DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 15th September 2011
badguy badguy is offline
Fdisk Soldier
 
Join Date: Jul 2009
Location: MD, USA
Posts: 59
Thanked 0 Times in 0 Posts
Default SNMP config file test

So im trying to set up smnp on my openbsd box but i cant even get past the config file setup because i feel like i am not doing it right. here is what i have on my /etc/snmpd.conf


Code:
# $OpenBSD: snmpd.conf,v 1.2 2008/01/30 10:21:05 reyk Exp $

listen_addr="127.0.0.1"

# Restrict daemon to listen on localhost only
listen on $listen_addr
rwcommunity public

# Specify a number of trap receivers
#trap receiver nms.localdomain.local

# Adjust the local system information
system contact " Root (root@lab.com)"
system description " Realm "
system location " Lab "
system services 74

# Provide static user-defined SNMP OIDs
oid 1.3.6.1.4.1.30155.42.3.1 name testStringValue read-only string "Test"
oid 1.3.6.1.4.1.30155.42.3.4 name testIntValue read-write integer 1
Code:
root ~ # snmpd -n            
/etc/snmpd.conf:8: syntax error
I try starting snmpd and it starts but show this in the log. lsof also show open snmp stuff

Code:
tail /var/log/snmpd
Warning: no access control information configured.
  (Config search path: /etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/root/.snmp)
  It's unlikely this agent can serve any useful purpose in this state.
  Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file for this agent.

I tried using the "snmpconf -g basic_setup"
and generated this randomly to test

Code:
############################
# SECTION: Access Control Setup
#   This section defines who is allowed to talk to your running snmp agent.

# rwuser: a SNMPv3 read-write user
#   arguments:  user [noauth|auth|priv] [restriction_oid]

rwuser  slim  

# rouser: a SNMPv3 read-only user
#   arguments:  user [noauth|auth|priv] [restriction_oid]

rouser  slim1  

# rocommunity: a SNMPv1/SNMPv2c read-only access community name
#   arguments:  community [default|hostname|network/bits] [oid]

rocommunity  slim3  

# rwcommunity: a SNMPv1/SNMPv2c read-write access community name
#   arguments:  community [default|hostname|network/bits] [oid]

rwcommunity  slim2
and the test shows

Quote:
root /etc/snmp # snmpd -nf /etc/snmp/snmpd.conf
/etc/snmp/snmpd.conf:16: syntax error
/etc/snmp/snmpd.conf:21: syntax error
/etc/snmp/snmpd.conf:26: syntax error
/etc/snmp/snmpd.conf:31: syntax error
I can start snmp and snmp logs show UDP connection. netstart shows port 161 open. So i am wondering if this config file test is just a waste of time.

Im wondering if there is any one very proficient with snmp that can confirm the correct way to set up the snmpd.conf and can also tell me how to verify that snmpd is correctly working. Thanks in adv

Last edited by badguy; 20th September 2011 at 04:47 AM.
Reply With Quote
  #2   (View Single Post)  
Old 19th September 2011
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

replace your community strings, for now, with this-

read-only community public


This will ensure-

- that your host cannot be configured remotely via SNMP (you are trying to specify that it's read-write capable, so it can receive commands via SNMP.)

- that most common applications being used with their "out-of-box" configurations against this host's SNMP service will make contact with it (because the community string is "public" (without the quotes))

Now this should only be used for testing, to see if you can get past this section. When you are confident that's working, change the community string to something other than "public". The reason is that "public" is considered the default string in the industry, and that's what bad people will attempt when surveilling your system.

Also, unless you have a really specific need for SNMP write capabilities, I would never use it.

