Okay, I added a view "ViewRO" to exclude read-only community access of
snmpCommunityTable.
view ViewRO included .1
view ViewRO excluded .1.3.6.1.6.3.18.1.1
access GroupAllRO "" any noauth exact ViewRO none none
Then "public" cannot see snmpCommunityName, only "private" can.
$ snmpwalk -c public 10.1 snmpCommunityName
SNMP-COMMUNITY-MIB::snmpCommunityName = No more variables left in this
MIB View (It is past the end of the MIB tree)
$ snmpwalk -c private 10.1 snmpCommunityName
SNMP-COMMUNITY-MIB::snmpCommunityName.'1' = STRING: "public"
SNMP-COMMUNITY-MIB::snmpCommunityName.'2' = STRING: "private"
SNMP-COMMUNITY-MIB::snmpCommunityName.'3' = STRING: "public-fi"
SNMP-COMMUNITY-MIB::snmpCommunityName.'4' = STRING: "private-fi"
Emi
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Dave Shield
Sent: Friday, April 18, 2008 4:56 PM
To: Emi Yanagi
Cc: [email protected]
Subject: Re: SNMP-COMMUNITY-MIB security question
On 18/04/2008, Emi Yanagi <[EMAIL PROTECTED]> wrote:
> What data structure(s) or field(s) I should look into?
> Or are you talking about snmpd.conf configuration?
Yes - I'm talking about the snmpd.conf access control settings.
Define a view that excludes the snmpCommunityTable.
Then configure "public" to have access to this view.
See snmpd.conf(5) or the relevant FAQ entry for details
about how to configure access control.
Alternatively, use an agent that doesn't implement this table.
Like (for example), the standard Net-SNMP agent :-)
Dave
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
