From e992ddd83ab2002ea6aeb9a4cacf89f9a888c17b Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Wed, 31 Oct 2007 18:49:53 -0700 Subject: Fix snmp such that it can be configured by non-root user. --- Makefile.am | 4 +- debian/control | 2 +- debian/vyatta-cfg-system.postinst.in | 6 +- scripts/snmp/snmpd.init | 75 ++++++++++++++++++ scripts/snmp/vyatta-snmp.pl | 149 +++++++++++++++++++++++++++++++++++ scripts/snmpd.init | 75 ------------------ scripts/vyatta-snmp.pl | 149 ----------------------------------- templates/protocols/snmp/node.def | 6 +- 8 files changed, 234 insertions(+), 232 deletions(-) create mode 100644 scripts/snmp/snmpd.init create mode 100644 scripts/snmp/vyatta-snmp.pl delete mode 100644 scripts/snmpd.init delete mode 100644 scripts/vyatta-snmp.pl diff --git a/Makefile.am b/Makefile.am index 2cbb92d1..808ac3eb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,8 +14,8 @@ sbin_SCRIPTS += scripts/standalone_root_pw_reset sbin_SCRIPTS += scripts/system/vyatta_update_login_user.pl sbin_SCRIPTS += scripts/system/vyatta_update_logrotate.pl sbin_SCRIPTS += scripts/system/vyatta_update_syslog.pl -sbin_SCRIPTS += scripts/vyatta-snmp.pl -sbin_SCRIPTS += scripts/snmpd.init +sbin_SCRIPTS += scripts/snmp/vyatta-snmp.pl +sbin_SCRIPTS += scripts/snmp/snmpd.init sysconf_DATA += sysconf/hosts sysconf_DATA += sysconf/logrotate_messages diff --git a/debian/control b/debian/control index bc1f5ab0..9e08e100 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,7 @@ Depends: bash (>= 3.1), perl (>= 5.8.8), procps (>= 1:3.2.7-3), coreutils (>= 5.97-5.3), - vyatta-cfg, sysv-rc, ifrename, ntp, sysklogd, busybox, ssh, whois, sudo + vyatta-cfg, sysv-rc, ifrename, ntp, sysklogd, busybox, ssh, whois, sudo, snmpd Suggests: util-linux (>= 2.13-5), net-tools, ethtool, diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 0fbdfd76..7edb9960 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -7,7 +7,7 @@ bindir=@bindir@ sbindir=@sbindir@ # remove init of daemons that we start/stop -for init in ntp ssh; do +for init in ntp ssh snmpd; do update-rc.d -f ${init} remove >/dev/null done @@ -22,7 +22,8 @@ if [ "$sysconfdir" != "/etc" ]; then for conf in hosts motd.tail ntp.conf syslog.conf logrotate.d/messages \ default/ssh ssh/ssh_host_key quagga/daemons quagga/zebra.conf \ quagga/bgpd.conf quagga/ospfd.conf quagga/ospf6d.conf \ - quagga/ripd.conf quagga/ripngd.conf quagga/isisd.conf + quagga/ripd.conf quagga/ripngd.conf quagga/isisd.conf \ + snmp/snmpd.conf snmp/snmptrapd.conf do [ -f /etc/$conf ] && mv -f /etc/$conf /etc/$conf.vyatta-save touch /etc/$conf @@ -40,6 +41,7 @@ if [ "$sysconfdir" != "/etc" ]; then if ! grep -q '%quaggavty ALL=NOPASSWD: ALL' /etc/sudoers; then echo -e "\n%quaggavty ALL=NOPASSWD: ALL" >> /etc/sudoers fi + echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers # ssh v1. remove the empty key file rm /etc/ssh/ssh_host_key diff --git a/scripts/snmp/snmpd.init b/scripts/snmp/snmpd.init new file mode 100644 index 00000000..3e4ef17b --- /dev/null +++ b/scripts/snmp/snmpd.init @@ -0,0 +1,75 @@ +#! /bin/sh +# /etc/init.d/snmpd: start snmp daemon. + +test -x /usr/sbin/snmpd || exit 0 +test -x /usr/sbin/snmptrapd || exit 0 + +# Defaults +export MIBDIRS=/usr/share/snmp/mibs +SNMPDRUN=yes +SNMPDOPTS='-Lsd -Lf /dev/null -p /var/run/snmpd.pid' +TRAPDRUN=no +TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid' + +# Reads config file (will override defaults above) +[ -r /etc/default/snmpd ] && . /etc/default/snmpd + +# Cd to / before starting any daemons. +cd / + +case "$1" in + start) + echo -n "Starting network management services:" + if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf ]; then + start-stop-daemon --quiet --start --exec /usr/sbin/snmpd \ + -- -p /var/run/snmpd.pid + echo -n " snmpd" + fi + if [ "$TRAPDRUN" = "yes" -a -f /etc/snmp/snmptrapd.conf ]; then + start-stop-daemon --quiet --start --exec /usr/sbin/snmptrapd \ + -- $TRAPDOPTS + echo -n " snmptrapd" + fi + echo "." + ;; + stop) + echo -n "Stopping network management services:" + start-stop-daemon --quiet --stop --pidfile /var/run/snmpd.pid + echo -n " snmpd" + start-stop-daemon --quiet --stop --pidfile /var/run/snmptrapd.pid + echo -n " snmptrapd" + echo "." + ;; + restart) + echo -n "Restarting network management services:" + start-stop-daemon --quiet --stop --pidfile /var/run/snmpd.pid + start-stop-daemon --quiet --stop --pidfile /var/run/snmptrapd.pid + # Allow the daemons time to exit completely. + sleep 2 + if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf ]; then + start-stop-daemon --quiet --start --exec /usr/sbin/snmpd -- -p /var/run/snmpd.pid + echo -n " snmpd" + fi + if [ "$TRAPDRUN" = "yes" -a -f /etc/snmp/snmptrapd.conf ]; then + # Allow snmpd time to start up. + sleep 1 + start-stop-daemon --quiet --start --exec /usr/sbin/snmptrapd -- $TRAPDOPTS + echo -n " snmptrapd" + fi + echo "." + ;; + reload|force-reload) + echo -n "Reloading network management services:" + if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf ]; then + start-stop-daemon --quiet --stop --signal 1 \ + --pidfile /var/run/snmpd.pid --exec /usr/sbin/snmpd + echo -n " snmpd" + fi + echo "." + ;; + *) + echo "Usage: /etc/init.d/snmpd {start|stop|restart|reload|force-reload}" + exit 1 +esac + +exit 0 diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl new file mode 100644 index 00000000..511e1054 --- /dev/null +++ b/scripts/snmp/vyatta-snmp.pl @@ -0,0 +1,149 @@ +#!/usr/bin/perl +# +# Module: vyatta-snmp.pl +# +# **** License **** +# Version: VPL 1.0 +# +# The contents of this file are subject to the Vyatta Public License +# Version 1.0 ("License"); you may not use this file except in +# compliance with the License. You may obtain a copy of the License at +# http://www.vyatta.com/vpl +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Stig Thormodsrud +# Date: October 2007 +# Description: Script to glue vyatta cli to snmp daemon +# +# **** End License **** +# + +use lib "/opt/vyatta/share/perl5/"; +use VyattaConfig; +use VyattaMisc; +use Getopt::Long; + +use strict; +use warnings; + +my $mibdir = '/opt/vyatta/share/snmp/mibs'; +my $snmp_init = '/opt/vyatta/sbin/snmpd.init'; +my $snmp_conf = '/etc/snmp/snmpd.conf'; + + +sub snmp_init { + system("iptables -A INPUT -m rlsnmpstats"); + system("iptables -A OUTPUT -m rlsnmpstats"); +} + +sub snmp_restart { + system("$snmp_init restart"); +} + +sub snmp_stop { + system("$snmp_init stop"); +} + +sub snmp_get_constants { + my $output; + + my $date = `date`; + chomp $date; + $output = "#\n# autogenerated by vyatta-snmp.pl on $date\n#\n"; + $output .= "dlmod bgp4_mib_1657 $mibdir/libbgp4_mib_1657.so\n"; + $output .= "dlmod ospf_mib_1850 $mibdir/libospf_mib_1850.so\n"; + $output .= "trap2sink localhost vyatta 51510\n"; + + return $output; +} + +sub snmp_get_values { + my $output; + my $config = new VyattaConfig; + + $config->setLevel("protocols snmp community"); + my @communities = $config->listNodes(); + + foreach my $community (@communities) { + my $authorization = $config->returnValue("$community authorization"); + if (defined $authorization and $authorization eq "rw") { + $output .= "rwcommunity $community\n"; + } else { + $output .= "rocommunity $community\n"; + } + } + + $config->setLevel("protocols snmp"); + my $contact = $config->returnValue("contact"); + if (defined $contact) { + $output .= "syscontact \"$contact\" \n"; + } + my $description = $config->returnValue("description"); + if (defined $description) { + $output .