diff options
author | James Davidson <james.davidson@vyatta.com> | 2013-02-12 13:02:11 -0800 |
---|---|---|
committer | James Davidson <james.davidson@vyatta.com> | 2013-02-12 13:02:11 -0800 |
commit | 1d917be739f1db7b1ff1d26a0238322d7fd475c5 (patch) | |
tree | ac3bdbdcd28f0bd0f9f16477a384e6ccd53970cd /templates/service | |
parent | 34f23c48bf38c6c88f3c74e958a084bf30380bd6 (diff) | |
download | vyatta-cfg-system-1d917be739f1db7b1ff1d26a0238322d7fd475c5.tar.gz vyatta-cfg-system-1d917be739f1db7b1ff1d26a0238322d7fd475c5.zip |
Initial SNMPv3 support
Diffstat (limited to 'templates/service')
37 files changed, 249 insertions, 8 deletions
diff --git a/templates/service/snmp/node.def b/templates/service/snmp/node.def index 183cc5c3..8047121f 100644 --- a/templates/service/snmp/node.def +++ b/templates/service/snmp/node.def @@ -1,13 +1,20 @@ priority: 980 help: Simple Network Management Protocol (SNMP) -commit:expression: $VAR(community/) != "" || $VAR(community6/) != "" \ - ; "must configure a community or community6" +commit:expression: $VAR(community/) != "" || $VAR(community6/) != "" || $VAR(v3/) != "" \ + ; "must configure a community or community6 or v3" delete: touch /tmp/snmp.$PPID end:if [ -f "/tmp/snmp.$PPID" ] - then sudo /opt/vyatta/sbin/vyatta-snmp.pl --stop-snmp - rm /tmp/snmp.$PPID - sudo rm -f /etc/snmp/snmpd.conf - else - sudo /opt/vyatta/sbin/vyatta-snmp.pl --update-snmp - fi + then + sudo /opt/vyatta/sbin/vyatta-snmp.pl --stop-snmp; + rm /tmp/snmp.$PPID; + sudo rm -f /etc/snmp/snmpd.conf; + else + sudo /opt/vyatta/sbin/vyatta-snmp.pl --update-snmp; + if [ -n "$VAR(v3/)" ] + then + sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --update-snmp; + else + sudo invoke-rc.d snmpd start > /dev/null 2>&1; + fi + fi diff --git a/templates/service/snmp/v3/group/node.def b/templates/service/snmp/v3/group/node.def new file mode 100644 index 00000000..bcfe6795 --- /dev/null +++ b/templates/service/snmp/v3/group/node.def @@ -0,0 +1,5 @@ +tag: +type: txt +help: Specifies the group with name groupname +commit:expression: $VAR(view/) != "" ; "must specify view" +commit:expression: $VAR(mode/) != "" ; "must specify mode" diff --git a/templates/service/snmp/v3/group/node.tag/mode/node.def b/templates/service/snmp/v3/group/node.tag/mode/node.def new file mode 100644 index 00000000..a6d36de5 --- /dev/null +++ b/templates/service/snmp/v3/group/node.tag/mode/node.def @@ -0,0 +1,8 @@ +type: txt +default: "ro" +help: Defines the read/write access +syntax:expression: $VAR(@) in "ro", "rw" +allowed: echo ro rw + +val_help: ro; +val_help: rw; diff --git a/templates/service/snmp/v3/group/node.tag/view/node.def b/templates/service/snmp/v3/group/node.tag/view/node.def new file mode 100644 index 00000000..af7d33c9 --- /dev/null +++ b/templates/service/snmp/v3/group/node.tag/view/node.def @@ -0,0 +1,11 @@ +type: txt +help: Defines the name of view +allowed: list=`cli-shell-api listNodes service snmp v3 view` + echo $list +syntax:expression:exec "regex=\"(^| )$VAR(@)( |$)\"; \ + if [[ \"$VAR(/service/snmp/v3/view/@@)\" =~ $regex ]] ; \ + then \ + exit 0; \ + else \ + exit 1; \ + fi" ; "You must create \"$VAR(@)\" view first" diff --git a/templates/service/snmp/v3/node.def b/templates/service/snmp/v3/node.def new file mode 100644 index 00000000..756a156f --- /dev/null +++ b/templates/service/snmp/v3/node.def @@ -0,0 +1,30 @@ +help: Simple Network Management Protocol (SNMP) v3 + +create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi + if [ ! -d "/config/snmp/tls" ]; then + sudo mkdir /config/snmp/tls ; + if [ -d "/etc/snmp/tls" ] ; then + sudo mv /etc/snmp/tls/* /config/snmp/tls > /dev/null 2>&1; + sudo chmod -R 600 /config/snmp/tls; + sudo rmdir /etc/snmp/tls > /dev/null 2>&1; + sudo rm /etc/snmp/tls > /dev/null 2>&1; + fi + sudo ln -s /config/snmp/tls /etc/snmp/tls; + fi + lnk=`readlink /etc/snmp/tls` + if [ "$lnk" != "/config/snmp/tls" ]; then + sudo rm -f /etc/snmp/tls; + sudo ln -s /config/snmp/tls /etc/snmp/tls; + fi + +begin: if [ -d "/config/snmp/tls" ]; then + sudo chmod -R 600 /config/snmp/tls; + fi + +delete: touch /tmp/snmp-v3.$PPID + +end:if [ -f "/tmp/snmp-v3.$PPID" ] + then + sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --delete-snmp + rm /tmp/snmp-v3.$PPID + fi
\ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.def b/templates/service/snmp/v3/trap-target/node.def new file mode 100644 index 00000000..d6203e9b --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.def @@ -0,0 +1,12 @@ +tag: +type: txt +help: Defines SNMP target for inform or traps for IP +syntax:expression: exec "/opt/vyatta/sbin/valid_address $VAR(@)/20" +commit:expression: $VAR(type/) != ""; "must specify type" +commit:expression: $VAR(auth/) != ""; "must specify auth" +commit:expression: $VAR(protocol/) != ""; "must specify protocol" +commit:expression: $VAR(user/) != ""; "must specify user" +commit:expression: $VAR(port/) != ""; "must specify port" + +val_help: <x.x.x.x>; IP address of trap target +val_help: <h:h:h:h:h:h:h:h>; IPv6 address of trap target
\ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/encrypted-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/encrypted-key/node.def new file mode 100644 index 00000000..2365b055 --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/auth/encrypted-key/node.def @@ -0,0 +1,3 @@ +type: txt +help: Defines the encrypted password for authentication +syntax:expression: pattern $VAR(@) "^0x[0-9a-f]*$" ; "key must start from '0x' and contain hex digits"
\ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/node.def new file mode 100644 index 00000000..5c7df0ef --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/auth/node.def @@ -0,0 +1,4 @@ +help: Defines the authentication +commit:expression: $VAR(type/) != "" ; "must specify type" +commit:expression: $VAR(encrypted-key/) != "" || $VAR(plaintext-key/) != "" ; "must specify encrypted-key or plaintext-key" +commit:expression: !($VAR(encrypted-key/) != "" && $VAR(plaintext-key/) != "") ; "must specify only one of encrypted-key and plaintext-key"
\ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/plaintext-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/plaintext-key/node.def new file mode 100644 index 00000000..34563e73 --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/auth/plaintext-key/node.def @@ -0,0 +1,3 @@ +type: txt +help: Defines the clear text password for authentication +syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters" diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/type/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/type/node.def new file mode 100644 index 00000000..5a2ffc52 --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/auth/type/node.def @@ -0,0 +1,8 @@ +type: txt +default: "md5" +help: Defines the protocol using for authentication +syntax:expression: $VAR(@) in "md5", "sha" +allowed: echo md5 sha + +val_help: md5; Message Digest 5 +val_help: sha; Secure Hash Algorithm
\ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/port/node.def b/templates/service/snmp/v3/trap-target/node.tag/port/node.def new file mode 100644 index 00000000..b38cd1e5 --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/port/node.def @@ -0,0 +1,7 @@ +type: u32 +default: 162 +help: Specifies the TCP/UDP port of a destination for SNMP traps/informs. + +val_help: u32:1-65535; Numeric IP port +syntax:expression: $VAR(@) > 0 && $VAR(@) <= 65535 ; \ + "Port number must be in range 1 to 65535" diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/encrypted-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/encrypted-key/node.def new file mode 100644 index 00000000..4e762b9f --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/privacy/encrypted-key/node.def @@ -0,0 +1,3 @@ +type: txt +help: Defines the encrypted key for privacy protocol +syntax:expression: pattern $VAR(@) "^0x[0-9a-f]*$" ; "key must start from '0x' and contain hex digits"
\ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/node.def new file mode 100644 index 00000000..900cfc9d --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/privacy/node.def @@ -0,0 +1,4 @@ +help: Defines the privacy +commit:expression: $VAR(type/) != "" ; "must specify type" +commit:expression: $VAR(encrypted-key/) != "" || $VAR(plaintext-key/) != "" ; "must specify encrypted-key or plaintext-key" +commit:expression: !($VAR(encrypted-key/) != "" && $VAR(plaintext-key/) != "") ; "must specify only one of encrypted-key and plaintext-key" diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/plaintext-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/plaintext-key/node.def new file mode 100644 index 00000000..a2442637 --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/privacy/plaintext-key/node.def @@ -0,0 +1,3 @@ +type: txt +help: Defines the clear text key for privacy protocol +syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters" diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/type/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/type/node.def new file mode 100644 index 00000000..bbfd5331 --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/privacy/type/node.def @@ -0,0 +1,8 @@ +type: txt +default: "des" +help: Defines the protocol for privacy +syntax:expression: $VAR(@) in "des", "aes" +allowed: echo des aes + +val_help: des; Data Encryption Standard +val_help: aes; Advanced Encryption Standard
\ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/protocol/node.def b/templates/service/snmp/v3/trap-target/node.tag/protocol/node.def new file mode 100644 index 00000000..ce96ca38 --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/protocol/node.def @@ -0,0 +1,8 @@ +type: txt +default: "udp" +help: Defines protocol for notification between TCP and UDP +syntax:expression: $VAR(@) in "tcp", "udp" +allowed: echo tcp udp + +val_help: tcp; +val_help: udp;
\ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/type/node.def b/templates/service/snmp/v3/trap-target/node.tag/type/node.def new file mode 100644 index 00000000..f678ae69 --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/type/node.def @@ -0,0 +1,8 @@ +type: txt +default: "inform" +help: Specifies the type of notification between inform and trap +syntax:expression: $VAR(@) in "inform", "trap" +allowed: echo inform trap + +val_help: inform; +val_help: trap;
\ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/user/node.def b/templates/service/snmp/v3/trap-target/node.tag/user/node.def new file mode 100644 index 00000000..a0ed8cbf --- /dev/null +++ b/templates/service/snmp/v3/trap-target/node.tag/user/node.def @@ -0,0 +1,4 @@ +type: txt +help: Defines username for authentication +allowed: list=`cli-shell-api listNodes service snmp v3 user` + echo $list diff --git a/templates/service/snmp/v3/tsm/local-key/node.def b/templates/service/snmp/v3/tsm/local-key/node.def new file mode 100644 index 00000000..d238d310 --- /dev/null +++ b/templates/service/snmp/v3/tsm/local-key/node.def @@ -0,0 +1,10 @@ +type: txt +help: Defines the server certificate fingerprint or key-file name. +allowed: sudo ls /etc/snmp/tls/certs +syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" || + exec "if [ `sudo ls \"/etc/snmp/tls/certs/$VAR(@)\" 2> /dev/null` ]; \ + then \ + exit 0; \ + else \ + exit 1; \ + fi" ; "value can be finger print key or filename in /etc/snmp/tls/certs folder"
\ No newline at end of file diff --git a/templates/service/snmp/v3/tsm/node.def b/templates/service/snmp/v3/tsm/node.def new file mode 100644 index 00000000..3d12f21d --- /dev/null +++ b/templates/service/snmp/v3/tsm/node.def @@ -0,0 +1,3 @@ +help: Specifies that the snmpd uses encryption. +commit:expression: $VAR(port/) != "" ; "must specify port" +commit:expression: $VAR(local-key/) != "" ; "must specify local-key"