Good luck.
__________________
Network Firefighter
Reply With Quote
  #3   (View Single Post)  
Old 20th September 2011
badguy badguy is offline
Fdisk Soldier
 
Join Date: Jul 2009
Location: MD, USA
Posts: 59
Thanked 0 Times in 0 Posts
Default

ok thanks so that works. Is it that rocommunity & rouser do not work with openbsd?
Reply With Quote
  #4   (View Single Post)  
Old 20th September 2011
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

It's just the wrong syntax. Use the right syntax, that's all. Otherwise it has those capabilities. Different applications that refer to the same need will often not have the same syntax to accomplish equivalent tasks. This is no different.

There are many wonderful qualities to OpenBSD. Relative to this topic is the notion that configuration files for applications that are OpenBSD-native (so-to-speak) should have similar syntax rules for ease of management. So OpenBGPd and OpenOPSFd and relayd (and others) will have the same syntax style in their respective configuration files as is used in pf (in /etc/pf.conf). You will often hear, when describing applications of this type, references to a "pf-style configuration file". It's not on accident.
__________________
Network Firefighter
Reply With Quote
  #5   (View Single Post)  
Old 22nd September 2011
badguy badguy is offline
Fdisk Soldier
 
Join Date: Jul 2009
Location: MD, USA
Posts: 59
Thanked 0 Times in 0 Posts
Default

So openbsd comes by default with snmpd and it looks like this is different from Net-Snmp

they have two diff man pages

Code:
net-snmp
 -n NAME Set an alternative application name (which will affect the con-
               figuration files loaded).   By  default  this  will  be  snmpd,
               regardless of the name of the actual binary.
&

default snmp
 -n      Configtest mode.  Only check the configuration file for validity.
so i was using config file for net-snmp and I was using -n from the default openbsd snmp to test the config file.

I was going nuts because I generated the config file with snmpconf and wasnt expecting to get errors.

Looking at both snmpd.confs they also have different rules

Code:
default snmp
read-only community string
             Specify the name of the read-only community.  The default value
             is public.
&

net-snmp
rouser [-s SECMODEL] USER [noauth|auth|priv [OID | -V VIEW [CONTEXT]]]
and all this hypotesis might be wrong but i guess the best thing would be to just get rid of 1 to avoid the conflicts. Quick question.. if i delete all the files that come with a default install using

find / -name 'snmp*'

Is this the correct way to get rid of a package that comes with the openbsd os by default or what is the recommended way?
Reply With Quote
  #6   (View Single Post)  
Old 22nd September 2011
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

pkg_delete net-snmp
__________________
Network Firefighter
Reply With Quote
  #7   (View Single Post)  
Old 22nd September 2011
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

Don't go manually rm'ing files or you're going to remove the wrong ones at some point. Also, net-snmp and OBSD's native snmpd can live on the same host in harmony, as they do on my Cacti installations. You will find that snmpd only supports a limited amount of MIBs in the first place, and so if you want more exotic SNMP-based monitoring (things like disk i/o) then you're going to need/want net-snmp anyway. You -can- do it via snmpd itself, but imho it wouldn't be worth the time to figure it out.
__________________
Network Firefighter
Reply With Quote
  #8   (View Single Post)  
Old 22nd September 2011
badguy badguy is offline
Fdisk Soldier
 
Join Date: Jul 2009
Location: MD, USA
Posts: 59
Thanked 0 Times in 0 Posts
Default

Ok i guess i ll leave it then but just so i know, if i wanted to uninstall a native app that comes with the base install how would you do that? pkg_delete only removes what is listed under pkg_info and the native snmpd is not listed there
Reply With Quote
  #9   (View Single Post)  
Old 22nd September 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,612
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by badguy View Post
Ok i guess i ll leave it then but just so i know, if i wanted to uninstall a native app that comes with the base install how would you do that? pkg_delete only removes what is listed under pkg_info and the native snmpd is not listed there
You own and manage your own OS; you can do whatever you want with it. You can remove and replace binaries, libraries, man pages, scripts, tools. The choice is yours.

But it is never a good practice to remove a userland component.
  1. Excepting MTAs - which are a special case - a 3rd party package that is a different version of a userland component will always use different names for its executable programs. This is on purpose, to avoid confusing 3rd party tools with native tools.
  2. If you remove/replace a userland component as you wish to do, you will have built what the developers call a "Frankensystem." You're on your own for support.
If you insist on using the same name, consider setting aliases in your shell.

-- Edited to add --

The special case is is managed by mailwrapper(8) and mailer.conf(5).

Last edited by jggimi; 22nd September 2011 at 02:22 PM.
Reply With Quote
Old 23rd September 2011
badguy badguy is offline
Fdisk Soldier
 
Join Date: Jul 2009
Location: MD, USA
Posts: 59
Thanked 0 Times in 0 Posts
Default

Quote:
If you remove/replace a userland component as you wish to do, you will have built what the developers call a "Frankensystem." You're on your own for support.
I dont mind, i just want to know how to do it, and if at all there is a standard way to do it. (i.e. remove a program that comes installed with the base OS)
Reply With Quote
Old 23rd September 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,612
Thanked 214 Times in 189 Posts
Default

# rm /path/to/executable should work, as would mv(1). The which(1) program may be helpful.
Reply With Quote
Old 23rd September 2011
badguy badguy is offline
Fdisk Soldier
 
Join Date: Jul 2009
Location: MD, USA
Posts: 59
Thanked 0 Times in 0 Posts
Default

thanks ai-danno & jggimi. we need a thanks button beside the quote & reply button
Reply With Quote
Old 23rd September 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,612
Thanked 214 Times in 189 Posts
Default

You're welcome.... however I'm still concerned, as you want to turn a portion of your OS into something which is no longer OpenBSD. You may have already done so.

As I see it, you asked me, "Is there a standard I should follow when breaking an important technical and cultural rule?"

Oxymorons aside ... why didn't you pursue a shell alias?
Reply With Quote
Old 23rd September 2011
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

You're welcome badguy. I have a question as well... do you need abilities in net-snmp that OBSD's snmpd doesn't provide?

Currently, the only thing I can tell that's truly "missing" from a pragmatic point-of-view is the ability to include additional mibs (and I'm not even sure that can't be done somehow, it just seems that way). The mibs included, however, are pretty inclusive of most operational parameters of the running system.

Do you have special needs for net-snmp? Do you have another application that calls it, perhaps?

Remember, you can have the two live on the same system, and just not use snmpd. It would be honestly better to leave that binary (which is quite small I think) than to delete it.
__________________
Network Firefighter
Reply With Quote
Old 23rd September 2011
badguy badguy is offline
Fdisk Soldier
 
Join Date: Jul 2009
Location: MD, USA
Posts: 59
Thanked 0 Times in 0 Posts
Default

Actually I did not nuke it. I just asked so I know how it is done (in case in future I run into a similar problem.) I have both snmp and net-snmp up and running. I guess my previous problem was that I had them misconfigured (i.e. setting up net-snmp and pointing default-snmp to net-snmp's conf file)

I modified my rc.local and that takes care of things for now

Quote:
if [ -x /usr/local/sbin/snmpd ]; then
echo -n ' snmpd'; /usr/local/sbin/snmpd
fi
I didnt have to even specify the conf file location where snmpd points to in rc.local bcos when creating the conf file I used "-i" so it know where to find the conf file an not point to the wrong one

Quote:
-i When finished, install the files into the location where the
global system commands expect to find them.
tail -f /var/log/snmpd shows no errors. It shows successful UDP connections. Dont know much bout snmp but im pretty sure its working. i will stick with the rule "it works dont f*** with it"

will mess with it later if i get bored
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SNMP issue wirasto OpenBSD General 0 27th April 2011 03:31 AM
Enable SNMP? dzudja100 FreeBSD Ports and Packages 1 20th May 2010 05:52 PM
problems with installing net-snmp dejabu18 FreeBSD Ports and Packages 9 17th May 2008 07:17 PM


All times are GMT. The time now is 12:05 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick