Add SNMP config (#216)

librenms · Aug 7, 2021 · 0fe44f1 · 0fe44f1
1 parent 21d52c3
commit 0fe44f1
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/doc/docker/environment-variables.md b/doc/docker/environment-variables.md
@@ -40,6 +40,15 @@
 > :warning: Only used if you enable and run a [sidecar snmptrapd container](../notes/snmptrapd.md)
 
 * `SIDECAR_SNMPTRAPD`: Set to `1` to enable sidecar snmptrapd mode for this container (default `0`)
+* `SNMP_PROCESSING_TYPE`: Sets which type of processing (`log`, `execute`, and/or `net`) to use with the SNMP trap (default `log,execute,net`)
+* `SNMP_USER`: Defines what username to authenticate with (default `librenms_user`)
+* `SNMP_AUTH`: Defines what password to authenticate with (default `auth_pass` should not be used, but will work)
+* `SNMP_PRIV`: Defines what password to encrypt packages with (default `priv_pass` should not be used, but will work)
+* `SNMP_AUTH_PROTO`: Sets what protocol (`MD5`|`SHA`) to use for authentication (default `SHA`)
+* `SNMP_PRIV_PROTO`: Sets what protocol (`DES`|`AES`) to use for encryption of packages (default `AES`)
+* `SNMP_SECURITY_LEVEL`: Sets what security level (`noauth`|`priv`) to use (default `priv`)
+* `SNMP_ENGINEID`: Defines what SNMP EngineID to use (default `1234567890`)
+* `SNMP_DISABLE_AUTHORIZATION`: Will disable the above access control checks, and revert to the previous behaviour of accepting all incoming notifications. (default `yes`)
 
 ### Database
 

diff --git a/rootfs/etc/cont-init.d/08-svc-snmptrapd.sh b/rootfs/etc/cont-init.d/08-svc-snmptrapd.sh
@@ -2,6 +2,15 @@
 
 SIDECAR_SNNMPTRAPD=${SIDECAR_SNNMPTRAPD:-0}
 LIBRENMS_SNMP_COMMUNITY=${LIBRENMS_SNMP_COMMUNITY:-librenmsdocker}
+SNMP_PROCESSING_TYPE=${SNMP_PROCESSING_TYPE:-log,execute,net}
+SNMP_USER=${SNMP_USER:-librenms_user}
+SNMP_AUTH=${SNMP_AUTH:-auth_pass}
+SNMP_PRIV=${SNMP_PRIV:-priv_pass}
+SNMP_AUTH_PROTO=${SNMP_AUTH_PROTO:-SHA}
+SNMP_PRIV_PROTO=${SNMP_PRIV_PROTO:-AES}
+SNMP_SECURITY_LEVEL=${SNMP_SECURITY_LEVEL:-priv}
+SNMP_ENGINEID=${SNMP_ENGINEID:-1234567890}
+SNMP_DISABLE_AUTHORIZATION=${SNMP_DISABLE_AUTHORIZATION:-yes}
 
 # Continue only if sidecar snmptrapd container
 if [ "$SIDECAR_SNNMPTRAPD" != "1" ]; then
@@ -16,6 +25,15 @@ mkdir -p /run/snmptrapd
 chown -R librenms. /run/snmptrapd
 
 sed -ie "s/@LIBRENMS_SNMP_COMMUNITY@/${LIBRENMS_SNMP_COMMUNITY}/" /etc/snmp/snmptrapd.conf
+sed -ie "s/@SNMP_PROCESSING_TYPE@/${SNMP_PROCESSING_TYPE}/" /etc/snmp/snmptrapd.conf'
+sed -ie "s/@SNMP_USER@/${SNMP_USER}/" /etc/snmp/snmptrapd.conf
+sed -ie "s/@SNMP_AUTH@/${SNMP_AUTH}/" /etc/snmp/snmptrapd.conf
+sed -ie "s/@SNMP_PRIV@/${SNMP_PRIV}/" /etc/snmp/snmptrapd.conf
+sed -ie "s/@SNMP_AUTH_PROTO@/${SNMP_AUTH_PROTO}/" /etc/snmp/snmptrapd.conf
+sed -ie "s/@SNMP_PRIV_PROTO@/${SNMP_PRIV_PROTO}/" /etc/snmp/snmptrapd.conf
+sed -ie "s/@SNMP_SECURITY_LEVEL@/${SNMP_SECURITY_LEVEL}/" /etc/snmp/snmptrapd.conf
+sed -ie "s/@SNMP_ENGINEID@/${SNMP_ENGINEID}/" /etc/snmp/snmptrapd.conf
+sed -ie "s/@SNMP_DISABLE_AUTHORIZATION@/${SNMP_DISABLE_AUTHORIZATION}/" /etc/snmp/snmptrapd.conf
 
 # Create service
 mkdir -p /etc/services.d/snmptrapd

diff --git a/rootfs/etc/snmp/snmptrapd.conf b/rootfs/etc/snmp/snmptrapd.conf
@@ -1,3 +1,5 @@
-disableAuthorization yes
-authCommunity log,execute,net @LIBRENMS_SNMP_COMMUNITY@
+disableAuthorization @SNMP_DISABLE_AUTHORIZATION@
+createUser -e 0x@SNMP_ENGINEID@ @SNMP_USER@ @SNMP_AUTH_PROTO@ @SNMP_AUTH@ @SNMP_PRIV_PROTO@ @SNMP_PRIV@
+authUser @SNMP_PROCESSING_TYPE@ @SNMP_USER@ @SNMP_SECURITY_LEVEL@
+authCommunity @SNMP_PROCESSING_TYPE@ @LIBRENMS_SNMP_COMMUNITY@
 traphandle default /opt/librenms/snmptrap.php