Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an snmpd service container for SNMPv3 comms #2697

Merged
merged 2 commits into from
Nov 8, 2023
Merged

Add an snmpd service container for SNMPv3 comms #2697

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
87c4d9b
Add an snmpd container for SNMPv3 comms
lunkwill42 Oct 31, 2023
f6ff332
Add snmpdv3 example service for SNMP development
lunkwill42 Oct 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion docker-compose.snmp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# This compose file shows an example of how you can add SNMP proxying
# services to the Docker Compose development environment.
# or test services to the Docker Compose development environment.

# To set up a full dev environment with proxying, either copy the examples
# from this file to docker-compose.override.yml, or tell docker compose to also
Expand Down Expand Up @@ -42,3 +42,10 @@ services:
mydevice.mydomain:
<< : *forwarder
command: 192.168.0.1 user@my-hop-host 10000

# This creates an SNMPv3 test server, see tools/snmpdv3 for details
snmpdv3:
build: tools/snmpdv3
ports:
- 161:161/udp

4 changes: 4 additions & 0 deletions tools/snmpdv3/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
FROM polinux/snmpd
COPY snmpd.conf /etc/snmpd/snmpd.conf
EXPOSE 161:161/udp
CMD ["-c", "/etc/snmpd/snmpd.conf"]
34 changes: 34 additions & 0 deletions tools/snmpdv3/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# SNMPv3 enabled SNMP daemon for SNMPv3 testing

This directory defines a simple docker image for a NET-SNMP-based SNMP daemon
that is enabled for responding to SNMPv3 requests.

## Building the image

```sh
docker build -t snmpd .
```

## Running a container to respond to SNMP locally

```sh
docker run --name snmpd -p 161:161/udp snmpd
```

## Authentication and privacy

Using the SNMPv3 user security model (USM), this image sets up a read-only user
named `myv3user`, with an authentication password of `my_authpass`, using AES
encryption for security with a privacy password of `my_privpass`.

For SNMP v1 or v2c communication, it sets up a default read-only community of
`notpublic`.

## Local testing

The entirety of the daemon's mib view can be queried using SNMPv3 by running
the following `snmpwalk` command:

```sh
snmpwalk -v3 -l authPriv -u myv3user -a SHA -A "my_authpass" -x AES -X "my_privpass" localhost
```
13 changes: 13 additions & 0 deletions tools/snmpdv3/snmpd.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
com2sec notConfigUser default notpublic
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access notConfigGroup "" any noauth exact systemview none none

createUser myv3user SHA "my_authpass" AES "my_privpass"
rouser myv3user

syslocation Milliways
syscontact NAV Developer <[email protected]>
dontLogTCPWrappersConnects yes
Loading