RE: SNMP-COMMUNITY-MIB security question

This is a discussion on RE: SNMP-COMMUNITY-MIB security question within the SNMP Coders forums, part of the Networking and Network Related category; This is a multi-part message in MIME format. --===============0394796993== Content-class: urn:content-classes:message Content-Type: multipart/alternative; ...


Go Back   Usenet Forums > Networking and Network Related > SNMP Coders

Reload this Page RE: SNMP-COMMUNITY-MIB security question

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 04-21-2008
Emi Yanagi
 
Posts: n/a
Default RE: SNMP-COMMUNITY-MIB security question
This is a multi-part message in MIME format.

--===============0394796993==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C8A3CE.2502B0A4"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C8A3CE.2502B0A4
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Dave,

=20

After I added a view to exclude snmpCommunitTable, read-only community
"public" cannot populate any object even sysUpTime.=20

=20

Here is the snmpd.conf access control lines:

=20

com2sec SecNameAllRO default public

group GroupAllRO v2c SecNameAllRO

view ViewRO excluded .1.3.6.1.6.3.18.1.1 =20

access GroupAllRO "" any noauth exact ViewRO none none

=20

Did I miss anything for ViewRO? I wonder do I need to include .1 and
then exclude .1.3.6.1.6.3.18.1.1? What the mask value should be for
ViewRO?

=20

Thanks

Emi

=20

-----Original Message-----
From: dave.shield@googlemail.com [mailto:dave.shield@googlemail.com] On
Behalf Of Dave Shield
Sent: Friday, April 18, 2008 4:56 PM
To: Emi Yanagi
Cc: net-snmp-coders@lists.sourceforge.net
Subject: Re: SNMP-COMMUNITY-MIB security question

=20

On 18/04/2008, Emi Yanagi <Emi.Yanagi@radisys.com> wrote:

> What data structure(s) or field(s) I should look into?

> Or are you talking about snmpd.conf configuration?

=20

Yes - I'm talking about the snmpd.conf access control settings.

=20

Define a view that excludes the snmpCommunityTable.

Then configure "public" to have access to this view.

=20

See snmpd.conf(5) or the relevant FAQ entry for details

about how to configure access control.

=20

Alternatively, use an agent that doesn't implement this table.

Like (for example), the standard Net-SNMP agent :-)

=20

Dave


------_=_NextPart_001_01C8A3CE.2502B0A4
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 77.95pt 1.0in 77.95pt;}
div.Section1
{page:Section1;}
-->
</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Dave,<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>After I added a view to exclude snmpCommunitTable, read-only =
community
&quot;public&quot; cannot populate any object even sysUpTime. =
<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Here is the snmpd.conf access control =
lines:<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText style=3D'margin-left:.5in'><font size=3D2 =
face=3D"Courier New"><span
style=3D'font-size:10.0pt'>com2sec&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nb=
sp;
SecNameAllRO&nbsp;&nbsp;&nbsp; default&nbsp; =
public<o:p></o:p></span></font></p>

<p class=3DMsoPlainText style=3D'margin-left:.5in'><font size=3D2 =
face=3D"Courier New"><span
style=3D'font-size:10.0pt'>group GroupAllRO&nbsp;&nbsp;&nbsp;
v2c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
SecNameAllRO<o:p></o:p></span></font></p>

<p class=3DMsoPlainText style=3D'margin-left:.5in'><font size=3D2 =
face=3D"Courier New"><span
style=3D'font-size:10.0pt'>view ViewRO&nbsp;&nbsp;&nbsp;&nbsp; =
excluded&nbsp;
..1.3.6.1.6.3.18.1.1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;
<o:p></o:p></span></font></p>

<p class=3DMsoPlainText style=3D'margin-left:.5in'><font size=3D2 =
face=3D"Courier New"><span
style=3D'font-size:10.0pt'>access GroupAllRO&nbsp;&nbsp;&nbsp; =
&quot;&quot;&nbsp;&nbsp;
any&nbsp;&nbsp; </span></font>noauth exact ViewRO none =
none<o:p></o:p></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Did I miss anything for ViewRO? I wonder do I need to include .1 =
and
then exclude .1.3.6.1.6.3.18.1.1? What the mask value should be for =
ViewRO?<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Thanks<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Emi<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>-----Original Message-----<br>
From: dave.shield@googlemail.com [mailto:dave.shield@googlemail.com] On =
Behalf
Of Dave Shield<br>
Sent: Friday, April 18, 2008 4:56 PM<br>
To: Emi Yanagi<br>
Cc: net-snmp-coders@lists.sourceforge.net<br>
Subject: Re: SNMP-COMMUNITY-MIB security question</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>On 18/04/2008, Emi Yanagi &lt;Emi.Yanagi@radisys.com&gt; =
wrote:<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&gt;&nbsp; What data structure(s) or field(s) I should look =
into?<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&gt;&nbsp; Or are you talking about snmpd.conf =
configuration?<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Yes - I'm talking about the snmpd.conf access control =
settings.<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Define a view that excludes the =
snmpCommunityTable.<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Then configure &quot;public&quot; to have access to this =
view.<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>See snmpd.conf(5) or the relevant FAQ entry for =
details<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>about how to configure access =
control.<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Alternatively, use an agent that doesn't implement this =
table.<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Like (for example), the standard Net-SNMP agent =
:-)<o:p></o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Dave<o:p></o:p></span></font></p>

</div>

</body>

</html>

------_=_NextPart_001_01C8A3CE.2502B0A4--


--===============0394796993==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
--===============0394796993==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/...et-snmp-coders

--===============0394796993==--

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 03:04 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0