_nmcfg Script
nmcfg
nmcfg
is the configuration script that helps the configuration of the SNMP agent. It is particularly useful for the creation and management of SNMPv3 users of the User-based Security Model (USM) and the assignment of VACM (View-based Access Control Model) access rights to communities and users. The script interacts with the /var/netsnmp/snmpd.conf
persistent data file, which maintains the USM user database and other SNMP agent persistent information. The script also performs snmpget
commands to display the list of USM users, which is not available in a human readable form in any configuration file.
The script also reads and modifies the snmpd.conf
configuration file to manage system parameters (contact, location), community-based (v1/v2c) security, and user access control. Used without parameters, it displays a summary of the SNMP agent configuration: system parameters, access control, and SNMPv3 USM users.
Following is an example of the nmcfg
configuration script output:
# nmcfg
system parameter value
-------------------------- --------------------------------------------------
engineid 0x80001f88030050c2c611ad
contact "john doe <jdoe@example.net>"
location "QA lab"
model perm/group level user/community source
------------- ----------------- -------------- -------------------- ---------
usm guest auth guest -
usm administrator priv johndoe -
v2c administrator noauth admin localhost
v2c administrator noauth admin localnet
v2c guest noauth public localnet
v2c rw noauth tech any
auth protocol priv protocol user
---------------------- ---------------------- -------------------------------
MD5 DES admin
MD5 nopriv guest
SHA AES johndoe
# nmcfg help
usage: nmcfg
nmcfg help
nmcfg access help
nmcfg access usm permit <uname> {<group>|ro|rw} [{noauh|auth|priv}]
nmcfg access usm delete <uname>
nmcfg community help
nmcfg community permit <community> {<group>|ro|rw} [<host>]
nmcfg community delete <community> [{<group>|ro|rw} [<host>]]
nmcfg system help
nmcfg system define <param> "<value>"
nmcfg system delete <param>
nmcfg user help
nmcfg user define <uname> [{MD5|SHA} "<apwd>" [{DES|AES} ["<ppwd>"]]]
nmcfg user delete <uname>