[Nagiosplug-devel] SNMP authentication for plugins

Bertelson, Tom (CAP, CARD) Tom.Bertelson at gecapital.com
Mon Sep 16 07:50:08 CEST 2002


How about putting the info in the resources.cfg file, and parse it from
there?  That's the place for passwords, and the plugin should be running
with the correct permissions to read this file.  The format is simple
enough, you probably don't need to create a special module (but it wouldn't
hurt; put it into Utils.pm).
-- 
Tom Bertelson                "Any sufficiently advanced technology
GE Card Services              is indistinguishable from magic."
                                 -- Arthur C. Clarke

-----Original Message-----
From: atonns at mail.ivillage.com [mailto:atonns at mail.ivillage.com]
Sent: Monday, September 16, 2002 10:42 AM
To: nagiosplug-devel at lists.sourceforge.net
Subject: [Nagiosplug-devel] SNMP authentication for plugins


I'm in the process of writing a few plugins in perl that use Net::SNMP to
monitor certain elements of the net-snmpd host resources mib and possibly
some custom scripted mibs. One thing I've noticed is that all the
snmp-related scripts use SNMP v1 or v2c for getting data from the clients -
which is why I am re-writing them. I want to use SNMP v3, especially using
the 'snmpkey' script that comes with the Net::SNMP perl module. (FYI: I
can't get SNMP::Session to compile on Solaris 9)
With SNMP v3, it's not very wise to put authpassword and privpassword data
on the command line of a check script. Right now I have my authentication
info embedded in the script. However, if I plan to share my scripts with the
community, there has to be a simpler method for authentication - no
'end-user' (including myself) wants to edit every check script for
authentication.
I propose one of two solutions: 
Easy - create an snmpauth.pm module to put in the libexec dir. It contains
only simple constructor that creates a Net::SNMP->session object with the
authentication info embedded in it. I will only be used by modules that need
it.
Hard - modify utils.pm to include a similar constructor, but reads
authentication info from some config file. Obviously if Net::SNMP isn't
present this sub shouldn't cause the utils module to barf.
However, the whole reason I'm posting this to the list is to solicit
opinions or hear other people's solutions (including ones I might have
missed already included in docs / plugins).
P.S. I'm using the netsaint 1.2.9-4 plugins because I couldn't get the
autoconf/autoheader/automake/configure/make thing working on Solaris 9 with
Sun's SFW crap. However, I have been reading the documentation and source
for the 1.3-beta1 plugins for tips and coding conventions.
-- 
"Computer science is as much about computers as 
        astronomy is about telescopes" -- Edsger Dijkstra 
--------------------------------------------------------- 
Anthony Tonns, UNIX Administrator - atonns at mail.ivillage.com 




More information about the Devel mailing list