Hi all and Mike,
I wrote a patch to SNMPAgent to restrict the acces to the Radius
SNMP vars, especially to disallow unauthorized resets.
You can now spend two separate communities for read-only
and read-write and you can define a Managers list for allowed hosts.
I would appreciate if the community decides this stuff
useful. Please raise your hands if yes so Mike gets perhaps convinced
to add this to one of the next patches/releases.
I wrote this backward compatible to old config files with
Community defined. If you don't define a managers list all hosts
has access. The following parameters are new to the SNMPAgent clause:
---------------------------------------------------------------------
6.13.3 Community
deprecated but allowed for backward compatibility
6.13.5 ROCommunity
SNMP V1 provides a weak method of authenticating SNMP requests, using
the "community name". This optional parameter allows you to specify
the SNMP V1 community name that will be honored by SNMPAgent for
read-only
access. Defaults to nothing, you have to define one by yourself.
We strongly recommend that you choose a community name and keep it
secret.
# Use a secret community.
ROCommunity mysnmprosecret
6.13.6 RWCommunity
This optional parameter allows you to specify the SNMP V1 community name
that will be honored by SNMPAgent for read-write access. Knowing this
secret you are able to reset Radiator via SNMP. Defaults to nothing.
If you don't need resetting via SNMP use only ROCommunity.
# only necessary for resetting via SNMP
RWCommunity extremelysecure
6.13.7 Managers
This optional parameter specifies a list of SNMP managers that have
access to SNMPAgent. The value is a list of host names or addresses,
separated by white space or comma. You can have any number of Managers
lines. Defaults to nothing with all hosts allowed.
# allowed SNMP managers
Managers foo.bar.edu 192.168.1.11, noc.rz.uni-ulm.de
Managers baz.bar.com,10.1.1.254
----------------------------------------------------------------------------
TODO:
Documentation should be rewritten by a native speaker :-(
Have fun with it.
Regards
Charly Gaissmaier
SNMPAgent.pm.gz