[Pkg-net-snmp-devel] Bug#966544: Switching from extend to pass for custom endpoints
Ian Campbell
ijc at debian.org
Mon Aug 3 17:19:51 BST 2020
Hi all,
I switched from pass to extend for my custom endpoint since the latter
was not disabled with the security update. It's a bit more faff but not
intractable (just lots of boilerplate really) so maybe it's useful to
post here as a sort of recipe while things get sorted out some other
way in the packaging.
I went from snmpd.conf with (nb: /var/run/qcontrol.temp simply contains
a single integer value, nothing fancy, it's updated elsewhere):
extend .1.3.6.1.4.1.65535.1 - /bin/cat /var/run/qcontrol.temp
To one with:
pass .1.3.6.1.4.1.65535.1 /bin/bash /etc/snmp/qcontrol-mib
Where /etc/snmp/qcontrol-mib is:
#!/bin/bash
# https://sourceforge.net/p/net-snmp/code/ci/master/tree/local/passtest
PLACE=".1.3.6.1.4.1.65535.1"
OP="$1"
REQ="$2"
case "$OP" in
"-s") # SET
OP="SET"
logger -p daemon.debug "qcontrol-mib: $OP $REQ: ignored"
exit 0
;;
"-n") # GETNEXT
OP="GETNEXT"
case "$REQ" in
$PLACE|$PLACE.0|$PLACE.0.*|$PLACE.1) RET="$PLACE.1.0" ;;
*) exit 0 ;; # Nothing after this
esac
;;
"-g") # GET
OP="GET"
case "$REQ" in
$PLACE.1.0) RET="$REQ" ;;
*)
logger -p daemon.warn "qcontrol-mib: $OP $REQ: unknown"
exit 0
;;
esac
;;
esac
# GET and GETNEXT
logger -p daemon.debug "qcontrol-mib: $OP $REQ: OK"
echo "$RET"
case "$RET" in
$PLACE.1.0) echo "integer" ; printf "%d\n" $(cat /var/run/qcontrol.temp);;
esac
These were moderately useful resources:
http://www.net-snmp.org/docs/man/snmpd.conf.html (see: MIB-Specific Extension Commands)
http://net-snmp.sourceforge.net/wiki/index.php/Tut:Extending_snmpd_using_shell_scripts
https://sourceforge.net/p/net-snmp/code/ci/master/tree/local/passtest
For people who want persistent_pass instead this looked like a good
resource but I didn't follow it myself since my needs were so trivial:
https://vincent.bernat.ch/en/blog/2012-extending-netsnmp
That has links to Perl and Python helper libraries which I think you'd
likely want to use if you wanted multiple values since plumbing the
GETNEXT stuff together manually in the simple shell script case as
above would be fairly tedious.
HTH someone,
Ian.
More information about the Pkg-net-snmp-devel
mailing list