|
Packit Service |
b38f0b |
#!/bin/sh
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
. ../support/simple_eval_tools.sh
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
HEADER SNMPv3 snmptrapd USM user management with snmpusm
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
SKIPIFNOT USING_AGENTX_MASTER_MODULE
|
|
Packit Service |
b38f0b |
SKIPIFNOT USING_AGENTX_SUBAGENT_MODULE
|
|
Packit Service |
b38f0b |
SKIPIFNOT USING_SNMPV3_USMUSER_MODULE
|
|
Packit Service |
b38f0b |
SKIPIF NETSNMP_SNMPTRAPD_DISABLE_AGENTX
|
|
Packit Service |
b38f0b |
SKIPIF NETSNMP_DISABLE_SET_SUPPORT
|
|
Packit Service |
b38f0b |
SKIPIFNOT NETSNMP_USE_OPENSSL
|
|
Packit Service |
b38f0b |
SKIPIF NETSNMP_NO_WRITE_SUPPORT
|
|
Packit Service |
b38f0b |
SKIPIFNOT NETSNMP_CAN_DO_CRYPTO
|
|
Packit Service |
b38f0b |
SKIPIFNOT NETSNMP_ENABLE_SCAPI_AUTHPRIV
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
#
|
|
Packit Service |
b38f0b |
# Begin test
|
|
Packit Service |
b38f0b |
#
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# configure AgentX socket
|
|
Packit Service |
b38f0b |
if [ "x$SNMP_TRANSPORT_SPEC" = "xunix" ]; then
|
|
Packit Service |
b38f0b |
AGENT_FLAGS="$AGENT_FLAGS -x $SNMP_TMPDIR/agentx_socket"
|
|
Packit Service |
b38f0b |
TRAPD_FLAGS="$TRAPD_FLAGS -x $SNMP_TMPDIR/agentx_socket"
|
|
Packit Service |
b38f0b |
else
|
|
Packit Service |
b38f0b |
AGENT_FLAGS="$AGENT_FLAGS -x tcp:${SNMP_TEST_DEST}${SNMP_AGENTX_PORT}"
|
|
Packit Service |
b38f0b |
TRAPD_FLAGS="$TRAPD_FLAGS -x tcp:${SNMP_TEST_DEST}${SNMP_AGENTX_PORT}"
|
|
Packit Service |
b38f0b |
fi
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# standard SNMPv3 USM agent configuration
|
|
Packit Service |
b38f0b |
DEFSECURITYLEVEL=authPriv
|
|
Packit Service |
b38f0b |
. ./Sv3usmconfigagent
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# save agent access
|
|
Packit Service |
b38f0b |
AGENT_TESTAUTHARGS=$TESTAUTHARGS
|
|
Packit Service |
b38f0b |
AGENT_TESTPRIVARGS=$TESTPRIVARGS
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# configure agent as AgentX master
|
|
Packit Service |
b38f0b |
CONFIGAGENT master agentx
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# Start the master agent
|
|
Packit Service |
b38f0b |
STARTAGENT
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# standard SNMPv3 USM snmptrapd configuration
|
|
Packit Service |
b38f0b |
. ./Sv3usmconfigtrapd
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# configure snmptrapd
|
|
Packit Service |
b38f0b |
NEWAUTHKEY=0x7458ead7a0b5a753e21bfcb87f6c9803ebef68cf
|
|
Packit Service |
b38f0b |
NEWPRIVKEY=0x98e2696d1cf34d904dfcae76bf01c473
|
|
Packit Service |
b38f0b |
NEWUSER=newtestuser
|
|
Packit Service |
b38f0b |
NEWAUTHPASS=newauthpass
|
|
Packit Service |
b38f0b |
NEWPRIVPASS=newprivpass
|
|
Packit Service |
b38f0b |
NEWUSER2=newtestuser_vanilla
|
|
Packit Service |
b38f0b |
CONFIGTRAPD authuser log $NEWUSER auth
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# start snmptrapd
|
|
Packit Service |
b38f0b |
STARTTRAPD
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# delay to let it connect and register all MIBs
|
|
Packit Service |
b38f0b |
DELAY
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## verify snmptrapd usmUserTable management
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
SNMPUSM_TRAPD_CONTEXT_ARGS="-n snmptrapd -CE $TRAPD_ENGINEID"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## 1) create, clone, passwd auth, passwd priv, test
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# create vanilla user
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT create $NEWUSER2"
|
|
Packit Service |
b38f0b |
CHECKORDIE "User successfully created"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# clone template user
