This document discusses configuration of the HP OpenView Agent for HP-UX and Solaris. It describes:
1) The configuration file that controls agent parameters is typically located at /etc/SnmpAgent.d/snmpd.conf or /etc/snmpd.conf.
2) The simplest configuration involves editing this file to set readable "community names" for get requests and writable names for set requests.
3) More advanced configuration allows defining multiple community names with different access levels and restricting access to parts of the managed information base (MIB).
This document discusses configuration of the HP OpenView Agent for HP-UX and Solaris. It describes:
1) The configuration file that controls agent parameters is typically located at /etc/SnmpAgent.d/snmpd.conf or /etc/snmpd.conf.
2) The simplest configuration involves editing this file to set readable "community names" for get requests and writable names for set requests.
3) More advanced configuration allows defining multiple community names with different access levels and restricting access to parts of the managed information base (MIB).
This document discusses configuration of the HP OpenView Agent for HP-UX and Solaris. It describes:
1) The configuration file that controls agent parameters is typically located at /etc/SnmpAgent.d/snmpd.conf or /etc/snmpd.conf.
2) The simplest configuration involves editing this file to set readable "community names" for get requests and writable names for set requests.
3) More advanced configuration allows defining multiple community names with different access levels and restricting access to parts of the managed information base (MIB).
This document discusses configuration of the HP OpenView Agent for HP-UX and Solaris. It describes:
1) The configuration file that controls agent parameters is typically located at /etc/SnmpAgent.d/snmpd.conf or /etc/snmpd.conf.
2) The simplest configuration involves editing this file to set readable "community names" for get requests and writable names for set requests.
3) More advanced configuration allows defining multiple community names with different access levels and restricting access to parts of the managed information base (MIB).
Download as DOC, PDF, TXT or read online from Scribd
Download as doc, pdf, or txt
You are on page 1of 2
7.3.3.
HP OpenView Agent for HP-UX and Solaris
One text-configuration file controls the parameters for this agent; the file is typically named /etc/SnmpAgent.d/snmpd.conf, or /etc/snmpd.conf on older systems. You don't need to edit this file for the agent to function normally. If you do edit it, you must stop and restart the master agent by executing the SnmpMaster script, first with a stop and then a start : $ /sbin/init.d/SnmpMaster stop $ /sbin/init.d/SnmpMaster start
7.3.3.1. Simple configuration
The following configuration file configures the agent to respond to get
requests using the community name public and set requests using the community name private. There are no restrictions on which MIBs can be queried, or which hosts can make the queries. This configuration has no security, since the community strings are set to commonly used defaults and are widely known. The OpenView agent sends authentication-failure traps by default, so you don't have to enable these traps in the configuration file. get-community-name: public set-community-name: private trap-dest: 127.0.0.1 contact: B.Gates location: 12 Pyramid - Egypt The simplest configuration is to edit the file and place more reasonable community names in the first two lines. We can't say it too much: community names are essentially passwords. Use the same rules for picking community names that you would for choosing the root password. You should always set the destination trap host (trap-dest) to the IP address of the host that will receive the trap. The next example configures several different community names: get-community-name: public get-community-name: media set-community-name: hushed set-community-name: veryprivate set-community-name: shhhh We have created two get (read-only) communities and three set (read-write) communities. These communities can be used as you see fit. (In real life, we would have chosen more obscure names.) For example, you might give your operations group in New York public community access and your operations group in Atlanta media community access. The remaining set communities can further be subdivided among various administrators and other staff who need read-write access.
7.3.3.2. Advanced configuration
Setting up multiple community strings doesn't sound very useful, and by itself, it isn't. But you can take the concept a step further and create different communities, each of which consists of a few particular hosts and can access only some of the objects SNMP manages. The next example allows the host 10.123.56.25 to issue gets using the community name comname and sets using the community name private. The host 10.123.46.101 can issue gets using only the community name comname. You cannot use hostnames after the IP: directive; you must use IP addresses. get-community-name comname IP: 10.123.56.25 10.123.46.101 set-community-name private IP: 10.123.56.25 You can also configure the agent to restrict access to MIB subtrees based on IP addresses. The next example allows any host to get any object under iso.org.dod.internet.mgmt.mib-2, except for objects in the interfaces subtree. The minus sign (-) in front of interfaces instructs the agent to disallow access to this subtree. get-community-name public VIEW: mib-2 -interfaces The final example sets up multiple community names for both sets and gets. An administrator who is located at host 10.123.46.25 and knows the admin community string has read access to the entire MIB tree; with the adminset community string, he has write access to the entire tree. Someone with the operator community string can sit anywhere and access everything in mib-2 except for the interfaces subtree, but must be sitting at his desk (10.123.56.101) to issue sets and is not allowed to set anything in the mib-2 subtree. get-community-name operator VIEW: mib-2 -interfaces get-community-name admin IP: 10.123.56.25 set-community-name operset IP: 10.123.46.101 VIEW: -mib-2 set-community-name adminset IP: 10.123.56.25