From 87c4d9be427c3e51c33c3088ff48ab649edb44c1 Mon Sep 17 00:00:00 2001 From: Morten Brekkevold Date: Tue, 31 Oct 2023 15:38:06 +0100 Subject: [PATCH 1/2] Add an snmpd container for SNMPv3 comms This can be useful for testing actual SNMPv3 communication. --- tools/snmpdv3/Dockerfile | 4 ++++ tools/snmpdv3/README.md | 34 ++++++++++++++++++++++++++++++++++ tools/snmpdv3/snmpd.conf | 13 +++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 tools/snmpdv3/Dockerfile create mode 100644 tools/snmpdv3/README.md create mode 100644 tools/snmpdv3/snmpd.conf diff --git a/tools/snmpdv3/Dockerfile b/tools/snmpdv3/Dockerfile new file mode 100644 index 0000000000..30073820c0 --- /dev/null +++ b/tools/snmpdv3/Dockerfile @@ -0,0 +1,4 @@ +FROM polinux/snmpd +COPY snmpd.conf /etc/snmpd/snmpd.conf +EXPOSE 161:161/udp +CMD ["-c", "/etc/snmpd/snmpd.conf"] diff --git a/tools/snmpdv3/README.md b/tools/snmpdv3/README.md new file mode 100644 index 0000000000..990c4b9f65 --- /dev/null +++ b/tools/snmpdv3/README.md @@ -0,0 +1,34 @@ +# SNMPv3 enabled SNMP daemon for SNMPv3 testing + +This directory defines a simple docker image for a NET-SNMP-based SNMP daemon +that is enabled for responding to SNMPv3 requests. + +## Building the image + +```sh +docker build -t snmpd . +``` + +## Running a container to respond to SNMP locally + +```sh +docker run --name snmpd -p 161:161/udp snmpd +``` + +## Authentication and privacy + +Using the SNMPv3 user security model (USM), this image sets up a read-only user +named `myv3user`, with an authentication password of `my_authpass`, using AES +encryption for security with a privacy password of `my_privpass`. + +For SNMP v1 or v2c communication, it sets up a default read-only community of +`notpublic`. + +## Local testing + +The entirety of the daemon's mib view can be queried using SNMPv3 by running +the following `snmpwalk` command: + +```sh +snmpwalk -v3 -l authPriv -u myv3user -a SHA -A "my_authpass" -x AES -X "my_privpass" localhost +``` diff --git a/tools/snmpdv3/snmpd.conf b/tools/snmpdv3/snmpd.conf new file mode 100644 index 0000000000..64ffec3cc3 --- /dev/null +++ b/tools/snmpdv3/snmpd.conf @@ -0,0 +1,13 @@ +com2sec notConfigUser default notpublic +group notConfigGroup v1 notConfigUser +group notConfigGroup v2c notConfigUser +view systemview included .1.3.6.1.2.1.1 +view systemview included .1.3.6.1.2.1.25.1.1 +access notConfigGroup "" any noauth exact systemview none none + +createUser myv3user SHA "my_authpass" AES "my_privpass" +rouser myv3user + +syslocation Milliways +syscontact NAV Developer +dontLogTCPWrappersConnects yes From f6ff332198238739958a70f5240ba27526e0662b Mon Sep 17 00:00:00 2001 From: Morten Brekkevold Date: Tue, 31 Oct 2023 15:38:46 +0100 Subject: [PATCH 2/2] Add snmpdv3 example service for SNMP development This adds an snmpdv3 example service to the other SNMP examples in docker-compose.snmp.yml --- docker-compose.snmp.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docker-compose.snmp.yml b/docker-compose.snmp.yml index 323f11ebf0..cd8c1dd000 100644 --- a/docker-compose.snmp.yml +++ b/docker-compose.snmp.yml @@ -1,5 +1,5 @@ # This compose file shows an example of how you can add SNMP proxying -# services to the Docker Compose development environment. +# or test services to the Docker Compose development environment. # To set up a full dev environment with proxying, either copy the examples # from this file to docker-compose.override.yml, or tell docker compose to also @@ -42,3 +42,10 @@ services: mydevice.mydomain: << : *forwarder command: 192.168.0.1 user@my-hop-host 10000 + + # This creates an SNMPv3 test server, see tools/snmpdv3 for details + snmpdv3: + build: tools/snmpdv3 + ports: + - 161:161/udp +