Author: glen Date: Mon Dec 28 14:49:58 2009 GMT Module: packages Tag: HEAD ---- Log message: - revised default config (produced with "snmpconf -r none -g basic_setup"), - keep only ro access from localhost - the others commented out to allow snmpset configration
---- Files affected: packages/net-snmp: net-snmpd.conf (1.3 -> 1.4) ---- Diffs: ================================================================ Index: packages/net-snmp/net-snmpd.conf diff -u packages/net-snmp/net-snmpd.conf:1.3 packages/net-snmp/net-snmpd.conf:1.4 --- packages/net-snmp/net-snmpd.conf:1.3 Fri Oct 9 18:18:41 2009 +++ packages/net-snmp/net-snmpd.conf Mon Dec 28 15:49:53 2009 @@ -1,367 +1,47 @@ -############################################################################### -# -# EXAMPLE.conf: -# An example configuration file for configuring the net-snmp snmpd agent. -# -############################################################################### -# -# This file is intended to only be an example. If, however, you want -# to use it, it should be placed in /etc/snmp/snmpd.conf. -# When the snmpd agent starts up, this is where it will look for it. -# -# All lines beginning with a '#' are comments and are intended for you -# to read. All other lines are configuration commands for the agent. - -# -# PLEASE: read the snmpd.conf(5) manual page as well! - -#agentaddress 161,tcp:161 - -############################################################################### -# System contact information -# - -# It is also possible to set the sysContact and sysLocation system -# variables through the snmpd.conf file: - -syslocation Unknown -syscontact Root <r...@localhost> - -# Example output of snmpwalk: -# % snmpwalk -v 1 localhost public system -# system.sysDescr.0 = "PLD Linux" -# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 -# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 -# system.sysContact.0 = "Root <r...@localhost>" -# system.sysName.0 = "name" -# system.sysLocation.0 = "Right here, right now." -# system.sysServices.0 = 72 - -############################################################################### -# Access Control -############################################################################### - -# By far, the most common question I get about the agent is "why won't -# it work?", when really it should be "how do I configure the agent to -# allow me to access it?" -# -# By default, the agent responds to the "public" community for read -# only access, if run out of the box without any configuration file in -# place. The following examples show you other ways of configuring -# the agent so that you can change the community names, and give -# yourself write access as well. - -# The following lines change the access permissions of the agent so -# that the COMMUNITY string provides read-only access to your entire -# NETWORK (EG: 10.10.10.0/24), and read/write access to only the -# localhost (127.0.0.1, not its real ipaddress). - -# For more information, read the FAQ as well as the snmpd.conf(5) -# manual page. - -#### -# First, map the community name (COMMUNITY) into a security name -# (local and mynetwork, depending on where the request is coming -# from): - -# sec.name source community -com2sec local localhost public -com2sec theworld default public - -#### -# Second, map the security names into group names: - -# sec.model sec.name -group MyRWGroup v2c local -group MyROGroup v2c theworld - -#### -# Third, create a view for us to let the groups have rights to: - -# incl/excl subtree mask -view all included .1 80 - -#### -# Finally, grant the 2 groups access to the 1 view with different -# write permissions: - -# context sec.model sec.level prefix read write notif -access MyROGroup "" any noauth exact all none none -access MyRWGroup "" any noauth exact all all none - -# ----------------------------------------------------------------------------- - - - - -# ----------------------------------------------------------------------------- - - -############################################################################### -# Process checks. -# -# The following are examples of how to use the agent to check for -# processes running on the host. The syntax looks something like: -# -# proc NAME [MAX=0] [MIN=0] -# -# NAME: the name of the process to check for. It must match -# exactly (ie, http will not find httpd processes). -# MAX: the maximum number allowed to be running. Defaults to 0. -# MIN: the minimum number to be running. Defaults to 0. - -# -# Examples: -# - -# Make sure mountd is running -# proc mountd - -# Make sure there are no more than 4 ntalkds running, but 0 is ok too. -# proc ntalkd 4 - -# Make sure at least one sendmail, but less than or equal to 10 are running. -# proc sendmail 10 1 - -# A snmpwalk of the process mib tree would look something like this: # -# % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.2 -# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 -# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 -# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 -# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" -# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" -# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" -# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 -# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 -# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 -# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 -# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 -# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 -# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 -# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 -# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 -# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 -# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 -# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 -# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." -# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" -# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" -# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 -# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 -# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 -# -# Note that the errorFlag for mountd is set to 1 because one is not -# running (in this case an rpc.mountd is, but thats not good enough), -# and the ErrMessage tells you what's wrong. The configuration -# imposed in the snmpd.conf file is also shown. -# -# Special Case: When the min and max numbers are both 0, it assumes -# you want a max of infinity and a min of 1. -# +# snmpd.conf - configuration file for the Net-SNMP SNMP agent +# See snmpd.conf(5) for more information. - -# ----------------------------------------------------------------------------- - - -############################################################################### -# Executables/scripts -# - -# -# You can also have programs run by the agent that return a single -# line of output and an exit code. Here are two examples. -# -# exec NAME PROGRAM [ARGS ...] -# -# NAME: A generic name. -# PROGRAM: The program to run. Include the path! -# ARGS: optional arguments to be passed to the program - -# a simple hello world -#exec echotest /bin/echo hello world - -# Run a shell script containing: -# -# #!