ajout tp doku

sio2/CYBER/Nagios/command.cfg

@@ -0,0 +1,303 @@
+###############################################################################
+# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
+#
+#
+# NOTES: This config file provides you with some example command definitions
+#        that you can reference in host, service, and contact definitions.
+#
+#        You don't need to keep commands in a separate file from your other
+#        object definitions.  This has been done just to make things easier to
+#        understand.
+#
+###############################################################################
+
+
+
+################################################################################
+#
+# SAMPLE NOTIFICATION COMMANDS
+#
+# These are some example notification commands.  They may or may not work on
+# your system without modification.  As an example, some systems will require
+# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
+#
+################################################################################
+
+define command {
+
+    command_name    notify-host-by-email
+    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
+}
+
+
+
+define command {
+
+    command_name    notify-service-by-email
+    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
+}
+
+
+
+################################################################################
+#
+# SAMPLE HOST CHECK COMMANDS
+#
+################################################################################
+
+# Removed in Debian because it conflicts with the command of the same name
+# defined in ping.cfg, which is part of monitoring-plugins-basic.
+#
+## This command checks to see if a host is "alive" by pinging it
+## The check must result in a 100% packet loss or 5 second (5000ms) round trip
+## average time to produce a critical error.
+## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
+#
+#define command {
+#
+#    command_name    check-host-alive
+#    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
+#}
+
+
+
+################################################################################
+#
+# SAMPLE SERVICE CHECK COMMANDS
+#
+# These are some example service check commands.  They may or may not work on
+# your system, as they must be modified for your plugins.  See the HTML
+# documentation on the plugins for examples of how to configure command definitions.
+#
+# NOTE:  The following 'check_local_...' functions are designed to monitor
+#        various metrics on the host that Nagios is running on (i.e. this one).
+################################################################################
+
+define command {
+
+    command_name    check_local_disk
+    command_line    $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+}
+
+
+
+define command {
+
+    command_name    check_local_load
+    command_line    $USER1$/check_load -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_procs
+    command_line    $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+}
+
+
+
+define command {
+
+    command_name    check_local_users
+    command_line    $USER1$/check_users -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_swap
+    command_line    $USER1$/check_swap -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_mrtgtraf
+    command_line    $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
+}
+
+
+
+################################################################################
+# NOTE:  The following 'check_...' commands are used to monitor services on
+#        both local and remote hosts.
+################################################################################
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ftp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ftp
+#    command_line    $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
+#
+#define command {
+#
+#    command_name    check_hpjd
+#    command_line    $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+define command {
+
+    command_name    check_snmp
+    command_line    $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
+}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in http.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_http
+#    command_line    $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ssh.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ssh
+#    command_line    $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_dhcp
+#    command_line    $USER1$/check_dhcp $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ping.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ping
+#    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_pop
+#    command_line    $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_imap
+#    command_line    $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_smtp
+#    command_line    $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_tcp
+#    command_line    $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_udp
+#    command_line    $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in nt.cfg, which is part of monitoring-plugins-standard.
+#
+#define command {
+#
+#    command_name    check_nt
+#    command_line    $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
+#}
+
+
+
+################################################################################
+#
+# SAMPLE PERFORMANCE DATA COMMANDS
+#
+# These are sample performance data commands that can be used to send performance
+# data output to two text files (one for hosts, another for services).  If you
+# plan on simply writing performance data out to a file, consider using the
+# host_perfdata_file and service_perfdata_file options in the main config file.
+#
+################################################################################
+
+define command {
+
+    command_name    process-host-perfdata
+    command_line    /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
+}
+
+
+
+define command {
+
+    command_name    process-service-perfdata
+    command_line    /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
+}
+
+define command {
+	command_name check_lin_load
+	command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
+}
+
+define command {
+	command_name check_lin_mem
+	command_line $USER1$/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
+}
+

sio2/CYBER/Wireguard/wg0-a.conf

@@ -0,0 +1,15 @@
+# local settings for Endpoint A
+[Interface]
+PrivateKey = aLihTWpe3bt3XwNPGOVS0mB9vfr4JqeZPyzhlgQ052k=
+Address = 10.0.0.1/32
+ListenPort = 51820
+
+# IP forwarding
+PreUp = sysctl -w net.ipv4.ip_forward=1
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = 8bEwgf4jUaIvZslBNwQSP3sNrJPZg1YDiFqyMCvJszo=
+Endpoint = 192.168.3.2:51820
+AllowedIPs = 10.0.0.2/32, 192.168.2.0/24
+

sio2/CYBER/postfix/main.cf

@@ -0,0 +1,58 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
+# fresh installs.
+compatibility_level = 3.6
+
+
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_security_level=may
+
+smtp_tls_CApath=/etc/ssl/certs
+smtp_tls_security_level=may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = bookworm
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = $myhostname, postfix.lan, bookworm, localhost.localdomain, localhost
+relayhost = [smtp.gmail.com]:587
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = all
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+# Disallow methods that allow anonymous authentication
+smtp_sasl_security_options = noanonymous
+# Location of sasl_passwd
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+# Enable STARTTLS encryption
+#smtp_tls_security_level = encrypt
+# Location of CA certificates
+smtp_tls_CAfile = /etc/postfix/ssl/cacert-smtp-gmail.pem

sio2/CYBER/postfix/sasl_passwd

@@ -0,0 +1 @@
+[smtp.gmail.com]:587    akone.alhassane@gmail.com:clnbmfdicvcbvcvt

sio2/CYBER/wg0-b.conf

@@ -0,0 +1,15 @@
+# local settings for Endpoint B
+[Interface]
+PrivateKey = eLqg4jQCId97MOdcP5k0FIlxnaMBArlPPEaTVmRPWFk=
+Address = 10.0.0.2/32
+ListenPort = 51820
+
+# IP forwarding
+PreUp = sysctl -w net.ipv4.ip_forward=1
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = 5UQzcels7MqDXWdt2oDvfbjykISpYl4i8uYFytHijUc=
+Endpoint = 192.168.3.2:51820
+AllowedIPs = 10.0.0.1/32, 192.168.1.0/24
+

sio2/SISR/Ansible/dokuw/hosts

@@ -0,0 +1,9 @@
+[adm]
+infra
+ 
+[web]
+web1
+web2
+
+[doc]
+doku

sio2/SISR/Ansible/dokuw/local.yml

@@ -0,0 +1,6 @@
+
+- hosts: doku
+  roles:
+    - web
+    - doku
+  

sio2/SISR/Ansible/dokuw/roles/doku/main.yml

@@ -0,0 +1,18 @@
+vars:
+  - chemin_fichier: /var/www/html/doku
+
+- name: recuperation dokuwiki-stable.tgz depuis machine depl
+  get_url:
+    url: http://depl/store/dokuwiki-stable.tgz
+    dest: /tmp/
+
+- name: Extraction archive
+  ansible.builtin.unarchive:
+    src: /tmp/dokuwiki-stable.tgz
+    dest: /var/www/html/
+
+- name: changer propriétaire du fichier var/www/html/doku
+    file:
+      path: "{{ chemin_fichier }}"
+      owner: www-data:www-data data lib conf
+      become: true

sio2/SISR/Ansible/dokuw/roles/doku/tasks/main.yml

@@ -0,0 +1,37 @@
+- name: 1. recuperation dokuwiki-stable.tgz depuis machine depl
+  get_url:
+    url: http://depl/store/dokuwiki-stable.tgz
+    dest: /tmp
+
+- name: 2. Extraction archive dokuwiki-stage.tgz
+  unarchive:
+    src: /tmp/dokuwiki-stable.tgz
+    dest: /var/www/html/
+    remote_src: yes
+
+- name: 3. stat dokuwiki
+  stat: 
+    path: /var/www/html/dokuwiki-2023-04-04
+  register: doku_stat
+
+- name: 4. On renomme doku-v... en doku
+  command: mv /var/www/html/dokuwiki-2023-04-04 /var/www/html/doku
+  when: doku_stat.stat.exists
+
+- name: 5. Changer propritaire group et permissions
+  file:
+    path: /var/www/html/doku
+    owner: root
+    group: root
+    mode: '0755'
+    recurse: yes
+      
+- name: 6. Changer propritaire. group et permissions
+  file:
+    path: /var/www/html/doku
+    owner: www-data
+    group: www-data
+    recurse: yes
+      #    mode: '755'
+
+

sio2/SISR/Ansible/dokuw/roles/web/tasks/main.yml

@@ -0,0 +1,13 @@
+- name: 1. installe  apache2 php et ces dependances
+  apt:
+    name:
+      - apache2
+      - php
+       #     - php-gd
+      - php-mbstring
+    state: present
+
+- name: 2. lance Apache
+  service:
+    name: apache2
+    state: started

sio2/SISR/Ansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+ 
+[web]
+web1
+web2

sio2/SISR/Ansible/squid-j2.yml

@@ -0,0 +1,23 @@
+---
+- name: squid-j2.yml
+  hosts: infra
+  vars:
+  - proxy_port: 8080
+  - proxy_mem: 512
+  tasks:  
+  - name: 1. assurer que squid est installe
+    service:
+      name: squid
+      state: started
+  
+  - name: 2. Copie du squid.conf apres generation dynamique 
+    template:
+      src: squid.conf.j2
+      dest: /etc/squid/squid.conf
+    notify: restart squid
+
+  handlers:
+    - name: restart squid
+      service:
+        name: squid
+        state: restarted

sio2/SISR/Ansible/squid.yml

@@ -0,0 +1,22 @@
+---
+- name: squid.yml
+  hosts: infra
+  vars:
+    proxy_port: 8080
+    proxy_mem: 128
+
+  tasks:
+    - name: 1. installation de squid
+      apt:
+        name: squid
+        state: latest
+
+    - name: 2. recuperation de squid.conf avec fetch
+      ansible.builtin.fetch:
+        src: /etc/squid/squid.conf
+        dest: ./squid.conf
+        flat: yes
+
+
+
+

sio2/SISR/Ansible/syslog-cli.yml

@@ -0,0 +1,45 @@
+---
+- name: syslog.yml
+  hosts: web
+  tasks:
+  - name:  1. installer rsyslog
+    apt:
+      name: rsyslog
+      state: latest
+
+  - name: ajout du serveur syslog distant 
+    lineinfile:
+      path: /etc/rsyslog.conf
+      line: '*.* @172.20.10.4:514'
+      insertbefore: EOF
+      create: yes 
+    notify:
+      - 5. redemarrer rsyslog
+ 
+        # - name: 3. Ajout de la ligne ForwardToSyslog
+      #shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
+ 
+  - name: 4. Decommente la ligne ForwardToSyslog
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify: 6. redemarrer journald.service
+
+        # notify:
+        #- restart rsyslog
+        #- name: redemarrage de syslog
+        #- restart journald.service
+        #- name: redemarrage de journald.service
+
+  handlers:
+  - name: 5. redemarrer rsyslog
+    service:
+      name: rsyslog
+      state: restarted
+      
+  - name: 6. redemarrer journald.service
+    service:
+      name: systemd-journald.service
+      state: restarted
+

