Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable snmp v2 & v1 #56

Closed
hdep opened this issue Jul 28, 2015 · 6 comments
Closed

Disable snmp v2 & v1 #56

hdep opened this issue Jul 28, 2015 · 6 comments
Assignees
@razorsedge
Labels
enhancement New feature or request question

Comments

@hdep
Copy link
Contributor

hdep commented Jul 28, 2015

Hello,

I am currently testing your plugin which seems working fine on my system (debian 8).
Il only want to use snmpv3, this is working but the plugin is still generating some configuration about snmp v2, is there a way to disable this ?

Regards,
@razorsedge
Copy link
Contributor

@hdep I am not positive, but try this:

class { 'snmp':
  ro_community  => undef,
  ro_community6 => undef,
  groups         => [ 'myGroupName v3         mySecName', ],
}

@razorsedge razorsedge self-assigned this Oct 15, 2015
@tarheeljeff
Copy link

tarheeljeff commented May 19, 2016
edited
Loading

Any updated comments on disabling v1/v2 as part of the config? Below are the required steps:

In order to disable the v1 and v2c of SNMP a comment must be added on the com2sec & access lines in the snmpd.conf file, in e.g:

        #com2sec notConfigUser  default       public
        group   notConfigGroup v1           notConfigUser
        group   notConfigGroup v2c           notConfigUser
        view    systemview    included   .1.3.6.1.2.1.1
        view    systemview    included   .1.3.6.1.2.1.25.1.1
        #access  notConfigGroup ""      any       noauth    exact  systemview none none

To disable SNMP v1 connection only, comment out the line of "group notConfigGroup v1 notConfigUser" only. SNMP v2c is still available.

        com2sec notConfigUser  default       public
        #group   notConfigGroup v1           notConfigUser
        group   notConfigGroup v2c           notConfigUser
        view    systemview    included   .1.3.6.1.2.1.1
        view    systemview    included   .1.3.6.1.2.1.25.1.1
        access  notConfigGroup ""      any       noauth    exact  systemview none none

@msiroskey
Copy link

After looking into the code you can disable v1/v2 by passing an empty array to com2sec and com2sec6 parameters.

class { 'snmp':
  com2sec      => [],
  com2sec6     => [],
}

@razorsedge razorsedge added the enhancement New feature or request label Apr 22, 2017
@razorsedge
Copy link
Contributor

Looks like a documentation update is in order.

@hdep
Copy link
Contributor Author

hdep commented Aug 9, 2018

Thank you.
Juste tried that on Debain 9 I got some error :

Aug 9 16:49:39 serversnmpd[12025]: /etc/snmp/snmpd.conf: line 22: Error: Blank line following com2sec token.
Aug 9 16:49:39 server snmpd[12025]: /etc/snmp/snmpd.conf: line 24: Error: Blank line following com2sec6 token.

Maybe it would more efficient to create a variable which enable or disable snmpv2 configuration ?

@hdep
Copy link
Contributor Author

hdep commented Aug 20, 2018

I did a PR for this :
#128

Any help appreciated to fix the remaining issue, but it is working on my VM.

@hdep hdep closed this as completed Sep 21, 2018
@prouveyrol prouveyrol mentioned this issue Jul 21, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@razorsedge razorsedge

Labels
enhancement New feature or request question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@razorsedge @tarheeljeff @msiroskey @hdep