From e4c3ae81d2d1f040a8ad363928302d72f8431ef9 Mon Sep 17 00:00:00 2001
From: James Davidson <james.davidson@vyatta.com>
Date: Wed, 6 Mar 2013 10:16:06 -0800
Subject: Sync up SNMPv3 support
SNMP-135 store SNMP superuser password to config file
SNMP-130 add engineId for trap-target
SNMP-134 use 'stop' and 'start' instead of 'restart'
SNMP-141 change engineID syntax checking
SNMP-136 Users are lost after changing TSM port
SNMP-149 TLS Error: Permission denied
SNMP-147 Not correct priority in TSM users
SNMP-148 Configuring already use port for TSM is destroying users.
SNMP-151 Errors in logs after first snmp configuration
SNMP-152 Hide 'No such file or directory' error message
SNMP-153 Debug messages after 'delete service snmp'
SNMP-157 Run Perltidy for all Perl scripts
SNMP-158 change syntax of trap-target engineID
SNMP-163: added script to check name, apply it for user, group and view names
SNMP-161 Faulty configuration with many trap-target
SNMP-160 Look for TSM keys in /config folder
SNMP-162 CLI permit not correct oid
SNMP-163: typo in script
SNMP-160 Look for TSM keys in /config folder
SNMP-163: added support of upper case for names in the script
SNMP-163: create rule for names, permit only a-zA-Z0-9
SNMP-163: typo
---
Makefile.am | 1 +
scripts/snmp/vyatta-snmp-v3.pl | 772 +++++++++++----------
scripts/snmp/vyatta-snmp.pl | 5 +
scripts/system/vyatta_check_snmp_name.pl | 31 +
templates/service/snmp/node.def | 7 +
templates/service/snmp/v3/group/node.def | 2 +
templates/service/snmp/v3/node.def | 4 +-
templates/service/snmp/v3/trap-target/node.def | 2 +
.../snmp/v3/trap-target/node.tag/engineid/node.def | 3 +
templates/service/snmp/v3/tsm/local-key/node.def | 8 +-
templates/service/snmp/v3/user/node.def | 5 +-
.../service/snmp/v3/user/node.tag/tsm-key/node.def | 8 +-
templates/service/snmp/v3/view/node.def | 5 +-
.../service/snmp/v3/view/node.tag/oid/node.def | 2 +-
14 files changed, 488 insertions(+), 367 deletions(-)
create mode 100755 scripts/system/vyatta_check_snmp_name.pl
create mode 100644 templates/service/snmp/v3/trap-target/node.tag/engineid/node.def
diff --git a/Makefile.am b/Makefile.am
index 1d7f7dee..77cdfb07 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -36,6 +36,7 @@ sbin_SCRIPTS += scripts/vyatta-grub-setup
sbin_SCRIPTS += scripts/standalone_root_pw_reset
sbin_SCRIPTS += scripts/vyatta-passwd-sync
sbin_SCRIPTS += scripts/system/vyatta_check_username.pl
+sbin_SCRIPTS += scripts/system/vyatta_check_snmp_name.pl
sbin_SCRIPTS += scripts/system/vyatta_check_domainname.pl
sbin_SCRIPTS += scripts/system/vyatta_interface_rescan
sbin_SCRIPTS += scripts/system/vyatta_update_hosts.pl
diff --git a/scripts/snmp/vyatta-snmp-v3.pl b/scripts/snmp/vyatta-snmp-v3.pl
index ef93b8a1..20e50e63 100755
--- a/scripts/snmp/vyatta-snmp-v3.pl
+++ b/scripts/snmp/vyatta-snmp-v3.pl
@@ -7,483 +7,534 @@ use Getopt::Long;
use Socket;
use Socket6;
-my $snmp_v3_level = 'service snmp v3';
-my $snmp_init = 'invoke-rc.d snmpd';
-my $snmpd_conf = '/etc/snmp/snmpd.conf';
-my $snmpd_usr_conf = '/usr/share/snmp/snmpd.conf';
-my $snmpd_var_conf = '/var/lib/snmp/snmpd.conf';
-my $snmpd_conf_tmp = "/tmp/snmpd.conf.$$";
+my $snmp_v3_level = 'service snmp v3';
+my $snmp_init = 'invoke-rc.d snmpd';
+my $snmpd_conf = '/etc/snmp/snmpd.conf';
+my $snmpd_usr_conf = '/usr/share/snmp/snmpd.conf';
+my $snmpd_var_conf = '/var/lib/snmp/snmpd.conf';
+my $snmpd_conf_tmp = "/tmp/snmpd.conf.$$";
my $snmpd_usr_conf_tmp = "/tmp/snmpd.usr.conf.$$";
my $snmpd_var_conf_tmp = "/tmp/snmpd.var.conf.$$";
-my $versionfile = '/opt/vyatta/etc/version';
-my $local_agent = 'unix:/var/run/snmpd.socket';
+my $versionfile = '/opt/vyatta/etc/version';
+my $local_agent = 'unix:/var/run/snmpd.socket';
my $vyatta_config_file = '/config/snmp/snmp_conf.ini';
%VConfig = ();
%OIDs = (
- "md5", ".1.3.6.1.6.3.10.1.1.2",
- "sha", ".1.3.6.1.6.3.10.1.1.3",
- "aes", ".1.3.6.1.6.3.10.1.2.4",
- "des", ".1.3.6.1.6.3.10.1.2.2",
- "none", ".1.3.6.1.6.3.10.1.2.1"
+ "md5", ".1.3.6.1.6.3.10.1.1.2", "sha", ".1.3.6.1.6.3.10.1.1.3",
+ "aes", ".1.3.6.1.6.3.10.1.2.4", "des", ".1.3.6.1.6.3.10.1.2.2",
+ "none", ".1.3.6.1.6.3.10.1.2.1"
);
# generate a random character hex string
sub randhex {
my $length = shift;
- return join "", map { unpack "H*", chr(rand(256)) } 1..($length/2);
+ return join "", map { unpack "H*", chr( rand(256) ) } 1 .. ( $length / 2 );
}
sub parse_config_file {
- open (CONFIG, "$vyatta_config_file") or return;
+ open( CONFIG, "$vyatta_config_file" ) or return;
while (<CONFIG>) {
- chomp; # no newline
- s/#.*//; # no comments
- s/^\s+//; # no leading white
- s/\s+$//; # no trailing white
- next unless length; # anything left?
- my ($var, $value) = split(/\s*=\s*/, $_, 2);
- $VConfig{$var} = $value;
+ chomp; # no newline
+ s/#.*//; # no comments
+ s/^\s+//; # no leading white
+ s/\s+$//; # no trailing white
+ next unless length; # anything left?
+ my ( $var, $value ) = split( /\s*=\s*/, $_, 2 );
+ $VConfig{$var} = $value;
}
close(CONFIG);
}
sub write_config_file {
- open (my $config_file, '>' , "$vyatta_config_file");
- for my $key (keys %VConfig) {
- my $value = $VConfig{$key};
- print $config_file "$key=$value\n";
+ open( my $config_file, '>', "$vyatta_config_file" );
+ for my $key ( keys %VConfig ) {
+ my $value = $VConfig{$key};
+ print $config_file "$key=$value\n";
}
close $config_file;
}
sub snmpd_running {
- open (my $pidf, '<', "/var/run/snmpd.pid")
- or return;
+ open( my $pidf, '<', "/var/run/snmpd.pid" )
+ or return;
my $pid = <$pidf>;
close $pidf;
chomp $pid;
my $exe = readlink "/proc/$pid/exe";
- return (defined($exe) && $exe eq "/usr/sbin/snmpd");
+ return ( defined($exe) && $exe eq "/usr/sbin/snmpd" );
}
sub check_snmp_exit_code {
- my $code = shift;
- # snmpd can start/restart with exit code 256 if trap-target is unavailable
- if ($code !=0 && $code != 256) {
- return 1;
- } else {
- return 0;
- }
+ my $code = shift;
+
+ # snmpd can start/restart with exit code 256 if trap-target is unavailable
+ if ( $code != 0 && $code != 256 ) {
+ return 1;
+ }
+ else {
+ return 0;
+ }
}
sub snmpd_stop {
- system("$snmp_init stop > /dev/null 2>&1");
- if (check_snmp_exit_code($?)) {
- print "ERROR: Can not stop snmpd!\n";
- exit(1);
+ system(
+"start-stop-daemon --stop --exec /usr/sbin/snmpd --oknodo -R 2 > /dev/null 2>&1"
+ );
+ if ( check_snmp_exit_code($?) ) {
+ print "ERROR: Can not stop snmpd!\n";
+ exit(1);
}
}
sub snmpd_start {
system("$snmp_init start > /dev/null 2>&1");
- if (check_snmp_exit_code($?)) {
- print "ERROR: Can not start snmpd!\n";
- exit(1);
+ if ( check_snmp_exit_code($?) ) {
+ print "ERROR: Can not start snmpd!\n";
+ exit(1);
}
}
sub snmpd_update {
system("$snmp_init reload > /dev/null 2>&1");
- if (check_snmp_exit_code($?)) {
- print "ERROR: Can not reload snmpd!\n";
- exit(1);
+ if ( check_snmp_exit_code($?) ) {
+ print "ERROR: Can not reload snmpd!\n";
+ exit(1);
}
}
sub snmpd_restart {
system("$snmp_init restart > /dev/null 2>&1");
- if (check_snmp_exit_code($?)) {
- print "ERROR: Can not restart snmpd!\n";
- exit(1);
+ if ( check_snmp_exit_code($?) ) {
+ print "ERROR: Can not restart snmpd!\n";
+ exit(1);
}
}
sub get_version {
my $version = "unknown-version";
- if (open (my $f, '<', $versionfile)) {
- while (<$f>) {
- chomp;
- if (m/^Version\s*:\s*(.*)$/) {
- $version = $1;
- last;
- }
- }
- close $f;
+ if ( open( my $f, '<', $versionfile ) ) {
+ while (<$f>) {
+ chomp;
+ if (m/^Version\s*:\s*(.*)$/) {
+ $version = $1;
+ last;
+ }
+ }
+ close $f;
}
return $version;
}
sub ipv6_disabled {
- socket ( my $s, PF_INET6, SOCK_DGRAM, 0)
- or return 1;
+ socket( my $s, PF_INET6, SOCK_DGRAM, 0 )
+ or return 1;
close($s);
return;
}
sub set_tsm {
my $config = get_snmp_config();
- if ($config->exists("tsm")) {
- my $port = $config->returnValue("tsm port");
- my $local_key = $config->returnValue("tsm local-key");
- system("sed -i 's/^agentaddress.*\$/&,tlstcp:$port,dtlsudp:$port/' $snmpd_conf_tmp");
- system("echo \"[snmp] localCert $local_key\" >> $snmpd_conf_tmp");
+ if ( $config->exists("tsm") ) {
+ my $port = $config->returnValue("tsm port");
+ my $local_key = $config->returnValue("tsm local-key");
+ system(
+"sed -i 's/^agentaddress.*\$/&,tlstcp:$port,dtlsudp:$port/' $snmpd_conf_tmp"
+ );
+ system("echo \"[snmp] localCert $local_key\" >> $snmpd_conf_tmp");
}
}
sub snmp_delete {
snmpd_stop();
- @files = ($snmpd_conf, $snmpd_usr_conf, $snmpd_var_conf);
+ @files = ( $snmpd_conf, $snmpd_usr_conf, $snmpd_var_conf );
foreach $file (@files) {
- if (-e $file) {
- if (unlink($file) == 0) {
- print "File $file was not deleted.\n";
- } else {
- print "File $file deleted successfully.\n";
- }
- } else {
- print "File $file does not exist\n";
- }
+ if ( -e $file ) {
+ unlink($file);
+ }
}
}
sub get_snmp_config() {
- my $config = new Vyatta::Config;
+ my $config = new Vyatta::Config;
$config->setLevel($snmp_v3_level);
- return $config;
+ return $config;
}
sub set_views() {
- print "# views \n";
- my $config = get_snmp_config();
- foreach my $view ($config->listNodes("view")) {
- foreach my $oid ($config->listNodes("view $view oid")) {
- my $mask = $config->returnValue("view $view oid $oid mask");
- if ($config->exists("view $view oid $oid exclude")) {
- print "view $view excluded .$oid $mask\n";
- } else {
- print "view $view included .$oid $mask\n";
- }
+ print "# views \n";
+ my $config = get_snmp_config();
+ foreach my $view ( $config->listNodes("view") ) {
+ foreach my $oid ( $config->listNodes("view $view oid") ) {
+ my $mask = $config->returnValue("view $view oid $oid mask");
+ if ( $config->exists("view $view oid $oid exclude") ) {
+ print "view $view excluded .$oid $mask\n";
+ }
+ else {
+ print "view $view included .$oid $mask\n";
+ }
+ }
}
- }
- print "\n";
+ print "\n";
}
sub set_groups() {
- print "#access\n# context sec.model sec.level match read write notif\n";
- my $config = get_snmp_config();
- foreach my $group ($config->listNodes("group")) {
- my $mode = $config->returnValue("group $group mode");
- my $view = $config->returnValue("group $group view");
- if ($mode eq "ro") {
- print "access $group \"\" usm auth exact $view none none\n";
- print "access $group \"\" tsm auth exact $view none none\n";
- } else {
- print "access $group \"\" usm auth exact $view $view none\n";
- print "access $group \"\" tsm auth exact $view $view none\n";
+ print
+"#access\n# context sec.model sec.level match read write notif\n";
+ my $config = get_snmp_config();
+ foreach my $group ( $config->listNodes("group") ) {
+ my $mode = $config->returnValue("group $group mode");
+ my $view = $config->returnValue("group $group view");
+ if ( $mode eq "ro" ) {
+ print "access $group \"\" usm auth exact $view none none\n";
+ print "access $group \"\" tsm auth exact $view none none\n";
+ }
+ else {
+ print "access $group \"\" usm auth exact $view $view none\n";
+ print "access $group \"\" tsm auth exact $view $view none\n";
+ }
}
- }
- print "\n";
+ print "\n";
}
sub set_users_in_etc() {
- print "#group\n";
-
- my $config = get_snmp_config();
- foreach my $user ($config->listNodes("user")) {
- $config->setLevel($snmp_v3_level." user $user");
- if ($config->exists("group")) {
- my $group = $config->returnValue("group");
- print "group $group usm $user\n";
- print "group $group tsm $user\n";
+ print "#group\n";
+ my $tsm_counter = 0;
+ my $config = get_snmp_config();
+ foreach my $user ( $config->listNodes("user") ) {
+ $config->setLevel( $snmp_v3_level . " user $user" );
+ if ( $config->exists("group") ) {
+ my $group = $config->returnValue("group");
+ print "group $group usm $user\n";
+ print "group $group tsm $user\n";
+ }
+ if ( $config->exists("tsm-key") ) {
+ my $cert = $config->returnValue("tsm-key");
+ $tsm_counter++;
+ print "certSecName $tsm_counter $cert --sn $user\n";
+ }
}
- if ($config->exists("tsm-key")) {
- my $cert = $config->returnValue("tsm-key");
- #TODO magic number 10
- print "certSecName 10 $cert --sn $user\n";
- }
- }
- print "\n";
+ print "\n";
}
sub set_users_to_other() {
- open (my $usr_conf, '>>', $snmpd_usr_conf_tmp)
- or die "Couldn't open $snmpd_usr_conf_tmp - $!";
- open (my $var_conf, '>>', $snmpd_var_conf_tmp)
- or die "Couldn't open $snmpd_var_conf_tmp - $!";
-
- print $var_conf "\n";
-
- my $config = get_snmp_config();
- my $needTsm = 0;
- if ($config->exists("tsm")) {
- $needTsm = 1;
- }
-
- my %trap_users=();
-
- foreach my $trap ($config->listNodes("trap-target")) {
- $trap_users{$config->returnValue("trap-target $trap user")} = 1;
- }
-
- foreach my $user ($config->listNodes("user")) {
- delete $trap_users{$user};
- $config->setLevel($snmp_v3_level." user $user");
- my $auth_type = $config->returnValue("auth type");
- my $priv_type = $config->returnValue("privacy type");
- if ($config->exists("auth")) {
- if ($config->exists("auth plaintext-key")) {
- my $auth_key = $config->returnValue("auth plaintext-key");
- my $priv_key = $config->returnValue("privacy plaintext-key");
- print $var_conf "createUser $user \U$auth_type\E $auth_key \U$priv_type\E $priv_key\n";
- } else {
- my $name_print = get_printable_name($user);
- my $EngineID = $VConfig{"User.$user.EngineID"};
- my $auth_type_oid = $OIDs{$auth_type};
- my $auth_key_hex = $config->returnValue("auth encrypted-key");
- local ($priv_type_oid, $priv_key_hex);
- if ($config->exists("privacy")) {
- $priv_type_oid = $OIDs{$priv_type};
- $priv_key_hex = $config->returnValue("privacy encrypted-key");
- } else {
- $priv_type_oid = $OIDs{'none'};
- $priv_key_hex = '0x';
- }
- print $var_conf "usmUser 1 3 $EngineID $name_print $name_print NULL $auth_type_oid $auth_key_hex $priv_type_oid $priv_key_hex 0x\n";
- }
+ open( my $usr_conf, '>>', $snmpd_usr_conf_tmp )
+ or die "Couldn't open $snmpd_usr_conf_tmp - $!";
+ open( my $var_conf, '>>', $snmpd_var_conf_tmp )
+ or die "Couldn't open $snmpd_var_conf_tmp - $!";
+
+ print $var_conf "\n";
+
+ my $config = get_snmp_config();
+ my $needTsm = 0;
+ if ( $config->exists("tsm") ) {
+ $needTsm = 1;
}
- my $mode = $config->returnValue("mode");
- my $end = "auth";
- if ($config->exists("privacy")) {
- $end = "priv";
+
+ my %trap_users = ();
+
+ foreach my $trap ( $config->listNodes("trap-target") ) {
+ $trap_users{ $config->returnValue("trap-target $trap user") } = 1;
}
- print $usr_conf $mode."user $user $end\n";
- if ($needTsm) {
- print $usr_conf $mode."user -s tsm $user $end\n";
+
+ foreach my $user ( $config->listNodes("user") ) {
+ delete $trap_users{$user};
+ $config->setLevel( $snmp_v3_level . " user $user" );
+ my $auth_type = $config->returnValue("auth type");
+ my $priv_type = $config->returnValue("privacy type");
+ if ( $config->exists("auth") ) {
+ if ( $config->exists("auth plaintext-key") ) {
+ my $auth_key = $config->returnValue("auth plaintext-key");
+ my $priv_key = $config->returnValue("privacy plaintext-key");
+ print $var_conf
+"createUser $user \U$auth_type\E $auth_key \U$priv_type\E $priv_key\n";
+ }
+ else {
+ my $name_print = get_printable_name($user);
+ my $EngineID = $VConfig{"User.$user.EngineID"};
+ my $auth_type_oid = $OIDs{$auth_type};
+ my $auth_key_hex = $config->returnValue("auth encrypted-key");
+ local ( $priv_type_oid, $priv_key_hex );
+ if ( $config->exists("privacy") ) {
+ $priv_type_oid = $OIDs{$priv_type};
+ $priv_key_hex =
+ $config->returnValue("privacy encrypted-key");
+ }
+ else {
+ $priv_type_oid = $OIDs{'none'};
+ $priv_key_hex = '0x';
+ }
+ print $var_conf
+"usmUser 1 3 $EngineID $name_print $name_print NULL $auth_type_oid $auth_key_hex $priv_type_oid $priv_key_hex 0x\n";
+ }
+ }
+ my $mode = $config->returnValue("mode");
+ my $end = "auth";
+ if ( $config->exists("privacy") ) {
+ $end = "priv";
+ }
+ print $usr_conf $mode . "user $user $end\n";
+ if ($needTsm) {
+ print $usr_conf $mode . "user -s tsm $user $end\n";
+ }
}
- }
- foreach my $user (keys %trap_users) {
- $name_print = get_printable_name($user);
- print $var_conf "usmUser 1 3 0x".randhex(26)." $name_print $name_print NULL .1.3.6.1.6.3.10.1.1.2 0x".randhex(32)." .1.3.6.1.6.3.10.1.2.1 0x 0x\n";
- print $usr_conf "rouser $user auth";
- }
+ foreach my $user ( keys %trap_users ) {
+ $name_print = get_printable_name($user);
+ print $var_conf "usmUser 1 3 0x"
+ . randhex(26)
+ . " $name_print $name_print NULL .1.3.6.1.6.3.10.1.1.2 0x"
+ . randhex(32)
+ . " .1.3.6.1.6.3.10.1.2.1 0x 0x\n";
+ print $usr_conf "rouser $user auth\n";
+ }
- print $var_conf "setservialno ".$VConfig{"serialno"}."\n";
- print $var_conf "oldEngineID ".$VConfig{"oldEngineID"}."\n";
+ print $var_conf "setserialno " . $VConfig{"serialno"} . "\n"
+ if exists $VConfig{"serialno"};
+ print $var_conf "oldEngineID " . $VConfig{"oldEngineID"} . "\n"
+ if exists $VConfig{"oldEngineID"};
- close $usr_conf;
- close $var_conf;
+ close $usr_conf;
+ close $var_conf;
}
sub get_printable_name {
- my $name = shift;
- if ($name =~ /-/) {
- my @array=unpack('C*', $name);
- my $stringHex = '0x';
- foreach my $c (@array) {
- $stringHex .= sprintf ("%lx", $c);
+ my $name = shift;
+ if ( $name =~ /-/ ) {
+ my @array = unpack( 'C*', $name );
+ my $stringHex = '0x';
+ foreach my $c (@array) {
+ $stringHex .= sprintf( "%lx", $c );
+ }
+ return $stringHex;
+ }
+ else {
+ return "\"$name\"";
}
- return $stringHex;
- } else {
- return "\"$name\"";
- }
}
sub update_users_vyatta_conf() {
- %VConfig = ();
- open (my $var_conf, '<' , $snmpd_var_conf) or die "Couldn't open $snmpd_usr_conf - $!";
- my $config = get_snmp_config();
- while (my $line = <$var_conf>) {
- if ($line =~ /^setserialno (.*)$/) {
- $VConfig{"serialno"} = $1;
- }
- if ($line =~ /^oldEngineID (.*)$/) {
- $VConfig{"oldEngineID"} = $1;
- }
- if ($line =~ /^usmUser /) {
- my @values = split(/ /, $line);
- my $name = $values[4];
- if ($name =~ /^"(.*)"$/) {
- $name = $1;
- } else {
- $name = pack('H*', $name);
- }
- # this file contain users for trap-target and vyatta... user
- # these users recreating automatically on each commit
- if ($config->exists("user $name")) {
- $VConfig{"User.$name.EngineID"} = $values[3];
- system("/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" auth encrypted-key $values[8] > /dev/null");
- if ($values[10] ne "\"\"" && $values[10] ne "0x") {
- system("/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" privacy encrypted-key $values[10] > /dev/null");
- system("/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" privacy plaintext-key > /dev/null");
- }
- system("/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" auth plaintext-key > /dev/null");
- }
+ %VConfig = ();
+ open( my $var_conf, '<', $snmpd_var_conf )
+ or die "Couldn't open $snmpd_usr_conf - $!";
+ my $config = get_snmp_config();
+ while ( my $line = <$var_conf> ) {
+ if ( $line =~ /^setserialno (.*)$/ ) {
+ $VConfig{"serialno"} = $1;
+ }
+ if ( $line =~ /^oldEngineID (.*)$/ ) {
+ $VConfig{"oldEngineID"} = $1;
+ }
+ if ( $line =~ /^usmUser / ) {
+ my @values = split( / /, $line );
+ my $name = $values[4];
+ if ( $name =~ /^"(.*)"$/ ) {
+ $name = $1;
+ }
+ else {
+ $name = pack( 'H*', $name );
+ }
+
+ # this file contain users for trap-target and vyatta... user
+ # these users recreating automatically on each commit
+ if ( $config->exists("user $name") ) {
+ $VConfig{"User.$name.EngineID"} = $values[3];
+ system(
+"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" auth encrypted-key $values[8] > /dev/null"