\ No newline at end of file diff --git a/templates/service/snmp/v3/tsm/port/node.def b/templates/service/snmp/v3/tsm/port/node.def new file mode 100644 index 00000000..86fd6cca --- /dev/null +++ b/templates/service/snmp/v3/tsm/port/node.def @@ -0,0 +1,7 @@ +type: u32 +default: 10161 +help: Defines the port for tsm. + +val_help: u32:1-65535; Numeric IP port +syntax:expression: $VAR(@) > 0 && $VAR(@) <= 65535 ; \ + "Port number must be in range 1 to 65535" diff --git a/templates/service/snmp/v3/user/node.def b/templates/service/snmp/v3/user/node.def new file mode 100644 index 00000000..e6a8bc87 --- /dev/null +++ b/templates/service/snmp/v3/user/node.def @@ -0,0 +1,6 @@ +tag: +type: txt +help: Specifies the user with name username +syntax:expression: pattern $VAR(@) "^[^-]*$" ; "characters '-' in name is not supported yet" +commit:expression: $VAR(auth/) != "" || $VAR(tsm-key/) != ""; "must specify auth or tsm-key" +commit:expression: $VAR(mode/) != ""; "must specify mode"
\ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/auth/encrypted-key/node.def b/templates/service/snmp/v3/user/node.tag/auth/encrypted-key/node.def new file mode 100644 index 00000000..3cf6bd31 --- /dev/null +++ b/templates/service/snmp/v3/user/node.tag/auth/encrypted-key/node.def @@ -0,0 +1,2 @@ +type: txt +help: Defines the encrypted key for authentication protocol diff --git a/templates/service/snmp/v3/user/node.tag/auth/node.def b/templates/service/snmp/v3/user/node.tag/auth/node.def new file mode 100644 index 00000000..68959a8e --- /dev/null +++ b/templates/service/snmp/v3/user/node.tag/auth/node.def @@ -0,0 +1,3 @@ +help: Specifies the auth +commit:expression: $VAR(type/) != "" ; "must specify type" +commit:expression: $VAR(plaintext-key/) != "" || $VAR(encrypted-key/) != "" ; "must specify plaintext-key or encrypted-key"
\ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/auth/plaintext-key/node.def b/templates/service/snmp/v3/user/node.tag/auth/plaintext-key/node.def new file mode 100644 index 00000000..4f840d7c --- /dev/null +++ b/templates/service/snmp/v3/user/node.tag/auth/plaintext-key/node.def @@ -0,0 +1,5 @@ +type: txt +help: Defines the key in the clear text for authentication protocol +syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters" + +update:expression: $VAR(../encrypted-key/@) = ""
\ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/auth/type/node.def b/templates/service/snmp/v3/user/node.tag/auth/type/node.def new file mode 100644 index 00000000..5a2ffc52 --- /dev/null +++ b/templates/service/snmp/v3/user/node.tag/auth/type/node.def @@ -0,0 +1,8 @@ +type: txt +default: "md5" +help: Defines the protocol using for authentication +syntax:expression: $VAR(@) in "md5", "sha" +allowed: echo md5 sha + +val_help: md5; Message Digest 5 +val_help: sha; Secure Hash Algorithm
\ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/group/node.def b/templates/service/snmp/v3/user/node.tag/group/node.def new file mode 100644 index 00000000..66543579 --- /dev/null +++ b/templates/service/snmp/v3/user/node.tag/group/node.def @@ -0,0 +1,11 @@ +type: txt +help: Specifies group for user name +allowed: list=`cli-shell-api listNodes service snmp v3 group` + echo $list +syntax:expression:exec "regex=\"(^| )$VAR(@)( |$)\"; \ + if [[ \"$VAR(/service/snmp/v3/group/@@)\" =~ $regex ]] ; \ + then \ + exit 0; \ + else \ + exit 1; \ + fi" ; "You must create \"$VAR(@)\" group first" diff --git a/templates/service/snmp/v3/user/node.tag/mode/node.def b/templates/service/snmp/v3/user/node.tag/mode/node.def new file mode 100644 index 00000000..9855f5fb --- /dev/null +++ b/templates/service/snmp/v3/user/node.tag/mode/node.def @@ -0,0 +1,8 @@ +type: txt +default: "ro" +help: Specifies the mode for access rights of user, read only or write +syntax:expression: $VAR(@) in "ro", "rw" +allowed: echo ro rw + +val_help: ro; +val_help: rw; diff --git a/templates/service/snmp/v3/user/node.tag/privacy/encrypted-key/node.def b/templates/service/snmp/v3/user/node.tag/privacy/encrypted-key/node.def