= "sysdescr \"$description\" \n"; + } + my $location = $config->returnValue("location"); + if (defined $location) { + $output .= "syslocation \"$location\" \n"; + } + + my @trap_targets = $config->returnValues("trap-target"); + foreach my $trap_target (@trap_targets) { + $output .= "trapsink $trap_target\n"; + } + + return $output; +} + +sub snmp_write_file { + my ($config) = @_; + + open(my $fh, '>', $snmp_conf) || die "Couldn't open $snmp_conf - $!"; + print $fh $config; + close $fh; +} + + +# +# main +# +my $init_snmp; +my $update_snmp; +my $stop_snmp; + +GetOptions("init-snmp!" => \$init_snmp, + "update-snmp!" => \$update_snmp, + "stop-snmp!" => \$stop_snmp); + +if (defined $init_snmp) { + snmp_init(); +} + +if (defined $update_snmp) { + my $config; + + $config = snmp_get_constants(); + $config .= snmp_get_values(); + snmp_write_file($config); + snmp_restart(); +} + +if (defined $stop_snmp) { + snmp_stop(); +} + +exit 0; + +# end of file + + + + diff --git a/scripts/snmpd.init b/scripts/snmpd.init deleted file mode 100644 index 3e4ef17b..00000000 --- a/scripts/snmpd.init +++ /dev/null @@ -1,75 +0,0 @@ -#! /bin/sh -# /etc/init.d/snmpd: start snmp daemon. - -test -x /usr/sbin/snmpd || exit 0 -test -x /usr/sbin/snmptrapd || exit 0 - -# Defaults -export MIBDIRS=/usr/share/snmp/mibs -SNMPDRUN=yes -SNMPDOPTS='-Lsd -Lf /dev/null -p /var/run/snmpd.pid' -TRAPDRUN=no -TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid' - -# Reads config file (will override defaults above) -[ -r /etc/default/snmpd ] && . /etc/default/snmpd - -# Cd to / before starting any daemons. -cd / - -case "$1" in - start) - echo -n "Starting network management services:" - if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf ]; then - start-stop-daemon --quiet --start --exec /usr/sbin/snmpd \ - -- -p /var/run/snmpd.pid - echo -n " snmpd" - fi - if [ "$TRAPDRUN" = "yes" -a -f /etc/snmp/snmptrapd.conf ]; then - start-stop-daemon --quiet --start --exec /usr/sbin/snmptrapd \ - -- $TRAPDOPTS - echo -n " snmptrapd" - fi - echo "." - ;; - stop) - echo -n "Stopping network management services:" - start-stop-daemon --quiet --stop --pidfile /var/run/snmpd.pid - echo -n " snmpd" - start-stop-daemon --quiet --stop --pidfile /var/run/snmptrapd.pid - echo -n " snmptrapd" - echo "." - ;; - restart) - echo -n "Restarting network management services:" - start-stop-daemon --quiet --stop --pidfile /var/run/snmpd.pid - start-stop-daemon --quiet --stop --pidfile /var/run/snmptrapd.pid - # Allow the daemons time to exit completely. - sleep 2 - if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf ]; then - start-stop-daemon --quiet --start --exec /usr/sbin/snmpd -- -p /var/run/snmpd.pid - echo -n " snmpd" - fi - if [ "$TRAPDRUN" = "yes" -a -f /etc/snmp/snmptrapd.conf ]; then - # Allow snmpd time to start up. - sleep 1 - start-stop-daemon --quiet --start --exec /usr/sbin/snmptrapd -- $TRAPDOPTS - echo -n " snmptrapd" - fi - echo "." - ;; - reload|force-reload) - echo -n "Reloading network management services:" - if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf ]; then - start-stop-daemon --quiet --stop --signal 1 \ - --pidfile /var/run/snmpd.pid --exec /usr/sbin/snmpd - echo -n " snmpd" - fi - echo "." - ;; - *) - echo "Usage: /etc/init.d/snmpd {start|stop|restart|reload|force-reload}" - exit 1 -esac - -exit 0 diff --git a/scripts/vyatta-snmp.pl b/scripts/vyatta-snmp.pl deleted file mode 100644 index 511e1054..00000000 --- a/scripts/vyatta-snmp.pl +++ /dev/null @@ -1,149 +0,0 @@ -#!/usr/bin/perl -# -# Module: vyatta-snmp.pl -# -# **** License **** -# Version: VPL 1.0 -# -# The contents of this file are subject to the Vyatta Public License -# Version 1.0 ("License"); you may not use this file except in -# compliance with the License. You may obtain a copy of the License at -# http://www.vyatta.com/vpl -# -# Software distributed under the License is distributed on an "AS IS" -# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -# the License for the specific language governing rights and limitations -# under the License. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. -# All Rights Reserved. -# -# Author: Stig Thormodsrud -# Date: October 2007 -# Description: Script to glue vyatta cli to snmp daemon -# -# **** End License **** -# - -use lib "/opt/vyatta/share/perl5/"; -use VyattaConfig; -use VyattaMisc; -use Getopt::Long; - -use strict; -use warnings; - -my $mibdir = '/opt/vyatta/share/snmp/mibs'; -my $snmp_init = '/opt/vyatta/sbin/snmpd.init'; -my $snmp_conf = '/etc/snmp/snmpd.conf'; - - -sub snmp_init { - system("iptables -A INPUT -m rlsnmpstats"); - system("iptables -A OUTPUT -m rlsnmpstats"); -} - -sub snmp_restart { - system("$snmp_init restart"); -} - -sub snmp_stop { - system("$snmp_init stop"); -} - -sub snmp_get_constants { - my $output; - - my $date = `date`; - chomp $date; - $output = "#\n# autogenerated by vyatta-snmp.pl on $date\n#\n"; - $output .= "dlmod bgp4_mib_1657 $mibdir/libbgp4_mib_1657.so\n"; - $output .= "dlmod ospf_mib_1850 $mibdir/libospf_mib_1850.so\n"; - $output .= "trap2sink localhost vyatta 51510\n"; - - return $output; -} - -sub snmp_get_values { - my $output; - my $config = new VyattaConfig; - - $config->setLevel("protocols snmp community"); - my @communities = $config->listNodes(); - - foreach my $community (@communities) { - my $authorization = $config->returnValue("$community authorization"); - if (defined $authorization and $authorization eq "rw") { - $output .= "rwcommunity $community\n"; - } else { - $output .= "rocommunity $community\n"; - } - } - - $config->setLevel("protocols snmp"); - my $contact = $config->returnValue("contact"); - if (defined $contact) { - $output .= "syscontact \"$contact\" \n"; - } - my $description = $config->returnValue("description"); - if (defined $description) { - $output .= "sysdescr \"$description\" \n"; - } - my $location = $config->returnValue("location"); - if (defined $location) { - $output .= "syslocation \"$location\" \n"; - } - - my @trap_targets = $config->returnValues("trap-target"); - foreach my $trap_target (@trap_targets) { - $output .= "trapsink $trap_target\n"; - } - - return $output; -} - -sub snmp_write_file { - my ($config) = @_; - - open(my $fh, '>', $snmp_conf) || die "Couldn't open $snmp_conf - $!"; - print $fh $config; - close $fh; -} - - -# -# main -# -my $init_snmp; -my $update_snmp; -my $stop_snmp; - -GetOptions("init-snmp!" => \$init_snmp, - "update-snmp!" => \$update_snmp, - "stop-snmp!" => \$stop_snmp); - -if (defined $init_snmp) { - snmp_init(); -} - -if (defined $update_snmp) { - my $config; - - $config = snmp_get_constants(); - $config .= snmp_get_values(); - snmp_write_file($config); - snmp_restart(); -} - -if (defined $stop_snmp) { - snmp_stop(); -} - -exit 0; - -# end of file - - - - diff --git a/templates/protocols/snmp/node.def b/templates/protocols/snmp/node.def index 269b64ed..4c35e2b0 100644 --- a/templates/protocols/snmp/node.def +++ b/templates/protocols/snmp/node.def @@ -2,8 +2,8 @@ help: "Configure SNMP" create: "/opt/vyatta/sbin/vyatta-snmp.pl --init-snmp" delete: "touch /tmp/snmp.\\$PPID" end: "if [ -f \"/tmp/snmp.\\$PPID\" ]; then \ - /opt/vyatta/sbin/vyatta-snmp.pl --stop-snmp \ - rm -rf /tmp/snmp.\\$PPID; \ + sudo /opt/vyatta/sbin/vyatta-snmp.pl --stop-snmp \ + rm /tmp/snmp.\\$PPID; \ else \ - /opt/vyatta/sbin/vyatta-snmp.pl --update-snmp; \ + sudo /opt/vyatta/sbin/vyatta-snmp.pl --update-snmp; \ fi; " -- cgit v1.2.3