+ );
+ if ( $values[10] ne "\"\"" && $values[10] ne "0x" ) {
+ system(
+"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" privacy encrypted-key $values[10] > /dev/null"
+ );
+ system(
+"/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" privacy plaintext-key > /dev/null"
+ );
+ }
+ system(
+"/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" auth plaintext-key > /dev/null"
+ );
+ }
+ }
}
- }
+ close $var_conf;
}
sub set_hosts() {
- print "#trap-target\n";
- my $config = get_snmp_config();
- foreach my $target ($config->listNodes("trap-target")) {
- $config->setLevel($snmp_v3_level." trap-target $target");
- my $auth_key = '';
- if ($config->exists("auth plaintext-key")) {
- $auth_key = "-A ".$config->returnValue("auth plaintext-key");
- } else {
- $auth_key = "-3m ".$config->returnValue("auth encrypted-key");
- }
- my $auth_type = $config->returnValue("auth type");
- my $user = $config->returnValue("user");
- my $port = $config->returnValue("port");
- my $protocol = $config->returnValue("protocol");
- my $type = $config->returnValue("type");
- my $inform_flag = '';
- $inform_flag = '-Ci' if ($type eq 'inform');
- my $privacy = '';
- my $secLevel = 'authNoPriv';
- if ($config->exists("privacy")) {
- my $priv_key = '';
- if ($config->exists("privacy plaintext-key")) {
- $priv_key = "-X ".$config->returnValue("privacy plaintext-key");
- } else {
- $priv_key = "-3M ".$config->returnValue("privacy encrypted-key")
- }
- my $priv_type = $config->returnValue("privacy type");
- $privacy = "-x $priv_type $priv_key";
- $secLevel = 'authPriv';
- }
- # TODO
- # set -3m / -3M for auth / priv for master
- # or -3k / -3K for local
- my $target_print = $target;
- if ($target =~ /:/) {
- $target_print = "[$target]";
- $protocol = $protocol."6";
+ print "#trap-target\n";
+ my $config = get_snmp_config();
+ foreach my $target ( $config->listNodes("trap-target") ) {
+ $config->setLevel( $snmp_v3_level . " trap-target $target" );
+ my $auth_key = '';
+ if ( $config->exists("auth plaintext-key") ) {
+ $auth_key = "-A " . $config->returnValue("auth plaintext-key");
+ }
+ else {
+ $auth_key = "-3m " . $config->returnValue("auth encrypted-key");
+ }
+ my $auth_type = $config->returnValue("auth type");
+ my $user = $config->returnValue("user");
+ my $port = $config->returnValue("port");
+ my $protocol = $config->returnValue("protocol");
+ my $type = $config->returnValue("type");
+ my $inform_flag = '-Ci';
+ $inform_flag = '-Ci' if ( $type eq 'inform' );
+
+ if ( $type eq 'trap' ) {
+ $inform_flag = '-e ' . $config->returnValue("engineid");
+ }
+ my $privacy = '';
+ my $secLevel = 'authNoPriv';
+ if ( $config->exists("privacy") ) {
+ my $priv_key = '';
+ if ( $config->exists("privacy plaintext-key") ) {
+ $priv_key =
+ "-X " . $config->returnValue("privacy plaintext-key");
+ }
+ else {
+ $priv_key =
+ "-3M " . $config->returnValue("privacy encrypted-key");
+ }
+ my $priv_type = $config->returnValue("privacy type");
+ $privacy = "-x $priv_type $priv_key";
+ $secLevel = 'authPriv';
+ }
+
+ # TODO
+ # set -3m / -3M for auth / priv for master
+ # or -3k / -3K for local
+ my $target_print = $target;
+ if ( $target =~ /:/ ) {
+ $target_print = "[$target]";
+ $protocol = $protocol . "6";
+ }
+ print
+"trapsess -v 3 $inform_flag -u $user -l $secLevel -a $auth_type $auth_key $privacy $protocol:$target_print:$port\n";
}
- print "trapsess -v 3 $inform_flag -u $user -l $secLevel -a $auth_type $auth_key $privacy $protocol:$target_print:$port\n";
- }
- print "\n";
+ print "\n";
}
sub check_user_auth_changes() {
- my $config = get_snmp_config();
- if ($config->isChanged("user")) {
- my $haveError = 0;
- foreach my $user ($config->listNodes("user")) {
- $config->setLevel($snmp_v3_level." user $user");
- if ($config->exists("auth")) {
- if ($config->isChanged("auth encrypted-key") || $config->isChanged("privacy encrypted-key")) {
- $haveError = 1;
- print "Discard encrypted-key on user \"$user\". You can't change encrypted key. It does not supported yet.";
- }
- my $isAuthKeyChanged = $config->isChanged("auth plaintext-key");
- my $isAuthChanged = $isAuthKeyChanged || $config->isChanged("auth type");
- if (($isAuthChanged || $config->isDeleted("privacy") ) && !$isAuthKeyChanged) {
- $haveError = 1;
- print "Please, set auth plaintext-key for user \"$user\"\n";
- }
- if ($config->exists("privacy")) {
- my $isPrivKeyChanged = $config->isChanged("privacy plaintext-key");
- my $isPrivChanged = $isPrivKeyChanged || $config->isChanged("privacy type");
- if ($isPrivChanged && !$isAuthKeyChanged) {
- $haveError = 1;
- print "Please, set auth plaintext-key for user \"$user\"\n";
- }
- if (($isAuthChanged || $isPrivChanged) && !$isPrivKeyChanged) {
- $haveError = 1;
- print "Please, set privacy plaintext-key for user \"$user\"\n";
- }
- }
- } else {
- if ($config->exists("privacy")) {
- $haveError = 1;
- print "Please, delete privacy for user \"$user\"\n";
- }
- }
- }
- if ($haveError) {
- exit(1);
+ my $config = get_snmp_config();
+ if ( $config->isChanged("user") ) {
+ my $haveError = 0;
+ foreach my $user ( $config->listNodes("user") ) {
+ $config->setLevel( $snmp_v3_level . " user $user" );
+ if ( $config->exists("auth") ) {
+ if ( $config->isChanged("auth encrypted-key")
+ || $config->isChanged("privacy encrypted-key") )
+ {
+ $haveError = 1;
+ print
+"Discard encrypted-key on user \"$user\". You can't change encrypted key. It does not supported yet.\n";
+ }
+ my $isAuthKeyChanged = $config->isChanged("auth plaintext-key");
+ my $isAuthChanged = $isAuthKeyChanged
+ || $config->isChanged("auth type");
+ if ( ( $isAuthChanged || $config->isDeleted("privacy") )
+ && !$isAuthKeyChanged )
+ {
+ $haveError = 1;
+ print "Please, set auth plaintext-key for user \"$user\"\n";
+ }
+ if ( $config->exists("privacy") ) {
+ my $isPrivKeyChanged =
+ $config->isChanged("privacy plaintext-key");
+ my $isPrivChanged = $isPrivKeyChanged
+ || $config->isChanged("privacy type");
+ if ( $isPrivChanged && !$isAuthKeyChanged ) {
+ $haveError = 1;
+ print
+ "Please, set auth plaintext-key for user \"$user\"\n";
+ }
+ if ( ( $isAuthChanged || $isPrivChanged )
+ && !$isPrivKeyChanged )
+ {
+ $haveError = 1;
+ print
+"Please, set privacy plaintext-key for user \"$user\"\n";
+ }
+ }
+ }
+ else {
+ if ( $config->exists("privacy") ) {
+ $haveError = 1;
+ print "Please, delete privacy for user \"$user\"\n";
+ }
+ }
+ }
+ if ($haveError) {
+ exit(1);
+ }
}
- }
}
sub check_relation() {
- my $config = get_snmp_config();
- my $haveError = 0;
- foreach my $user ($config->listNodes("user")) {
- if ($config->exists("user $user group")) {
- my $group = $config->returnValue("user $user group");
- if (! $config->exists("group $group")) {
- $haveError = 1;
- print "Please, create group \"$group\". It's need for user \"$user\"\n";
- }
+ my $config = get_snmp_config();
+ my $haveError = 0;
+ foreach my $user ( $config->listNodes("user") ) {
+ if ( $config->exists("user $user group") ) {
+ my $group = $config->returnValue("user $user group");
+ if ( !$config->exists("group $group") ) {
+ $haveError = 1;
+ print
+"Please, create group \"$group\". It's need for user \"$user\"\n";
+ }
+ }
+ }
+ foreach my $group ( $config->listNodes("group") ) {
+ my $view = $config->returnValue("group $group view");
+ if ( !$config->exists("view $view") ) {
+ $haveError = 1;
+ print
+ "Please, create view \"$view\". It's need for group \"$group\"\n";
+ }
}
- }
- foreach my $group ($config->listNodes("group")) {
- my $view = $config->returnValue("group $group view");
- if (! $config->exists("view $view")) {
- $haveError = 1;
- print "Please, create view \"$view\". It's need for group \"$group\"\n";
+ if ($haveError) {
+ exit(1);
}
- }
- if ($haveError) {
- exit(1);
- }
}
sub check_tsm_port {
- my $config = get_snmp_config();
- if ($config->isChanged("tsm port")) {
- my $port = $config->returnValue("tsm port");
- my $reg = ":$port\$";
- $output = `netstat -anltup | awk '{print \$4}'`;
- foreach my $line (split(/\n/,$output)) {
- if ($line =~ /$reg/) {
- print "Actually port $port is using. It can not be used for tsm.\n";
- exit(1);
- }
+ my $config = get_snmp_config();
+ if ( $config->isChanged("tsm port") ) {
+ my $port = $config->returnValue("tsm port");
+ my $reg = ":$port\$";
+ $output = `netstat -anltup | awk '{print \$4}'`;
+ foreach my $line ( split( /\n/, $output ) ) {
+ if ( $line =~ /$reg/ ) {
+ print
+ "Actually port $port is using. It can not be used for tsm.\n";
+ exit(1);
+ }
+ }
}
- }
}
sub copy_conf_to_tmp() {
- # these files already contain SNMPv2 configuration
- copy($snmpd_conf, $snmpd_conf_tmp) or die "Couldn't copy $snmpd_conf to $snmpd_conf_tmp - $!";
- copy($snmpd_usr_conf, $snmpd_usr_conf_tmp) or die "Couldn't copy $snmpd_usr_conf to $snmpd_usr_conf_tmp - $!";
- copy($snmpd_var_conf, $snmpd_var_conf_tmp) or die "Couldn't copy $snmpd_var_conf to $snmpd_var_conf_tmp - $!";
+
+ # these files already contain SNMPv2 configuration
+ copy( $snmpd_conf, $snmpd_conf_tmp )
+ or die "Couldn't copy $snmpd_conf to $snmpd_conf_tmp - $!";
+ copy( $snmpd_usr_conf, $snmpd_usr_conf_tmp )
+ or die "Couldn't copy $snmpd_usr_conf to $snmpd_usr_conf_tmp - $!";
+ copy( $snmpd_var_conf, $snmpd_var_conf_tmp )
+ or die "Couldn't copy $snmpd_var_conf to $snmpd_var_conf_tmp - $!";
}
sub snmp_update {
- check_user_auth_changes();
- check_relation();
- check_tsm_port();
-
copy_conf_to_tmp();
set_tsm();
- open (my $fh, '>>', $snmpd_conf_tmp)
- or die "Couldn't open $snmpd_conf_tmp - $!";
+ open( my $fh, '>>', $snmpd_conf_tmp )
+ or die "Couldn't open $snmpd_conf_tmp - $!";
select $fh;
@@ -495,33 +546,42 @@ sub snmp_update {
close $fh;
select STDOUT;
- move($snmpd_conf_tmp, $snmpd_conf)
- or die "Couldn't move $snmpd_conf_tmp to $snmpd_conf - $!";
+ move( $snmpd_conf_tmp, $snmpd_conf )
+ or die "Couldn't move $snmpd_conf_tmp to $snmpd_conf - $!";
my $config = get_snmp_config();
- if ($config->isChanged("user") || $config->isAdded("tsm") || $config->isDeleted("tsm") || $config->isChanged("trap-target")) {
- parse_config_file();
- snmpd_stop();
- set_users_to_other();
- move($snmpd_usr_conf_tmp, $snmpd_usr_conf)
- or die "Couldn't move $snmpd_usr_conf_tmp to $snmpd_usr_conf - $!";
- move($snmpd_var_conf_tmp, $snmpd_var_conf)
- or die "Couldn't move $snmpd_var_conf_tmp to $snmpd_var_conf - $!";
- snmpd_start();
- snmpd_restart();
- update_users_vyatta_conf();
- write_config_file();
- } else {
- snmpd_start();
- }
+ parse_config_file();
+ snmpd_stop();
+ set_users_to_other();
+ move( $snmpd_usr_conf_tmp, $snmpd_usr_conf )
+ or die "Couldn't move $snmpd_usr_conf_tmp to $snmpd_usr_conf - $!";
+ move( $snmpd_var_conf_tmp, $snmpd_var_conf )
+ or die "Couldn't move $snmpd_var_conf_tmp to $snmpd_var_conf - $!";
+ snmpd_start();
+ snmpd_stop();
+ snmpd_start();
+ update_users_vyatta_conf();
+ write_config_file();
+
}
+sub snmp_check() {
+ check_user_auth_changes();
+ check_relation();
+ check_tsm_port();
+}
+
+my $check_config;
my $update_snmp;
my $delete_snmp;
-GetOptions("update-snmp!" => \$update_snmp,
- "delete-snmp!" => \$delete_snmp);
+GetOptions(
+ "check-config!" => \$check_config,
+ "update-snmp!" => \$update_snmp,
+ "delete-snmp!" => \$delete_snmp
+);
+snmp_check() if ($check_config);
snmp_update() if ($update_snmp);
snmp_delete() if ($delete_snmp);
diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl
index a4ea9e27..073e7c5a 100755
--- a/scripts/snmp/vyatta-snmp.pl
+++ b/scripts/snmp/vyatta-snmp.pl
@@ -44,6 +44,7 @@ my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf';
my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf';
my $versionfile = '/opt/vyatta/etc/version';
my $local_agent = 'unix:/var/run/snmpd.socket';
+my $password_file = '/config/snmp/superuser_pass';
my $snmp_level = 'service snmp';
@@ -291,6 +292,10 @@ sub snmp_create_snmpv3_user {
open(my $fh, '>', $snmp_snmpv3_createuser_conf) || die "Couldn't open $snmp_snmpv3_createuser_conf - $!";
print $fh $createuser;
close $fh;
+
+ open(my $pass_file, '>', $password_file) || die "Couldn't open $password_file - $!";
+ print $pass_file $passphrase;
+ close $pass_file;
}
sub snmp_write_snmpv3_user {
diff --git a/scripts/system/vyatta_check_snmp_name.pl b/scripts/system/vyatta_check_snmp_name.pl
new file mode 100755
index 00000000..599fe398
--- /dev/null
+++ b/scripts/system/vyatta_check_snmp_name.pl
@@ -0,0 +1,31 @@
+#!/usr/bin/perl
+
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc.
+# All Rights Reserved.
+#
+# **** End License ****
+
+use strict;
+use warnings;
+
+foreach my $name (@ARGV) {
+ die "$name : illegal characters in name\n"
+ if (!($name =~ /^[a-zA-Z0-9]*$/));
+
+ # Usernames may only be up to 32 characters long.
+ die "$name: name may only be up to 32 characters long\n"
+ if (length($name) > 32);
+}
+
+exit 0;
diff --git a/templates/service/snmp/node.def b/templates/service/snmp/node.def
index 8047121f..9fb161dc 100644
--- a/templates/service/snmp/node.def
+++ b/templates/service/snmp/node.def
@@ -3,6 +3,7 @@ help: Simple Network Management Protocol (SNMP)
commit:expression: $VAR(community/) != "" || $VAR(community6/) != "" || $VAR(v3/) != "" \
; "must configure a community or community6 or v3"
+create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi
delete: touch /tmp/snmp.$PPID
end:if [ -f "/tmp/snmp.$PPID" ]
then
@@ -10,6 +11,12 @@ end:if [ -f "/tmp/snmp.$PPID" ]
rm /tmp/snmp.$PPID;
sudo rm -f /etc/snmp/snmpd.conf;
else
+ if [ -n "$VAR(v3/)" ]; then
+ sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --check-config;
+ if [ $? != 0 ]; then
+ exit 1;
+ fi
+ fi
sudo /opt/vyatta/sbin/vyatta-snmp.pl --update-snmp;
if [ -n "$VAR(v3/)" ]
then
diff --git a/templates/service/snmp/v3/group/node.def b/templates/service/snmp/v3/group/node.def
index bcfe6795..13579174 100644
--- a/templates/service/snmp/v3/group/node.def
+++ b/templates/service/snmp/v3/group/node.def
@@ -1,5 +1,7 @@
tag:
type: txt
help: Specifies the group with name groupname
+syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name"
+syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)"
commit:expression: $VAR(view/) != "" ; "must specify view"
commit:expression: $VAR(mode/) != "" ; "must specify mode"
diff --git a/templates/service/snmp/v3/node.def b/templates/service/snmp/v3/node.def
index 756a156f..f89d2328 100644
--- a/templates/service/snmp/v3/node.def
+++ b/templates/service/snmp/v3/node.def
@@ -1,7 +1,6 @@
help: Simple Network Management Protocol (SNMP) v3
-create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi
- if [ ! -d "/config/snmp/tls" ]; then
+create: if [ ! -d "/config/snmp/tls" ]; then
sudo mkdir /config/snmp/tls ;
if [ -d "/etc/snmp/tls" ] ; then
sudo mv /etc/snmp/tls/* /config/snmp/tls > /dev/null 2>&1;
@@ -18,6 +17,7 @@ create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi
fi
begin: if [ -d "/config/snmp/tls" ]; then
+ sudo chown -R snmp /config/snmp/tls;
sudo chmod -R 600 /config/snmp/tls;
fi
diff --git a/templates/service/snmp/v3/trap-target/node.def b/templates/service/snmp/v3/trap-target/node.def
index d6203e9b..6c2717a8 100644
--- a/templates/service/snmp/v3/trap-target/node.def
+++ b/templates/service/snmp/v3/trap-target/node.def
@@ -7,6 +7,8 @@ commit:expression: $VAR(auth/) != ""; "must specify auth"
commit:expression: $VAR(protocol/) != ""; "must specify protocol"
commit:expression: $VAR(user/) != ""; "must specify user"
commit:expression: $VAR(port/) != ""; "must specify port"
+commit:expression: $VAR(type/@) == "inform" || ( $VAR(type/@) == "trap" && $VAR(engineid/) != "" ); \
+ "must specify engineid if type is 'trap'"
val_help: <x.x.x.x>; IP address of trap target
val_help: <h:h:h:h:h:h:h:h>; IPv6 address of trap target
\ No newline at end of file
diff --git a/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def b/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def
new file mode 100644
index 00000000..7a621af6
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: Defines the engineID. (needs for trap)
+syntax:expression: pattern $VAR(@) "^([0-9a-f][0-9a-f]){1,16}$" ; "id must contain from 2 to 32 hex digits"
\ No newline at end of file
diff --git a/templates/service/snmp/v3/tsm/local-key/node.def b/templates/service/snmp/v3/tsm/local-key/node.def
index d238d310..4bc3d07b 100644
--- a/templates/service/snmp/v3/tsm/local-key/node.def
+++ b/templates/service/snmp/v3/tsm/local-key/node.def
@@ -1,8 +1,12 @@
type: txt
help: Defines the server certificate fingerprint or key-file name.
-allowed: sudo ls /etc/snmp/tls/certs
+allowed: if sudo [ -d /etc/snmp/tls/certs ]; then
+ sudo ls /etc/snmp/tls/certs 2> /dev/null
+ else
+ sudo ls /config/snmp/tls/certs 2> /dev/null
+ fi
syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" ||
- exec "if [ `sudo ls \"/etc/snmp/tls/certs/$VAR(@)\" 2> /dev/null` ]; \
+ exec "if sudo [ -f /etc/snmp/tls/certs/$VAR(@) -o -f /config/snmp/tls/certs/$VAR(@) ]; \
then \
exit 0; \
else \
diff --git a/templates/service/snmp/v3/user/node.def b/templates/service/snmp/v3/user/node.def
index e6a8bc87..32e0f61f 100644
--- a/templates/service/snmp/v3/user/node.def
+++ b/templates/service/snmp/v3/user/node.def
@@ -1,6 +1,7 @@
tag:
type: txt
help: Specifies the user with name username
-syntax:expression: pattern $VAR(@) "^[^-]*$" ; "characters '-' in name is not supported yet"
+syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name"
+syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)"
commit:expression: $VAR(auth/) != "" || $VAR(tsm-key/) != ""; "must specify auth or tsm-key"
-commit:expression: $VAR(mode/) != ""; "must specify mode"
\ No newline at end of file
+commit:expression: $VAR(mode/) != ""; "must specify mode"
diff --git a/templates/service/snmp/v3/user/node.tag/tsm-key/node.def b/templates/service/snmp/v3/user/node.tag/tsm-key/node.def
index e9f55a5f..b41be079 100644
--- a/templates/service/snmp/v3/user/node.tag/tsm-key/node.def
+++ b/templates/service/snmp/v3/user/node.tag/tsm-key/node.def
@@ -1,8 +1,12 @@
type: txt
help: Specifies finger print or file name of TSM certificate.
-allowed: sudo ls /etc/snmp/tls/certs
+allowed: if sudo [ -d /etc/snmp/tls/certs ]; then
+ sudo ls /etc/snmp/tls/certs 2> /dev/null
+ else
+ sudo ls /config/snmp/tls/certs 2> /dev/null
+ fi
syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" ||
- exec "if [ `sudo ls \"/etc/snmp/tls/certs/$VAR(@)\" 2> /dev/null` ]; \
+ exec "if sudo [ -f /etc/snmp/tls/certs/$VAR(@) -o -f /config/snmp/tls/certs/$VAR(@) ]; \
then \
exit 0; \
else \
diff --git a/templates/service/snmp/v3/view/node.def b/templates/service/snmp/v3/view/node.def
index a83c978b..1fa589ae 100644
--- a/templates/service/snmp/v3/view/node.def
+++ b/templates/service/snmp/v3/view/node.def
@@ -1,5 +1,6 @@
tag:
type: txt
help: Specifies the view with name viewname
-
-commit:expression: $VAR(oid/) != ""; "must configure an oid"
\ No newline at end of file
+syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name"
+syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)"
+commit:expression: $VAR(oid/) != ""; "must configure an oid"
diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.def
index beed3274..ca2a5c5d 100644
--- a/templates/service/snmp/v3/view/node.tag/oid/node.def
+++ b/templates/service/snmp/v3/view/node.tag/oid/node.def
@@ -1,4 +1,4 @@
tag:
type: txt
help: Specifies the oid
-syntax:expression: pattern $VAR(@) "^[0-9]+(\.[0-9]+)*$" ; "oid must start from a number"
+syntax:expression: pattern $VAR(@) "^[0-9]+(\\.[0-9]+)*$" ; "oid must start from a number"
--
cgit v1.2.3