/bin/sh -# echo hello world -# echo hi there -# exit 35 -# -# Note: this has been specifically commented out to prevent -# accidental security holes due to someone else on your system writing -# a /tmp/shtest before you do. Uncomment to use it. -# -#exec shelltest /bin/sh /tmp/shtest - -# Then, -# % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.8 -# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 -# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 -# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" -# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" -# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" -# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" -# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 -# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 -# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." -# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." -# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 -# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 - -# Note that the second line of the /tmp/shtest shell script is cut -# off. Also note that the exit status of 35 was returned. - -# ----------------------------------------------------------------------------- - - -############################################################################### -# disk checks -# - -# The agent can check the amount of available disk space, and make -# sure it is above a set limit. - -# disk PATH [MIN=100000] +########################################################################### +# SECTION: Access Control Setup # -# PATH: mount path to the disk in question. -# MIN: Disks with space below this value will have the Mib's errorFlag set. -# Default value = 100000. - -# Check the / partition and make sure it contains at least 10 megs. - -disk / 10000 - -# % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.9 -# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 -# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F -# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" -# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 -# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 -# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 -# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 -# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 -# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 -# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" +# rocommunity: a SNMPv1/SNMPv2c read-only access community name +# rwcommunity: a SNMPv1/SNMPv2c read-write access community name +# arguments: community [default|hostname|network/bits] [oid] -# ----------------------------------------------------------------------------- +rocommunity public localhost +#rwcommunity rw localhost +########################################################################### +# SECTION: Monitor Various Aspects of the Running Host -############################################################################### -# load average checks -# +# proc: Check for processes that should be running. +#proc sshd 10 1 +#proc crond 10 1 -# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0] -# -# 1MAX: If the 1 minute load average is above this limit at query -# time, the errorFlag will be set. -# 5MAX: Similar, but for 5 min average. -# 15MAX: Similar, but for 15 min average. - -# Check for loads: -load 12 8 8 - -# % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.10 -# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 -# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 -# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 -# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" -# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" -# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" -# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 -# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 -# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 -# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" -# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" -# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" -# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 -# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 -# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 -# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" -# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" -# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" +# disk: Check for disk space usage of a partition. +# /bin/df -P | awk '/^\/dev/{printf("disk %s\n", $NF)}' +#disk / -# ----------------------------------------------------------------------------- +# load: Check for unreasonable load average values. +#load 2 1 1 +# file: Check on the size of a file. +#file /etc/passwd 10 -############################################################################### -# Extensible sections. -# +########################################################################### +# SECTION: System Information Setup -# This alleviates the multiple line output problem found in the -# previous executable mib by placing each mib in its own mib table: +# syslocation: The [typically physical] location of the system. +#syslocation "Unknown" -# Run a shell script containing: -# -# #!/bin/sh -# echo hello world -# echo hi there -# exit 35 -# -# Note: this has been specifically commented out to prevent -# accidental security holes due to someone else on your system writing -# a /tmp/shtest before you do. Uncomment to use it. -# -# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest - -# % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.50 -# enterprises.ucdavis.50.1.1 = 1 -# enterprises.ucdavis.50.2.1 = "shelltest" -# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" -# enterprises.ucdavis.50.100.1 = 35 -# enterprises.ucdavis.50.101.1 = "hello world." -# enterprises.ucdavis.50.101.2 = "hi there." -# enterprises.ucdavis.50.102.1 = 0 - -# Now the Output has grown to two lines, and we can see the 'hi -# there.' output as the second line from our shell script. -# -# Note that you must alter the mib.txt file to be correct if you want -# the .50.* outputs above to change to reasonable text descriptions. - -# Other ideas: -# -# exec .1.3.6.1.4.1.2021.51 ps /bin/ps -# exec .1.3.6.1.4.1.2021.52 top /usr/bin/top -# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq +# syscontact: The contact information for the administrator +#syscontact "Root <r...@localhost>" -# ----------------------------------------------------------------------------- - - -############################################################################### -# Pass through control. -# - -# Usage: -# pass MIBOID EXEC-COMMAND -# -# This will pass total control of the mib underneath the MIBOID -# portion of the mib to the EXEC-COMMAND. -# -# Note: You'll have to change the path of the passtest script to your -# source directory or install it in the given location. -# -# Example: (see the script for details) -# (commented out here since it requires that you place the -# script in the right location. (its not installed by default)) - -# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/passtest - -# % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.255 -# enterprises.ucdavis.255.1 = "life the universe and everything" -# enterprises.ucdavis.255.2.1 = 42 -# enterprises.ucdavis.255.2.2 = OID: 42.42.42 -# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 -# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 -# enterprises.ucdavis.255.5 = 42 -# enterprises.ucdavis.255.6 = Gauge: 42 -# -# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5 -# enterprises.ucdavis.255.5 = 42 -# -# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string" -# enterprises.ucdavis.255.1 = "New string" -# +# minimum swap free in KiB, default 16000 +#swap 256000 -# For specific usage information, see the man/snmpd.conf.5 manual page -# as well as the local/passtest script used in the above example. +# This setting disables the log messages for accepted connections. +# Denied connections will still be logged. You may want to enable this option +# as default may be too noisy for you. +#dontLogTCPWrappersConnects 1 ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/net-snmp/net-snmpd.conf?r1=1.3&r2=1.4&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit