From: sthen Date: Sun, 8 Aug 2021 13:43:10 +0000 (+0000) Subject: Rework examples/snmpd.conf; show more things that people are likely to X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2f98abb39c7c1c87ce9debc035ae372cf0a4ea51;p=openbsd Rework examples/snmpd.conf; show more things that people are likely to actually need, and fewer things that they won't need. In particular don't rely on default auth/enc settings; SNMPv3 isn't algorithm-agile, it must be defined on both ends, so relying on a default is going to cause some problems if it ever does change. --- diff --git a/etc/examples/snmpd.conf b/etc/examples/snmpd.conf index 0781f78065d..f8a313e07a3 100644 --- a/etc/examples/snmpd.conf +++ b/etc/examples/snmpd.conf @@ -1,24 +1,26 @@ -# $OpenBSD: snmpd.conf,v 1.1 2014/07/11 21:20:10 deraadt Exp $ +# $OpenBSD: snmpd.conf,v 1.2 2021/08/08 13:43:10 sthen Exp $ -listen_addr="127.0.0.1" +# Default listens on all addresses for SNMPv3 only; "listen on" overrides this +# See snmpd.conf(5) for more options (tcp, alternative ports, trap listener) +#listen on 192.0.2.1 # SNMPv3 on one specific address +#listen on 0.0.0.0 snmpv2c snmpv3 # All IPv4 addresses, both v2c + v3 +#listen on :: snmpv2c snmpv3 # All IPv6 addresses, both v2c + v3 +#listen on 127.0.0.1 snmpv2c # IPv4 localhost only, v2c -# Restrict daemon to listen on localhost only -listen on $listen_addr +# Define a RO community if you use SNMPv2c (there is no default) +#read-only community MWgp3MWbD2khaYnwy2B -# Specify a number of trap receivers -#trap receiver nms.localdomain.local +# At least one user must be defined to use SNMPv3 +#user "user1" auth hmac-sha1 authkey "password123" enc aes enckey "321drowssap" +#user "user2" auth hmac-sha256 authkey "password456" enc aes enckey "654drowssap" + +# Send traps from snmpd(8) to one or more receivers +#trap receiver nms.localdomain.local community PAV9kpE02gDPvAi source-address 192.0.2.1 # Adjust the local system information #system contact "Charlie Root (root@myhost.example.com)" #system description "Powered by OpenBSD" #system location "Rack A1-24, Room 13" -system services 74 - -# Provide static user-defined SNMP OIDs -oid 1.3.6.1.4.1.30155.42.3.1 name testStringValue read-only string "Test" -oid 1.3.6.1.4.1.30155.42.3.4 name testIntValue read-write integer 1 -# Enable SNMPv3 USM with authentication, encryption and two defined users -#seclevel enc -#user "user1" authkey "password123" enc aes enckey "321drowssap" -#user "user2" authkey "password456" enckey "654drowssap" +# Required by some management software +#system services 74