rc/network
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

access: limit OIDs exposed over SNMP

Browse source 
Define a custom SNMP group with read access only to fields we need.

For D-Link switches, modifying the group must be handled the same as
user, i.e. the group (and user) must be removed and readded.

Untested for FS S5800.
This commit is contained in:
Timotej Lazar 2025-10-22 13:43:07 +02:00
parent 2c93cab682
commit 7a2223ea71
5 changed files with 61 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/access/templates/config-d-link.j2
View file

@ -112,7 +112,11 @@ snmp-server name {{ inventory_hostname }}
snmp-server location {{ rack }}
{# SNMP engine ID must be exactly 24 hex digits #}
snmp-server engineID local {{ snmp_engine_id }}
snmp-server group public v3 priv read CommunityView
{# limit MIBs exposed over SNMP #}
snmp-server view public 1.3.6.1.2.1.1 included {# system +#}
snmp-server view public 1.3.6.1.2.1.2 included {# interfaces +#}
snmp-server view public 1.3.6.1.2.1.17.7 included {# qBridgeMIB +#}
snmp-server view public 1.3.6.1.2.1.31 included {# ifMIB +#}
sntp enable
{% for address in ntp %}