* Steffen Dettmer wrote on Mon, Sep 03, 2001 at 11:54 +0200:
Does somebody on the list has a "more-secure-than-default" config for snmpd for r/o access only? I would like to get a copy since I think its easier and more secure to adapt such a file.
On SuSE 7.1 Systems, there is a /etc/ucdsnmp.conf file. There was an nice example file called: /usr/share/doc/packages/ucdsnmp/EXAMPLE.conf.def. To configure the monitor, beside some other defaults, I used: #Security Name (by address) # sec.name source community com2sec monitorip 192.168.1.1 public #Security Name --> Group Names # groupname sec.model sec.name group all_ro_group v1 monitorip group all_ro_group v2c monitorip group all_ro_group usm monitorip #Views # name incl/excl subtree mask view all included .1 80 #Grant access for the group to the view # groupname context sec.model sec.level match read write notif access all_ro_group "" any noauth exact all none none I put it as /usr/etc/snmp/snmpd.conf (According to strace, snmpd on 7.0 does not load /etc/*snmp* things). On SuSE 7.1, this file should be /etc/ucdsnmpd.conf. For debugging, it may be useful to give a: snmpd -f -V -l /tmp/log On problems, "-D" produces a lot of debugging output. I commented out things like exec in the config file. Well, in this stage it's possible to comment out and restart line by line, and if it's stops working it was an nessecary priviledge :) For MRTG it should be enough to grant access to the interfaces, but I haven't tested it so far (only with snmpwalk). As view I tried: # name incl/excl subtree mask view iface included interfaces # groupname context sec.model sec.level match read write notif access all_ro_group "" any noauth exact iface none none Well, finally it was easy - I wonder if nobody on this list uses SNMP?! oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.