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT create $NEWUSER $TESTPRIVUSER"
|
|
Packit Service |
b38f0b |
CHECKORDIE "User successfully created"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# change auth passphrase of new user
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Ca $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $TESTAUTHPASS $NEWAUTHPASS $NEWUSER"
|
|
Packit Service |
b38f0b |
CHECKORDIE "SNMPv3 Key(s) successfully changed"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# change priv passphrase of new user
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTPRIVARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Cx $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $TESTPRIVPASS $NEWPRIVPASS $NEWUSER"
|
|
Packit Service |
b38f0b |
CHECKORDIE "SNMPv3 Key(s) successfully changed"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test (anp)
|
|
Packit Service |
b38f0b |
CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l anp -a $DEFAUTHTYPE -A $NEWAUTHPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_anp"
|
|
Packit Service |
b38f0b |
DELAY
|
|
Packit Service |
b38f0b |
CHECKTRAPDORDIE "received_inform_anp"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test (ap)
|
|
Packit Service |
b38f0b |
CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -A $NEWAUTHPASS -x $DEFPRIVTYPE -X $NEWPRIVPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_ap"
|
|
Packit Service |
b38f0b |
DELAY
|
|
Packit Service |
b38f0b |
CHECKTRAPDORDIE "received_inform_ap"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## 2) change localized auth key, test, change localized priv key, test
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# change localized auth key
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Ca -Ck $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $NEWAUTHPASS $NEWAUTHKEY $NEWUSER"
|
|
Packit Service |
b38f0b |
CHECKORDIE "SNMPv3 Key(s) successfully changed"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test (anp)
|
|
Packit Service |
b38f0b |
CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l anp -a $DEFAUTHTYPE -3k $NEWAUTHKEY $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_anp2"
|
|
Packit Service |
b38f0b |
DELAY
|
|
Packit Service |
b38f0b |
CHECKTRAPDORDIE "received_inform_anp2"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# change localized priv key
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTPRIVARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Cx -Ck $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $NEWPRIVPASS $NEWPRIVKEY $NEWUSER"
|
|
Packit Service |
b38f0b |
CHECKORDIE "SNMPv3 Key(s) successfully changed"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test (ap)
|
|
Packit Service |
b38f0b |
CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -3k $NEWAUTHKEY -x $DEFPRIVTYPE -3K $NEWPRIVKEY $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_ap2"
|
|
Packit Service |
b38f0b |
DELAY
|
|
Packit Service |
b38f0b |
CHECKTRAPDORDIE "received_inform_ap2"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## 3) persistency I: reconfigure (SIGHUP), re-test
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# reconfigure snmptrapd
|
|
Packit Service |
b38f0b |
HUPTRAPD
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test (ap)
|
|
Packit Service |
b38f0b |
CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -3k $NEWAUTHKEY -x $DEFPRIVTYPE -3K $NEWPRIVKEY $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_ap3"
|
|
Packit Service |
b38f0b |
DELAY
|
|
Packit Service |
b38f0b |
CHECKTRAPDORDIE "received_inform_ap3"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## stop daemons and finish
|
|
Packit Service |
b38f0b |
STOPTRAPD
|
|
Packit Service |
b38f0b |
STOPAGENT
|
|
Packit Service |
b38f0b |
FINISHED
|