The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

snmpvacm (1)
  • >> snmpvacm (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  • snmpvacm (1) ( Разные man: Команды и прикладные программы пользовательского уровня )
  •  

    NAME

    snmpvacm - perform maintenance on an SNMP agent's View-based Access Control Module (VACM) table
     
    

    SYNOPSIS

    /usr/sfw/bin/snmpvacm [common options] [subcommand options] AGENT subcommand subcommand-args  

    DESCRIPTION

    snmpvacm is a SNMP application that can be used to do maintenance on an SNMP agent's View-based Access Control Module (VACM) table. The VACM table defines a set of services that can be used for checking access rights, that is, checking whether a specific type of access to a specific managed object is allowed. snmpvacm supports three types of entries--group, view, and access. The agent maintains these entries in memory and stores VACM groups, views, and access entries in the persistent configuration file upon agent shutdown.  

    Subcommands

    This section describes the snmpvacm subcommands.

    createSec2Group

    Creates SNMPv3 security to group name entries. A group name is used to define an access control policy for a group of principals.

    Creates SNMPv3 security to group name entries. A group name is used to define an access control policy for a group of principals.

    
    snmpvacm [common options] createSec2Group MODEL SECURITYNAME GROUPNAME
    

    MODEL

    An integer greater then zero representing a SNMPv3 security model, such as USM. The reserved values are as follows:

    1

    reserved for SNMPv1

    2

    reserved for SNMPv2c

    3

    User-Based Security Model (USM)

    SECURITYNAME

    A string representing a security name for the principal, represented in a security-model-independent format, which is mapped from this entry to a GROUPNAME.

    GROUPNAME

    A string that identifies the group to which this table entry (the combination of securityModel and securityName) belongs.

    deleteSec2Group

    Deletes SNMPv3 security to group name entries. The group entry to be deleted is indexed by the specified MODEL and SECURITYNAME.

    
    snmpvacm [common options] deleteSec2Group MODEL SECURITYNAME
    

    MODEL

    An integer greater then zero representing a SNMPv3 security model, such as USM. The reserved values are as follows:

    1

    reserved for SNMPv1

    2

    reserved for SNMPv2c

    3

    User-Based Security Model (USM)

    SECURITYNAME

    A string representing a security name for the principal, represented in a security-model-independent format, which is mapped from this entry to a GROUPNAME.

    createView

    Creates a MIB view. A MIB view is a family of view subtrees, which are pairings of OID subtree values with bit string mask values.

    Each MIB view is defined by two sets of view subtrees, included in or excluded from the MIB view.

    
    snmpvacm [common options] [-Ce] createView NAME SUBTREE MASK
    

    -Ce

    An optional flag used when the MIB view type needs to be "excluded" from the MIB view. If not used, the type is defaulted to "included".

    NAME

    The OID subtree which when combined with the corresponding instance of MASK defines a family of view subtrees.

    SUBTREE

    The OID subtree which when combined with the corresponding instance of MASK defines a family of view subtrees.

    MASK

    The bit mask, a hex string, which, in combination with the corresponding instance SUBTREE, defines a family of view subtrees.

    The mask indicates which sub-identifiers of the associated subtree OID are significant to a particular MIB view instance.

    deleteView

    Deletes a MIB view. A MIB view is a family of view subtrees. A view subtree is a pairing of an OID subtree value with a bit string mask value.

    
    snmpvacm [common options] deleteView NAME SUBTREE
    

    NAME

    A string representing a MIB view name that is associated to a subtree/mask pairing.

    SUBTREE

    The OID subtree which, when combined with the corresponding instance of MASK, defines a family of view subtrees.

    createAccess

    Creates SNMPv3 access configuration entries. These entries are used to store the access rights defined for the groups. Each entry is indexed by a group name, a context prefix, a security model, and a security level. A group and view needs to be defined in order to make use of the access check.

    
    snmpvacm [common options] createAccess GROUPNAME
    [CONTEXTPREFIX] SECURITYMODEL SECURITYLEVEL
    CONTEXTMATCH READVIEWNAME WRITEVIEWNAME
    NOTIFYVIEWNAME
    

    GROUPNAME

    The name of the group to which this access right applies.

    CONTEXTPREFIX

    A string representing a contextName must match the value of the instance of this object exactly when CONTEXTMATCH is set to "exact" or partially when CONTEXTMATCH is set to "prefix".

    If not specified, the value reverts to the default, an empty string, "".

    SECURITYMODEL

    An integer representing the securityModel that must be used in order to gain access to this access right.

    SECURITYLEVEL

    An integer representing the minimum security level that must be used to gain access to this access right. A security level of noAuthNoPriv is less than authNoPriv and authNoPriv is less than authPriv.

    Integer values supported:

    1

    noAuthNoPriv

    2

    authNoPriv

    3

    authPriv

    CONTEXTMATCH

    An integer whose value determines the type of match required. When set to "exact", the context name must exactly match the value in CONTEXTPREFIX. If set to "prefix", the context name must match the first few starting characters of the value in CONTEXTPREFIX.

    Integer values supported:

    1

    exact

    2

    prefix

    READVIEWNAME

    The authorized MIB view name used for read access. If the value is an empty string, then there is no active view configured for read access.

    WRITEVIEWNAME

    The authorized MIB view name used for write access. If the value is an empty string, then there is no active view configured for write access.

    NOTIFYVIEWNAME

    The authorized MIB view name used for notify access. If the value is an empty string, then there is no active view configured for notify access.

    deleteAccess

    Deletes SNMPv3 access configuration entries, given a group name, context prefix, security model, and security level.

    
    snmpvacm [common options] deleteAccess GROUPNAME
    [CONTEXTPREFIX] SECURITYMODEL SECURITYLEVEL
    

    GROUPNAME

    The name of the group to which this access right applies.

    CONTEXTPREFIX

    A string representing a contextName must match the value of the instance of this object exactly when CONTEXTMATCH is set to "exact" or partially when CONTEXTMATCH is set to "prefix".

    SECURITYMODEL

    An integer representing the securityModel that must be used to gain access to this access right.

    SECURITYLEVEL

    An integer representing the minimum security level that must be used to gain access to this access right. A security level of noAuthNoPriv is less than authNoPriv and authNoPriv is less than authPriv.

    The following integer values are supported:

    1

    noAuthNoPriv

    2

    authNoPriv

    3

    authPriv

     

    EXAMPLES

    For the following examples, the user is my_user and the password is my_password. Use net-snmp-config to create the first user (my_user). Then clone my_user to configure another SNMPv3 user, my_user_2. See snmpusm(1M).

    Example 1: Creating a VACM Group Entry

    Create a VACM group entry, as follows:

    snmpvacm -v 3 -u my_user -l authPriv -a MD5 -A
            my_password -x DES -X my_password localhost createSec2Group
            3 my_user_2 my_group
    

    Run snmpwalk(1M) to verify the group name was created:

    snmpwalk -v 3 -u my_user -l authPriv -a MD5 -A
            my_password -x DES -X my_password localhost
            SNMP-VIEW-BASED-ACM-MIB::vacmGroupName
    

    In addition to other configured VACM group entries, you will note an entry such as the following:

    SNMP-VIEW-BASED-ACM-MIB::vacmGroupName.3."my_user_2" = STRING: my_group
    

    Example 2: Creating a MIB View Entry

    The command below creates a MIB view entry applicable only to the system group MIB.

    snmpvacm -v 3 -u my_user -l authPriv -a MD5 -A
            my_password -x DES -X my_password localhost createView
            my_view .1.3.6.1.2.1.1 FF
    

    Run snmpwalk(1M) to verify the my_view MIB view was created:

    snmpwalk -v 3 -u my_user -l authPriv -a MD5 -A
            my_password -x DES -X my_password localhost
            SNMP-VIEW-BASED-ACM-MIB::vacmViewTreeFamilyTable
    

    In snmpwalk output, observe the lines, such as those below, related to the my_view MIB view.

    SNMP-VIEW-BASED-ACM-MIB::vacmViewTreeFamilyMask."my_view".2.1.3.6.1.2.1.1\
    = Hex-STRING: FF 
    SNMP-VIEW-BASED-ACM-MIB::vacmViewTreeFamilyType."my_view".2.1.3.6.1.2.1.1\
    = INTEGER: included(1)
    SNMP-VIEW-BASED-ACM-MIB::vacmViewTreeFamilyStorageType.\
    "my_view".2.1.3.6.1.2.1.1 = INTEGER: nonVolatile(3)
    SNMP-VIEW-BASED-ACM-MIB::vacmViewTreeFamilyStatus.\
    "my_view".2.1.3.6.1.2.1.1 = INTEGER: active(1)
    

    Example 3: Creating an Access Entry

    The command below creates an access entry using the following components:

    * the "my_group" entry created above

    * an empty prefix string ("")

    * the USM security model (3)

    * the security level (3)

    * the context match (1)

    * the read view name ("my_view")

    * the write view name ("")

    * the notify view name ("")

    snmpvacm -v 3 -u my_user -l authPriv -a MD5 -A
            my_password -x DES -X my_password localhost createAccess
            my_group "" 3 3 1 my_view "" ""
    

    Run snmpwalk(1M) to verify the access entry was created:

    snmpwalk -v 3 -u my_user -l authPriv -a MD5 -A
            my_password -x DES -X my_password localhost
            SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable
    
    SNMP-VIEW-BASED-ACM-MIB::vacmAccessContextMatch."my_group"."".3.authPriv\
    = INTEGER: exact(1)
    SNMP-VIEW-BASED-ACM-MIB::vacmAccessReadViewName."my_group"."".3.authPriv\
    = STRING: my_view
    SNMP-VIEW-BASED-ACM-MIB::vacmAccessWriteViewName."my_group"."".3.authPriv\
    = STRING:
    SNMP-VIEW-BASED-ACM-MIB::vacmAccessNotifyViewName."my_group"."".3.authPriv\
    = STRING:
    SNMP-VIEW-BASED-ACM-MIB::vacmAccessStorageType."my_group"."".3.authPriv\
    = INTEGER: nonVolatile(3)
    SNMP-VIEW-BASED-ACM-MIB::vacmAccessStatus."my_group"."".3.authPriv\
    = INTEGER: active(1)
    

    Example 4: Testing the Configuration

    Test the preceding setup by verifying the access setup. You do this by accessing an object in the system group and another object outside this range. Note the use of the user name my_user_2.

    snmpget -mALL -v 3 -u my_user_2 -l authPriv -a MD5
            -A my_password -x DES -X my_password localhost sysObjectID.0
    

    At this point, when you to access an object outside the access range, the attempt fails with an appropriate error:

    snmpgetnext -mALL -v 3 -u my_user_2 -l authPriv -a MD5
            -A my_password -x DES -X my_password localhost ifTable
    
        RFC1213-MIB::ifTable = No more variables left in this MIB View (It is
            past the end of the MIB tree)
    
     

    EXIT STATUS

    0

    Successful completion.

    1

    A usage syntax error. A usage message displays. Also used for time out errors.

    2

    An error occurred while executing the command. An error message displays.

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE
    AvailabilitySUNWsmcmd
    Interface StabilityStable

     

    SEE ALSO

    snmpusm(1M), snmpwalk(1M), snmpd.conf(4), attributes(5)

    RFC 3415


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    Subcommands
    EXAMPLES
    EXIT STATUS
    ATTRIBUTES
    SEE ALSO


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру