DNOS-MGMT-SECURITY-MIB DEFINITIONS ::= BEGIN -- Broadcom FastPath Mgmt Security MIB -- Copyright 2016-2022 Broadcom. -- This SNMP Management Information Specification -- embodies Broadcom's confidential and proprietary -- intellectual property. Broadcom retains all title -- and ownership in the Specification including any revisions. -- This Specification is supplied "AS IS", Broadcom -- makes no warranty, either expressed or implied, -- as to the use, operation, condition, or performance of the -- Specification. IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, IpAddress, Integer32 FROM SNMPv2-SMI dnOS FROM DELL-REF-MIB DisplayString FROM RFC1213-MIB TruthValue FROM SNMPv2-TC; fastPathMgmtSecurity MODULE-IDENTITY LAST-UPDATED "202111220000Z" -- 22 Nov 2021 12:00:00 GMT ORGANIZATION "Dell" CONTACT-INFO "" DESCRIPTION "The Dell Networking Private MIB for Security" -- Revision history. REVISION "202202220000Z" -- 22 Feb 2022 12:00:00 GMT DESCRIPTION "Added agentSSLCryptoDhParam to agentSSLConfigGroup. Added tls12 option in agentSSLProtocolLevel object." REVISION "202111220000Z" -- 22 Nov 2021 12:00:00 GMT DESCRIPTION "Added rsa-dsa(7),rsa-ecdsa(8) and dsa-ecdsa(9) to agentSSHKeysPresent and agentSSHKeyGenerationStatus." REVISION "202109210000Z" -- 21 Sep 2021 12:00:00 GMT DESCRIPTION "Added agentSSLIpHttpSecureCiphersuite to agentSSLConfigGroup. Added agentSSHDsaKeyLen and agentSSHRsaKeyLen to agentSSHConfigGroup. Added agentSSHAuthenticationRetries to agentSSHConfigGroup. Added agentSSHEncryptionAlgorithmsConfigGroup, agentSSHMacAlgorithmsConfigGroup and agentSSHKexAlgorithmsConfigGroup to agentSSHConfigGroup." REVISION "201907250000Z" -- 25 July 2019 12:00:00 GMT DESCRIPTION "Added MIB objects for Outbound SSH." REVISION "201812050000Z" -- 05 Dec 2018 12:00:00 GMT DESCRIPTION "Added object agentSSHEcdsaKeyControl, agentSSHEcdsaKeyLen to agentSSHConfigGroup." REVISION "201803010000Z" -- 01 March 2018 12:00:00 GMT DESCRIPTION "Modified the description of the object agentSSHProtocolLevel." REVISION "200705230000Z" -- 23 May 2007 12:00:00 GMT DESCRIPTION "Dell branding related changes." REVISION "200311210000Z" -- 21 Nov 2003 12:00:00 GMT DESCRIPTION "Initial revision." ::= { dnOS 11 } --************************************************************************************** -- agentSSLConfigGroup -- --************************************************************************************** agentSSLConfigGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 1 } agentSSLAdminMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configures whether the SSL service is enabled on this switch. The default value is disable(2)." ::= { agentSSLConfigGroup 1 } agentSSLSecurePort OBJECT-TYPE SYNTAX Integer32 (443|1025..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures a layer 4 port number in the range 1025-65535 for secure HTTP connections. The default port is 443." ::= { agentSSLConfigGroup 2 } agentSSLProtocolLevel OBJECT-TYPE SYNTAX INTEGER { ssl30(1), -- SSL 3.0 tls10(2), -- TSL 1.0 both(3), tls12(4) -- TLS 1.2 } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates which protocol versions of SSL are enabled on this switch. The default value is tls12(4)." ::= { agentSSLConfigGroup 3 } agentSSLMaxSessions OBJECT-TYPE SYNTAX Integer32 (0..16) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures the maximum number of allowable SSL sessions. The default value is 16." ::= { agentSSLConfigGroup 4 } agentSSLHardTimeout OBJECT-TYPE SYNTAX Integer32 (1..86400) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures the hard timeout for SSL sessions in seconds. The default value is 30 minutes (1800 seconds). Configure the value equal to the value of agentHTTPHardTimeout." ::= { agentSSLConfigGroup 5 } agentSSLSoftTimeout OBJECT-TYPE SYNTAX Integer32 (1..3600) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures the soft (activity) timeout for SSL sessions in seconds. The default value is 3 minutes (180 seconds). Configure the value equal to the value of agentHTTPSortTimeout." ::= { agentSSLConfigGroup 6 } agentSSLCertificatePresent OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Boolean value indicating whether SSL certificate files exist on the device." ::= { agentSSLConfigGroup 7 } agentSSLCertificateControl OBJECT-TYPE SYNTAX INTEGER { noop(1), generate(2), delete(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls certificate generation and deletion. Always returns noop(1)." ::= { agentSSLConfigGroup 8 } agentSSLCertificateGenerationStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether certificate files are currently being generated." ::= { agentSSLConfigGroup 9 } agentSSLIpHttpSecureCiphersuite OBJECT-TYPE SYNTAX BITS { undefined(0), aes128-cbc-sha(1), aes256-cbc-sha(2), dhe-aes128-cbc-sha(3), dhe-aes-cbc-sha2(4), dhe-aes-gcm-sha2(5), ecdhe-rsa-aes-cbc-sha2(6), ecdhe-rsa-aes-gcm-sha2(7), rsa-aes-cbc-sha2(8), rsa-aes-gcm-sha2(9) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies ciphersuites to be used for SSL tunnel. This object is being used for assigning specified Secure Ciphersuite list. Bit mask value is being used for configuring Secure Ciphersuites." ::= { agentSSLConfigGroup 10 } agentSSLCryptoDhParam OBJECT-TYPE SYNTAX INTEGER { dh1024(1), dh2048(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configures the Diffie-Hellman to be used for SSL tunnel." ::= { agentSSLConfigGroup 11 } --************************************************************************************** -- agentSSHConfigGroup -- --************************************************************************************** agentSSHConfigGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 2 } agentSSHAdminMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configures whether the SSH service is enabled on this switch. The default value is disable(2)." ::= { agentSSHConfigGroup 1 } agentSSHProtocolLevel OBJECT-TYPE SYNTAX INTEGER { ssh10(1), -- deprecated, SSH 1.0 no longer supported ssh20(2), -- SSH 2.0 both(3) -- deprecated, SSH 1.0 no longer supported } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the protocol version of SSH enabled on this switch. Starting with the use of OpenSSH version 7.5P1, SSH Protocol Version 1.0 is no longer supported." DEFVAL { ssh20} ::= { agentSSHConfigGroup 2 } agentSSHSessionsCount OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Current number of active SSH sessions on this switch." ::= { agentSSHConfigGroup 3 } agentSSHMaxSessionsCount OBJECT-TYPE SYNTAX Integer32 (0..5) MAX-ACCESS read-write STATUS current DESCRIPTION "Max number of SSH sessions permitted on this switch." ::= { agentSSHConfigGroup 4 } agentSSHSessionTimeout OBJECT-TYPE SYNTAX Integer32 (1..3932159) MAX-ACCESS read-write STATUS current DESCRIPTION "SSH idle timeout value for this switch in seconds. The upper limit represents 65535 minutes and 59 seconds." ::= { agentSSHConfigGroup 5 } agentSSHKeysPresent OBJECT-TYPE SYNTAX INTEGER { dsa(1), rsa(2), both(3), --deprecated none(4), ecdsa(5), all(6), rsa-dsa(7), rsa-ecdsa(8), dsa-ecdsa(9) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates what key files are present on the device, if any." ::= { agentSSHConfigGroup 6 } agentSSHKeyGenerationStatus OBJECT-TYPE SYNTAX INTEGER { dsa(1), rsa(2), both(3), --deprecated none(4), ecdsa(5), all(6), rsa-dsa(7), rsa-ecdsa(8), dsa-ecdsa(9) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates what key files are currently being generated, if any." ::= { agentSSHConfigGroup 7 } agentSSHRSAKeyControl OBJECT-TYPE SYNTAX INTEGER { noop(1), generate(2), delete(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls RSA key generation and deletion. A read of this object always returns noop(1)." ::= { agentSSHConfigGroup 8 } agentSSHDSAKeyControl OBJECT-TYPE SYNTAX INTEGER { noop(1), generate(2), delete(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls DSA key generation and deletion. A read of this object always returns noop(1)." ::= { agentSSHConfigGroup 9 } agentSSHExecBannerState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Shows/Changes EXEC banner state on SSH session." DEFVAL { enable } ::= { agentSSHConfigGroup 10 } agentSSHLoginBannerState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Shows/Changes login banner state on SSH session." DEFVAL { enable } ::= { agentSSHConfigGroup 11 } agentSSHMotdBannerState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Shows/Changes MOTD banner state on SSH session." DEFVAL { enable } ::= { agentSSHConfigGroup 12 } agentSSHEcdsaKeyControl OBJECT-TYPE SYNTAX INTEGER { noop(1), generate(2), delete(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls ECDSA key generation and deletion. A read of this object always returns noop(1)." ::= { agentSSHConfigGroup 13 } agentSSHEcdsaKeyLen OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Get/Set ECDSA key length. Supported Key lengths are 256, 384 and 521 bits." ::= { agentSSHConfigGroup 14 } agentSSHDsaKeyLen OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Get/Set DSA key length. Supported Key length is 1024 bits." DEFVAL { 1024 } ::= { agentSSHConfigGroup 15 } agentSSHRsaKeyLen OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Get/Set RSA key length. Supported Key lengths are 1024, 2048 and 3072 bits." DEFVAL { 1024 } ::= { agentSSHConfigGroup 16 } agentSSHAuthenticationRetries OBJECT-TYPE SYNTAX Unsigned32 (0..5) MAX-ACCESS read-write STATUS current DESCRIPTION "To configure the maximum authentication retries allowed per SSH connection." DEFVAL { 3 } ::= { agentSSHConfigGroup 17 } --************************************************************************************** -- agentSSHEncryptionAlgorithmsConfigGroup -- --************************************************************************************** agentSSHEncryptionAlgorithmsConfigGroup OBJECT IDENTIFIER ::= { agentSSHConfigGroup 18 } agentSSHServerEncryptionAlgorithmsTable OBJECT-TYPE SYNTAX SEQUENCE OF AgentSSHServerEncryptionAlgorithmsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies SSH encryption algorithms to be used." ::= { agentSSHEncryptionAlgorithmsConfigGroup 1 } agentSSHServerEncryptionAlgorithmsEntry OBJECT-TYPE SYNTAX AgentSSHServerEncryptionAlgorithmsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Config entry for SSH encryption algorithms." INDEX { agentSSHServerEncryptionIndex } ::= { agentSSHServerEncryptionAlgorithmsTable 1 } AgentSSHServerEncryptionAlgorithmsEntry ::= SEQUENCE { agentSSHServerEncryptionIndex Unsigned32, agentSSHServerEncryptionAlgorithms INTEGER } agentSSHServerEncryptionIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the SSH encryption configuration order." ::= { agentSSHServerEncryptionAlgorithmsEntry 1 } agentSSHServerEncryptionAlgorithms OBJECT-TYPE SYNTAX INTEGER { undefined(0), aes128-ctr(1), aes192-ctr(2), aes256-ctr(3), chacha20-poly1305(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies encryption algorithm to be used for SSH. Abbreviation used. - chacha20-poly1305(4) is used for chacha20-poly1305@openssh.com. " DEFVAL { undefined } ::= { agentSSHServerEncryptionAlgorithmsEntry 2 } agentSSHServerEncryptionRefresh OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "When set to enable(1), configuration of agentSSHServerEncryptionAlgorithmsEntry will be configured and refresh ssh process. The value is write-only. Attempt to read will return disable(2)." ::= { agentSSHEncryptionAlgorithmsConfigGroup 2 } --************************************************************************************** -- agentSSHMacAlgorithmsConfigGroup -- --************************************************************************************** agentSSHMacAlgorithmsConfigGroup OBJECT IDENTIFIER ::= { agentSSHConfigGroup 19 } agentSSHServerMacAlgorithmsTable OBJECT-TYPE SYNTAX SEQUENCE OF AgentSSHServerMacAlgorithmsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies SSH mac algorithms to be used." ::= { agentSSHMacAlgorithmsConfigGroup 1 } agentSSHServerMacAlgorithmsEntry OBJECT-TYPE SYNTAX AgentSSHServerMacAlgorithmsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Config entry for SSH mac algorithms." INDEX { agentSSHServerMacIndex } ::= { agentSSHServerMacAlgorithmsTable 1 } AgentSSHServerMacAlgorithmsEntry ::= SEQUENCE { agentSSHServerMacIndex Unsigned32, agentSSHServerMacAlgorithms INTEGER } agentSSHServerMacIndex OBJECT-TYPE SYNTAX Unsigned32 (1..10) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the SSH mac algorithms configuration order." ::= { agentSSHServerMacAlgorithmsEntry 1 } agentSSHServerMacAlgorithms OBJECT-TYPE SYNTAX INTEGER { undefined(0), hmac-sha1(1), hmac-sha1-etm(2), hmac-md5-etm(3), hmac-sha2-256(4), hmac-sha2-512(5), hmac-sha1-96-etm(6), hmac-md5-96-etm(7), hmac-md5(8), hmac-sha2-256-etm(9), hmac-sha2-512-etm(10) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies MAC algorithm to be used for SSH. Abbreviation used. - hmac-sha1-etm(2) is used for hmac-sha1-etm@openssh.com - hmac-md5-etm(3) is used for hmac-md5-etm@openssh.com - hmac-sha1-96-etm(6) is used for hmac-sha1-96-etm@openssh.com - hmac-md5-96-etm(7) is used for hmac-md5-96-etm@openssh.com - hmac-sha2-256-etm(9) is used for hmac-sha2-256-etm@openssh.com - hmac-sha2-512-etm(10) is used for hmac-sha2-512-etm@openssh.com " DEFVAL { undefined } ::= { agentSSHServerMacAlgorithmsEntry 2 } agentSSHServerMacRefresh OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "When set to enable(1), configuration of agentSSHServerMacAlgorithmsEntry will be configured and refresh ssh process. The value is write-only. Attempt to read will return disable(2)." ::= { agentSSHMacAlgorithmsConfigGroup 2 } --************************************************************************************** -- agentSSHKexAlgorithmsConfigGroup -- --************************************************************************************** agentSSHKexAlgorithmsConfigGroup OBJECT IDENTIFIER ::= { agentSSHConfigGroup 20 } agentSSHServerKexAlgorithmsTable OBJECT-TYPE SYNTAX SEQUENCE OF AgentSSHServerKexAlgorithmsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies SSH kex algorithms to be used." ::= { agentSSHKexAlgorithmsConfigGroup 1 } agentSSHServerKexAlgorithmsEntry OBJECT-TYPE SYNTAX AgentSSHServerKexAlgorithmsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Config entry for SSH kex algorithms." INDEX { agentSSHServerKexIndex } ::= { agentSSHServerKexAlgorithmsTable 1 } AgentSSHServerKexAlgorithmsEntry ::= SEQUENCE { agentSSHServerKexIndex Unsigned32, agentSSHServerKexAlgorithms INTEGER } agentSSHServerKexIndex OBJECT-TYPE SYNTAX Unsigned32 (1..10) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the SSH kex algorithms configuration order." ::= { agentSSHServerKexAlgorithmsEntry 1 } agentSSHServerKexAlgorithms OBJECT-TYPE SYNTAX INTEGER { undefined(0), curve25519-sha256(1), curve25519-sha256-libssh(2), ecdh-sha2-nistp256(3), ecdh-sha2-nistp384(4), ecdh-sha2-nistp521(5), diffie-hellman-group-exchange-sha256(6), diffie-hellman-group16-sha512(7), diffie-hellman-group18-sha512(8), diffie-hellman-group14-sha256(9), diffie-hellman-group14-sha1(10) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies KEX algorithm to be used for SSH. Abbreviation used. - curve25519-sha256-libssh(2) is used for curve25519-sha256@libssh.org " DEFVAL { undefined } ::= { agentSSHServerKexAlgorithmsEntry 2 } agentSSHServerKexRefresh OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "When set to enable(1), configuration of agentSSHServerKexAlgorithmsEntry will be configured and refresh ssh process. The value is write-only. Attempt to read will return disable(2)." ::= { agentSSHKexAlgorithmsConfigGroup 2 } --************************************************************************************** -- agentOutboundSSHGroup -> contains MIB objects displaying various properties -- of a Outbound SSH -- --************************************************************************************** agentOutboundSSHGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 3} agentOutboundSSHAdminMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION " Admin-mode of the Outbound SSH." DEFVAL { disable } ::= { agentOutboundSSHGroup 1 } agentOutboundSSHMaxSessions OBJECT-TYPE SYNTAX INTEGER (0..5) MAX-ACCESS read-write STATUS current DESCRIPTION " The maximum no. of Outbound SSH sessions allowed." DEFVAL { 5 } ::= { agentOutboundSSHGroup 2 } agentOutboundSSHActiveSessions OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Get the number of active outgoing SSH sessions." ::= { agentOutboundSSHGroup 3 } agentOutboundSSHTimeout OBJECT-TYPE SYNTAX INTEGER (0..160) MAX-ACCESS read-write STATUS current DESCRIPTION " The login inactivity timeout value for Outbound SSH." DEFVAL { 5 } ::= { agentOutboundSSHGroup 4 } END