new file mode 100644 index 00000000..8feef111 --- /dev/null +++ b/templates/service/snmp/v3/user/node.tag/privacy/encrypted-key/node.def @@ -0,0 +1,2 @@ +type: txt +help: Defines the encrypted key for privacy protocol diff --git a/templates/service/snmp/v3/user/node.tag/privacy/node.def b/templates/service/snmp/v3/user/node.tag/privacy/node.def new file mode 100644 index 00000000..94bf850c --- /dev/null +++ b/templates/service/snmp/v3/user/node.tag/privacy/node.def @@ -0,0 +1,3 @@ +help: Specifies the privacy +commit:expression: $VAR(type/) != "" ; "must specify type" +commit:expression: $VAR(plaintext-key/) != "" || $VAR(encrypted-key/) != "" ; "must specify plaintext-key or encrypted-key"
\ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/privacy/plaintext-key/node.def b/templates/service/snmp/v3/user/node.tag/privacy/plaintext-key/node.def new file mode 100644 index 00000000..5d706712 --- /dev/null +++ b/templates/service/snmp/v3/user/node.tag/privacy/plaintext-key/node.def @@ -0,0 +1,5 @@ +type: txt +help: Defines the key in the clear text for protocol for privacy +syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters" + +update:expression: $VAR(../encrypted-key/@) = ""
\ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/privacy/type/node.def b/templates/service/snmp/v3/user/node.tag/privacy/type/node.def new file mode 100644 index 00000000..bbfd5331 --- /dev/null +++ b/templates/service/snmp/v3/user/node.tag/privacy/type/node.def @@ -0,0 +1,8 @@ +type: txt +default: "des" +help: Defines the protocol for privacy +syntax:expression: $VAR(@) in "des", "aes" +allowed: echo des aes + +val_help: des; Data Encryption Standard +val_help: aes; Advanced Encryption Standard
\ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/tsm-key/node.def b/templates/service/snmp/v3/user/node.tag/tsm-key/node.def new file mode 100644 index 00000000..e9f55a5f --- /dev/null +++ b/templates/service/snmp/v3/user/node.tag/tsm-key/node.def @@ -0,0 +1,10 @@ +type: txt +help: Specifies finger print or file name of TSM certificate. +allowed: sudo ls /etc/snmp/tls/certs +syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" || + exec "if [ `sudo ls \"/etc/snmp/tls/certs/$VAR(@)\" 2> /dev/null` ]; \ + then \ + exit 0; \ + else \ + exit 1; \ + fi" ; "value can be finger print key or filename in /etc/snmp/tls/certs folder"
\ No newline at end of file diff --git a/templates/service/snmp/v3/view/node.def b/templates/service/snmp/v3/view/node.def new file mode 100644 index 00000000..a83c978b --- /dev/null +++ b/templates/service/snmp/v3/view/node.def @@ -0,0 +1,5 @@ +tag: +type: txt +help: Specifies the view with name viewname + +commit:expression: $VAR(oid/) != ""; "must configure an oid"
\ No newline at end of file diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.def new file mode 100644 index 00000000..beed3274 --- /dev/null +++ b/templates/service/snmp/v3/view/node.tag/oid/node.def @@ -0,0 +1,4 @@ +tag: +type: txt +help: Specifies the oid +syntax:expression: pattern $VAR(@) "^[0-9]+(\.[0-9]+)*$" ; "oid must start from a number" diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.tag/exclude/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.tag/exclude/node.def new file mode 100644 index 00000000..df3611cb --- /dev/null +++ b/templates/service/snmp/v3/view/node.tag/oid/node.tag/exclude/node.def @@ -0,0 +1 @@ +help: Exclude is optional argument. diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.tag/mask/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.tag/mask/node.def new file mode 100644 index 00000000..bc500afe --- /dev/null +++ b/templates/service/snmp/v3/view/node.tag/oid/node.tag/mask/node.def @@ -0,0 +1,4 @@ +type: txt +help: Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant. +syntax:expression: pattern $VAR(@) "^[0-9a-f]{2}([\\.:][0-9a-f]{2})*$" ; \ + "MASK is a list of hex octets, separated by '.' or ':'"
\ No newline at end of file |