• Choose a category
• All
• Classic-Fiction

snmpdx also reads security information from /etc/snmp/conf/snmpdx.acl. In this file, you can list the IP addresses of hosts that should be allowed access to the local SNMP agent. Each set of hosts can have its own read and write community names. These features can dramatically increase the security of SNMP; unfortunately, all restrictions are turned off by default.

An off-the-shelf Solaris installation boots with two DMI-related processes. The first of these is /usr/lib/dmi/dmispd, which answers DMI queries directly. The second is /usr/lib/dmi/snmpXdmid, which translates SNMP requests into DMI requests and passes them on to dmispd. Once dmispd responds, snmpXdmid passes the responses back to the SNMP server, snmpdx. SNMP/DMI translations are defined by files in the /var/dmi/map directory. Only two variable translations are defined by default, so unless you are planning on adding more, you should really have no reason to run snmpXdmid.

If you don’t have DMI management software or don’t plan on using it, you can prevent both DMI processes from starting at boot time by renaming /etc/rc3.d/S77dmi to /etc/rc3.d/s77dmi. If you just want to disable snmpXdmid, you should rename its configuration file from snmpXdmid.conf to snmpXdmid.conf.orig.

SNMP on HP-UX

One of HP’s most successful software ventures is an enterprise network management tool called HP OpenView. Since HP is a leader in the network management space, it shouldn’t be much of a surprise that HP-UX ships with an SNMP agent. Instead of providing a single, monolithic agent, HP’s system employs a number of specialized subagents. This design allows HP to add subagents for new hardware or software without changing the overall system.

The master agent is /usr/sbin/snmpdm, but it should never be run directly. Use the shell script /usr/sbin/snmpd instead. In addition to starting snmpdm, the snmpd script starts the subagents that are responsible for gathering data.

The agent reads its configuration from /etc/SnmpAgent.d/snmpd.conf. Configuration information can also be specified on the snmpd command line.

Only five keywords can be used within snmpd.conf. They’re illustrated in the following example:

# SNMP configuration for disaster.xor.com

get-community-name: ro-community

set-community-name: D8j4kL.2nG

trap-dest: jaguar.xor.com

trap-dest: ov.xor.com

location: First floor lab machine room

contact: root@disaster.xor.com

The get-community-name and set-community-name keywords set the SNMP community strings (aka passwords) that a client must provide to read and write data values. There can be more than one instance of each. However, access control cannot be subdivided: any name listed in any set-community-name statement is valid for any supported operation.

The trap-dest keyword specifies the name or IP address of an SNMP client that is to receive trap notifications. There can be several trap destinations—all traps are sent to all destinations.

The location and contact keywords set the values of the MIB-II sysLocation and sysContact OIDs.

You can control the amount of logging that snmpd generates with the -m flag:

snmpd -m logmask

The logmask should be a bitwise OR of your choice of the option flags in Table 20.2.

Table 20.2 Option flag values for HP-UX snmpd

Unfortunately, HP’s SNMP agent does not use syslog. You can specify the location of its log file with -l log; the default is /var/adm/snmpd.log.

The UCD SNMP agent

When SNMP was first standardized, Carnegie Mellon University and MIT both produced implementations. CMU’s implementation was more complete and quickly became the de facto standard for UNIX systems. When active development at CMU died down, researchers at UC Davis took over the software.

The UCD distribution is now the authoritative free SNMP implementation for UNIX. We recommend it highly for systems with no SNMP implementation of their own. It includes an SNMP agent, some command-line tools, and even a library for developing SNMP-aware