excluded
# system, snmp, usecAgent, usecStats
view semi .1.3.6.1.2.1.1 included
view semi .1.3.6.1.2.1.11 included
view semi .1.3.6.1.6.3.6.1.1 included
view semi .1.3.6.1.6.3.6.1.2 included
# snmp, usecAgent, usecStats
view semi .1.3.6.1.2.1.11 included
view semi .1.3.6.1.6.3.6.1.1 included
view semi .1.3.6.1.6.3.6.1.2 included
#
#
# user configuration
#
# noneRV noneWV authRV authWV userName[/authKey]
#
user $LEVEL - all all public/0x$KEY
#
#
# community configuration
#
# commName readV writeV
#
_NASE_
if [ "$LEVEL" = mini ] ; then
echo "community public x$LEVEL -" >> $TMP
echo "## uncomment for private entry:" >> $TMP
echo "# community private $LEVEL $LEVEL" >> $TMP
else
echo "community public $LEVEL -" >> $TMP
fi
cat <<_NASE_ >> $TMP
##
## now follows the specific section of the linux-port.
##
##
## port to use (default is 161):
##
# port: 161
##
## the entry of system.Contact and system.Location:
##
sysContact: Not Configured
sysLocation: Not Configured
## the system name is per default determined from the hostname:
# sysName: chappell
##
## trap sink address and community string. (passed to snmptrap(1)
## utility). authentraps contains the value of snmpEnableAuthenTraps;
## (default is \`disabled').
##
trap sink: localhost
trap community: public
snmpEnableAuthenTraps: disabled
##
## specify type and speed of interfaces:
## if the last char is an asterisk, any suffix will match.
## (feel free to add more)
##
interface: lo* 24 20000000
interface: dummy* 1 10000000
interface: eth* 6 10000000
interface: sl* 28 28800
interface: ppp* 23 28800
interface: isdn* 20 64000
interface: ippp* 20 64000
## end of /etc/snmpd.conf
_NASE_
if (mv $TMP $CONF) 2>/dev/null; then
echo "created $CONF"
else
echo "unable to create $CONF, you must copy $TMP by hand..."
fi
echo "
*** to run the agent, the file /etc/rc.local needs these lines:
echo "starting snmpd"
$AGENT -f
"
exit 0
|