sio2/SISR/Ansible/syslog.yml

@@ -0,0 +1,52 @@
+---
+- name: syslog.yml
+  hosts: infra
+  tasks:
+  - name:  1. installer rsyslog
+    apt:
+      name: rsyslog
+      state: latest
+  
+  - name:  2. decommente le chargement du module imudp dans rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#module\(load="imudp"\)'
+      replace: 'module(load="imudp")'
+    notify:
+      - 5. redemarrer rsyslog
+ 
+  - name:  3. decommente le chargement du module imudp  port 514 dans rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#input\(type="imudp" port="514"\)'
+      replace: 'input(type="imudp" port="514")'
+    notify:
+      - 5. redemarrer rsyslog
+
+        # - name: 3. Ajout de la ligne ForwardToSyslog
+      #shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
+ 
+  - name: 4. Decommente la ligne ForwardToSyslog
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify: 6. redemarrer journald.service
+
+        # notify:
+        #- restart rsyslog
+        #- name: redemarrage de syslog
+        #- restart journald.service
+        #- name: redemarrage de journald.service
+
+  handlers:
+  - name: 5. redemarrer rsyslog
+    service:
+      name: rsyslog
+      state: restarted
+      
+  - name: 6. redemarrer journald.service
+    service:
+      name: systemd-journald.service
+      state: restarted
+

sio2/SISR/Ansible/web.yml

@@ -0,0 +1,20 @@
+---
+- name: web.yml
+  hosts: web
+  tasks:
+  - name: 1. installer apache2
+    apt :
+      name: apache2
+      state: present
+  - name: 2  installer php-mbstring
+    apt:
+      name: php-mbstring
+      state: present
+  - name: 3 assurer Apache tourne
+    service:
+      name: apache2
+      state: started
+  - name: 4 copier le fichier index.html vers /var/www/html      
+    template:
+      src: index.html
+      dest: /var/www/html/

sio2/SISR/Nagios/test

@@ -1 +0,0 @@
-OK

sio2/SISR/Python/analog

@@ -0,0 +1,27 @@
+#!/usr/bin/python3
+import sys
+import re
+#tab = []
+volume = {}
+
+regexp = "^(\S+) (\S+) (\S+) \[([^]]+)\] \"(\w+) (\S+).*\" (\d+) (\S+)"
+for line in sys.stdin: # on lit sur l’entrée standard
+    line = line.rstrip () # on enleve le retour ligne
+    res = re.match (regexp, line)
+    if res:
+        (host, rfc931, user, date, request, url, status, byte) = res.groups()
+        host = res.group (1)
+        byte =int(res.group (8))
+        if host in volume:
+            volume[host]= volume[host] + byte
+        else: 
+            volume[host] = byte 
+
+for host in volume.keys():
+    print(host, ":", volume[host])
+
+
+
+
+
+

sio2/SISR/Python/creatusr

@@ -0,0 +1,19 @@
+#!/usr/bin/python3
+
+try:
+    fh = open("user.txt", "r")
+except:
+    print ("Fichier user.txt inconnu")
+else:
+    line = fh.readline ()
+    while line:
+        # use realine() to read next line
+        maligne = line.rstrip()
+        (login,complet)=maligne.split(":")
+        print(login , complet)
+        cmd = "useradd -m -c \""+ complet + "\" " + login + "-s /bin/bash/ "+login
+        print (cmd)
+        line = fh.readline()
+
+    fh.close()
+

sio2/SISR/Python/remplace

@@ -0,0 +1,27 @@
+import re
+import os
+
+def remplacer_avec_regex(nom_fichier, ancien_motif, nouveau_motif):
+    # Renommer le fichier d'origine
+    nouveau_nom = nom_fichier + ".old"
+    os.rename(nom_fichier, nouveau_nom)
+
+    # Lire le contenu du fichier original
+    with open(nouveau_nom, 'r') as fichier_in:
+        contenu = fichier_in.read()
+
+    # Utiliser une expression régulière pour effectuer le remplacement
+    contenu_modifie = re.sub(ancien_motif, nouveau_motif, contenu)
+
+    # Écrire le contenu modifié dans le fichier d'origine
+    with open(nom_fichier, 'w') as fichier_out:
+        fichier_out.write(contenu_modifie)
+
+# Demander à l'utilisateur les informations nécessaires
+nom_fichier = input("Entrez le nom du fichier : ")
+ancien_motif = input("Entrez l'ancien motif à remplacer (expression régulière) : ")
+nouveau_motif = input("Entrez le nouveau motif : ")
+
+# Appeler la fonction
+remplacer_avec_regex(nom_fichier, ancien_motif, nouveau_motif)
+

sio2/SISR/SNMP/snmp.conf

@@ -1,10 +0,0 @@
-# As the snmp packages come without MIB files due to license reasons, loading
-# of MIBs is disabled by default. If you added the MIBs you can reenable
-# loading them by commenting out the following line.
-mibs :
-
-# If you want to globally change where snmp libraries, commands and daemons
-# look for MIBS, change the line below. Note you can set this for individual
-# tools with the -M option or MIBDIRS environment variable.
-#
-# mibdirs /usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf

sio2/SISR/SNMP/snmpd.conf

@@ -0,0 +1,90 @@
+###########################################################################
+#
+# snmpd.conf
+# An example configuration file for configuring the Net-SNMP agent ('snmpd')
+# See snmpd.conf(5) man page for details
+#
+###########################################################################
+# SECTION: System Information Setup
+#
+
+# syslocation: The [typically physical] location of the system.
+#   Note that setting this value here means that when trying to
+#   perform an snmp SET operation to the sysLocation.0 variable will make
+#   the agent return the "notWritable" error code.  IE, including
+#   this token in the snmpd.conf file will disable write access to
+#   the variable.
+#   arguments:  location_string
+sysLocation    Sitting on the Dock of the Bay
+sysContact     Me <me@example.org>
+
+# sysservices: The proper value for the sysServices object.
+#   arguments:  sysservices_number
+sysServices    72
+
+
+
+###########################################################################
+# SECTION: Agent Operating Mode
+#
+#   This section defines how the agent will operate when it
+#   is running.
+
+# master: Should the agent operate as a master agent or not.
+#   Currently, the only supported master agent type for this token
+#   is "agentx".
+#   
+#   arguments: (on|yes|agentx|all|off|no)
+
+master  agentx
+
+# agentaddress: The IP address and port number that the agent will listen on.
+#   By default the agent listens to any and all traffic from any
+#   interface on the default SNMP port (161).  This allows you to
+#   specify which address, interface, transport type and port(s) that you
+#   want the agent to listen on.  Multiple definitions of this token
+#   are concatenated together (using ':'s).
+#   arguments: [transport:]port[@interface/address],...
+
+#agentaddress  127.0.0.1,[::1]
+agentAddress udp:161
+
+
+
+###########################################################################
+# SECTION: Access Control Setup
+#
+#   This section defines who is allowed to talk to your running
+#   snmp agent.
+
+# Views 
+#   arguments viewname included [oid]
+
+#  system + hrSystem groups only
+view   systemonly  included   .1.3.6.1.2.1.1
+view   systemonly  included   .1.3.6.1.2.1.25.1
+
+
+# rocommunity: a SNMPv1/SNMPv2c read-only access community name
+#   arguments:  community [default|hostname|network/bits] [oid | -V view]
+
+# Read-only access to everyone to the systemonly view
+rocommunity  public default
+rocommunity6 public default -V systemonly
+
+# SNMPv3 doesn't use communities, but users with (optionally) an
+# authentication and encryption string. This user needs to be created
+# with what they can view with rouser/rwuser lines in this file.
+#
+# createUser username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES] [privpassphrase]
+# e.g.
+# createuser authPrivUser SHA-512 myauthphrase AES myprivphrase
+#
+# This should be put into /var/lib/snmp/snmpd.conf 
+#
+# rouser: a SNMPv3 read-only access username
+#    arguments: username [noauth|auth|priv [OID | -V VIEW [CONTEXT]]]
+rouser authPrivUser authpriv -V systemonly
+
+# include a all *.conf files in a directory
+includeDir /etc/snmp/snmpd.conf.d