Privacy enable on SNMPv3 AIX) Post: 302948176

Sponsored Content

Operating Systems AIX Privacy enable on SNMPv3 AIX) Post 302948176 by anrivera140 on Friday 26th of June 2015 12:37:02 PM

06-26-2015

Registered User

Privacy enable on SNMPv3 AIX)

I have SNMPv3 working on our server but when viewed from the security software, it shows no privacy enabled

Code:

AIX 7.1, TL1, snmp.crypto 6.1.2.0 installed, ran snmpv3_ssw -e

Unsure what I have configured wrong.

What is needed to show Privacy in AIX. I looked at a config on a Solaris box that does have it working and it seems like I have things set correctly.

See snips of snmpdv3.conf below:

Code:

USM_USER spkadmin - HMAC-MD5 caXXXXXXXXXXXXXXXXXXXXXXX35 DES e7XXXXXXXXXXXXXXXXX51 N -
 
# VACM_GROUP entries
# Format is:
# groupName securityModel securityName storageType
VACM_GROUP group1 USM spekadmin -
# VACM_VIEW entries
# Defines a particular set of MIB data, called a view, for the
# View-based Access Control Model.
# Format is:
# viewName viewSubtree viewMask viewType storageType
VACM_VIEW group1View interfaces - included -
VACM_VIEW group1View tcp - included -
VACM_VIEW group1View icmp - included -
VACM_VIEW group1View system - included -
VACM_VIEW group1View sysObjectID - excluded -
# VACM_ACCESS entries
VACM_ACCESS group1 - - DES USM group1View - - -
 
#VACM_GROUP group1 SNMPv1 public -
VACM_VIEW defaultView internet - included -
VACM_VIEW defaultView 1.3.6.1.4.1.2.2.1.1.1.0 - included -
VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191.1.6 - included -
# exclude snmpv3 related MIBs from the default view
VACM_VIEW defaultView snmpModules - excluded -
VACM_VIEW defaultView 1.3.6.1.6.3.1.1.4 - included -
VACM_VIEW defaultView 1.3.6.1.6.3.1.1.5 - included -
# exclude aixmibd managed MIBs from the default view
VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191 - included -
#VACM_ACCESS group1 - - noAuthNoPriv SNMPv1 defaultView - defaultView -
#NOTIFY notify1 traptag trap -
#TARGET_ADDRESS Target1 UDP 127.0.0.1 traptag trapparms1 - - -
#TARGET_PARAMETERS trapparms1 SNMPv1 SNMPv1 public noAuthNoPriv -
#COMMUNITY public public noAuthNoPriv 0.0.0.0 0.0.0.0 -
DEFAULT_SECURITY no-access - -
logging file=/tmp/snmpdv3.log enabled
logging size=100000 level=0
smux 1.3.6.1.4.1.2.3.1.2.1.2 gated_password # gated

Thanks.

Last edited by Don Cragun; 06-26-2015 at 05:46 PM.. Reason: Add CODE and ICODE tags.

anrivera140

View Public Profile for anrivera140

Find all posts by anrivera140

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

regular user - enable printer - aix unix

how can I let a regular user enable a printer?

2. Infrastructure Monitoring

net-snmp-config --create-snmpv3-user snmpengineID

Solaris 10 -- I created SNMPv3 users with net-snmp-config --create-snmpv3-user command. I am using HP Network Node Manager's SNMPv3 Smart Plugin to serve as the SNMP management server. Some SNMPv3 users were automatically created with the same snmpengineID. This causes NNM's brassagt proxy to...

3. Infrastructure Monitoring

Configuration of snmpv3 in AIX

Hi, I am new to AIX and have been assigned a task to configure the snmp on aix which can talk to our management server. Any help in relation to this will be greatly appriciated. Cheers, Tarun

4. AIX

Enable send email through smtp - exchange on AIX 6.1

Please help, i can not to send email from AIX 6.1 to outside network through STMP - Exchange. Any one can help ?

5. AIX

Enable large filesize option in NFS mount in AIX 4.3

Hi All, I have a NFS mount filesystem, however it is not supporting a creation of filesize greater than 2 GB in it, how can i enable the option (bf = true) in it. The AIX version is 4.3.2 Thanks in Advance!!

6. AIX

How to enable command history in AIX 6

Hi Friends, I am using AIX 6 with ksh shell, i am not able to get the commands histroy which was used earlier by pressing up and down arrow keys. Could you please help me to enable the history for ksh shell in AIX 6 OS. Thanks in Advance. Siva Kumar.

7. AIX

SNMPv3 error - Help please!

Hello everyone: I'm still relatively new to AIX administration and learning every day. I need to configure SNMPv3 in several servers. I tried first on a "test environment" server, no firewalls, and I was successful. Then I moved on to the "production" servers, which are behind firewall and I...

8. AIX

Is it must to enable TCB on AIX LPARs ?

Hi, I've verified my AIX 7.1 LPAR , and TCB is disabled by default. #odmget -q attribute=TCB_STATE PdAt PdAt: uniquetype = "" attribute = "TCB_STATE" deflt = "tcb_disabled" values = "" width = "" type = "" generic = "" ...

LEARN ABOUT REDHAT

snmptrapd.conf

SNMPTRAPD.CONF(5)						     Net-SNMP							 SNMPTRAPD.CONF(5)

NAME

       /usr/share/snmp/snmptrapd.conf - configuration file for the Net-SNMP trap daemon.

DESCRIPTION

       snmptrapd.conf  is  the	configuration  file(s)	which define how the Net-SNMP SNMP trap receiving daemon operates when it receives a trap.
       These files may contain any of the directives found in the DIRECTIVES section below.  This file is not required for the daemon to  operate,
       receive, or report traps.  It is used solely as a method of providing extensibility to the trap daemon.

PLEASE READ FIRST

       First,  make  sure you have read the snmp_config(5) manual page that describes how the Net-SNMP configuration files operate, where they are
       located and how they all work together.

DIRECTIVES

       traphandle OID|default PROGRAM [ARGS ...]
	      The traphandle configuration directive configures the snmptrapd program to launch an external program any time it  receives  a  trap
	      matching	the  OID  token.   If  the  OID token is the word default then any trap not matching any other trap handler will call this
	      default one instead.  The program is fed details about the trap to its standard input, in the following format, one entry per line:

	      HOSTNAME
		     The name of the host in question that sent the trap, as determined by gethostbyaddr(3).

	      IPADDRESS
		     The IP address of the host that sent the trap.

	      VARBINDS
		     A list of variable bindings that describe the trap and the variables enclosed in it.  The first token on the line,  up  until
		     the  space,  in  the OID and the remainder of the line is its value.  The first OID should be the system.sysUpTime.0 OID, and
		     the second should be the ...snmpTrap.snmpTrapOID.0 OID.  The remainder of the OIDs, with the possible exception of  the  last
		     one,   are  the  variable	bindings  contained  within  the  trap.   For  SNMPv1  traps,  the  very  last	OID  will  be  the
		     ...snmpTrap.snmpTrapEnterprise OID and its value.	Essentially, SNMPv1 traps have been converted to the SNMPv2 trap PDU  type
		     by the method described in the SNMPv1/SNMPv2/SNMPv3 coexistence document (RFC2576).

	      Example:
		     A traptoemail script has been included in the Net-SNMP package that can be used as a trap handle directive:

		     traphandle /usr/bin/perl /usr/bin/traptoemail -s mysmtp.somewhere.com -f admin@somewhere.com me@somewhere.com

       dontRetainLogs true
	      Turns  off  the  support	for the NOTIFICATION-LOG-MIB and thus doesn't retain logged traps.  Normally the snmptrapd program keeps a
	      certain number of traps around in memory so they can be retrieved via querying the nlmLogTable and nlmLogvariableTable tables.   See
	      the snmptrapd manual page and the NOTIFICATION-LOG-MIB for details.

       createUser username (MD5|SHA) authpassphrase [DES]
	      See the snmpd.conf(5) manual page for a description of how to create SNMPv3 users.  It's roughly the same, but the file name changes
	      to snmptrapd.conf from snmpd.conf.

       format1 format
	      The format used to print a SNMPv1 TRAP message. See snmptrapd(8) for the layout characters available.

       format2 format
	      The format used to print a SNMPv2 TRAP2 or INFORM message (note that the SNMPv3 protocol uses SNMPv2 style TRAPs and INFORMs).

NOTES

       o      The daemon blocks on the executing traphandle commands.  (This should be fixed in the future with an appropriate	signal	catch  and
	      wait() combination).

SEE ALSO

       snmp_config(5), snmptrapd(8), syslog(8), variables(5), snmpd.conf(5), read_config(3).

4th Berkeley Distribution					    28 Aug 2001 						 SNMPTRAPD.CONF(5)