download

Chapter 14Now bsnmpd(1) is running with the default configuration (which is not always secure)and it is highly recommended that you customize the configuration for your needs.The configuration file is located at /etc/snmpd.config. You need to change a fewbasic things, such as location and contact fields, and most importantly, the readand write to community strings.In SNMP, the community strings are almost equal to passwords. Anyonewho knows your community string can poll status information from yourSNMP server, or even change the variables over the network.Following is a sample of secured snmpd.config file:location := "Datacenter"contact := "sysadmin@example.com"system := 1 # FreeBSDtraphost := localhosttrapport := 162read := "p^49Gb*z0n$0"write := "wMt54%z@0Rcj3"The sample configuration file also contains a modules section in which it loadsappropriate modules, if necessary. One module that is loaded by default is SNMPMIB II module that contains basic information about the host. There are also a fewother modules available such as Netgraph Module, PF Module, and Bridge Module.For more information about the other modules, please see documents and MIBsunder the /usr/share/snmp directory.NET-SNMPNET-SNMP is a complete suite of open-source SNMP tools, including client andserver components, and supports the SNMP v1, v2c, and v3 protocols. NET-SNMP isvery popular, and has many modules that can be used to extend its functionality.Unlike bsnmpd(1), the NET-SNMP is a fully loaded SNMP toolkit that containsmany MIBs and supports many protocol extensions, and also includes a handful ofclient and test tools. NET-SNMP is the right choice for a complex SNMP scenario.NET-SNMP is available in ports tree under the /usr/ports/net-mgmt/net-snmpdirectory. After installing the port, you can enable the NET-SNMP in the /etc/rc.conf file using appropriate configuration variable:snmpd_enable="YES"[ 249 ]