DNOS-MGMT-SECURITY-MIB DEFINITIONS ::= BEGIN -- Broadcom FastPath Mgmt Security MIB -- Copyright 2016-2019 Broadcom. -- This SNMP Management Information Specification -- embodies Broadcom's confidential and proprietary -- intellectual property. Broadcom retains all title -- and ownership in the Specification including any revisions. -- This Specification is supplied "AS IS", Broadcom -- makes no warranty, either expressed or implied, -- as to the use, operation, condition, or performance of the -- Specification. IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, IpAddress, Integer32 FROM SNMPv2-SMI dnOS FROM DELL-REF-MIB DisplayString FROM RFC1213-MIB TruthValue FROM SNMPv2-TC; fastPathMgmtSecurity MODULE-IDENTITY LAST-UPDATED "201912050000Z" -- 05 Dec 2019 12:00:00 GMT ORGANIZATION "Dell EMC" CONTACT-INFO "" DESCRIPTION "The Dell Networking Private MIB for Security" -- Revision history. REVISION "201912120000Z" -- 12 December 2019 12:00:00 GMT DESCRIPTION "Added MIB objects for Outbound SSH." REVISION "201812050000Z" -- 05 Dec 2018 12:00:00 GMT DESCRIPTION "Added object agentSSHEcdsaKeyControl, agentSSHEcdsaKeyLen to agentSSHConfigGroup." REVISION "201803010000Z" -- 01 March 2018 12:00:00 GMT DESCRIPTION "Modified the description of the object agentSSHProtocolLevel." REVISION "200705230000Z" -- 23 May 2007 12:00:00 GMT DESCRIPTION "Dell branding related changes." REVISION "200311210000Z" -- 21 Nov 2003 12:00:00 GMT DESCRIPTION "Initial revision." ::= { dnOS 11 } --************************************************************************************** -- agentSSLConfigGroup -- --************************************************************************************** agentSSLConfigGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 1 } agentSSLAdminMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configures whether the SSL service is enabled on this switch. The default value is disable(2)." ::= { agentSSLConfigGroup 1 } agentSSLSecurePort OBJECT-TYPE SYNTAX Integer32 (443|1025..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures a layer 4 port number in the range 1025-65535 for secure HTTP connections. The default port is 443." ::= { agentSSLConfigGroup 2 } agentSSLProtocolLevel OBJECT-TYPE SYNTAX INTEGER { ssl30(1), -- SSL 3.0 tls10(2), -- TSL 1.0 both(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Displays which protocol versions of SSL are enabled on this switch. The default value is both(3)." ::= { agentSSLConfigGroup 3 } agentSSLMaxSessions OBJECT-TYPE SYNTAX Integer32 (0..16) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures the maximum number of allowable SSL sessions. The default value is 16." ::= { agentSSLConfigGroup 4 } agentSSLHardTimeout OBJECT-TYPE SYNTAX Integer32 (1..86400) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures the hard timeout for SSL sessions in seconds. The default value is 30 minutes (1800 seconds). Configure the value equal to the value of agentHTTPHardTimeout." ::= { agentSSLConfigGroup 5 } agentSSLSoftTimeout OBJECT-TYPE SYNTAX Integer32 (1..3600) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures the soft (activity) timeout for SSL sessions in seconds. The default value is 3 minutes (180 seconds). Configure the value equal to the value of agentHTTPSortTimeout." ::= { agentSSLConfigGroup 6 } agentSSLCertificatePresent OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Boolean value indicating whether SSL certificate files exist on the device." ::= { agentSSLConfigGroup 7 } agentSSLCertificateControl OBJECT-TYPE SYNTAX INTEGER { noop(1), generate(2), delete(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls certificate generation and deletion. Always returns noop(1)." ::= { agentSSLConfigGroup 8 } agentSSLCertificateGenerationStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether certificate files are currently being generated." ::= { agentSSLConfigGroup 9 } --************************************************************************************** -- agentSSHConfigGroup -- --************************************************************************************** agentSSHConfigGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 2 } agentSSHAdminMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configures whether the SSH service is enabled on this switch. The default value is disable(2)." ::= { agentSSHConfigGroup 1 } agentSSHProtocolLevel OBJECT-TYPE SYNTAX INTEGER { ssh10(1), -- deprecated, SSH 1.0 no longer supported ssh20(2), -- SSH 2.0 both(3) -- deprecated, SSH 1.0 no longer supported } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the protocol version of SSH enabled on this switch. Starting with the use of OpenSSH version 7.5P1, SSH Protocol Version 1.0 is no longer supported." DEFVAL { ssh20} ::= { agentSSHConfigGroup 2 } agentSSHSessionsCount OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Current number of active SSH sessions on this switch." ::= { agentSSHConfigGroup 3 } agentSSHMaxSessionsCount OBJECT-TYPE SYNTAX Integer32 (0..5) MAX-ACCESS read-write STATUS current DESCRIPTION "Max number of SSH sessions permitted on this switch." ::= { agentSSHConfigGroup 4 } agentSSHSessionTimeout OBJECT-TYPE SYNTAX Integer32 (1..3932159) MAX-ACCESS read-write STATUS current DESCRIPTION "SSH idle timeout value for this switch in seconds. The upper limit represents 65535 minutes and 59 seconds." ::= { agentSSHConfigGroup 5 } agentSSHKeysPresent OBJECT-TYPE SYNTAX INTEGER { dsa(1), rsa(2), both(3), --deprecated none(4), ecdsa(5), all(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates what key files are present on the device, if any." ::= { agentSSHConfigGroup 6 } agentSSHKeyGenerationStatus OBJECT-TYPE SYNTAX INTEGER { dsa(1), rsa(2), both(3), --deprecated none(4), ecdsa(5), all(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates what key files are currently being generated, if any." ::= { agentSSHConfigGroup 7 } agentSSHRSAKeyControl OBJECT-TYPE SYNTAX INTEGER { noop(1), generate(2), delete(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls RSA key generation and deletion. Always returns noop(1)." ::= { agentSSHConfigGroup 8 } agentSSHDSAKeyControl OBJECT-TYPE SYNTAX INTEGER { noop(1), generate(2), delete(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls DSA key generation and deletion. Always returns noop(1)." ::= { agentSSHConfigGroup 9 } agentSSHExecBannerState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Shows/Changes EXEC banner state on SSH session." DEFVAL { enable } ::= { agentSSHConfigGroup 10 } agentSSHLoginBannerState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Shows/Changes login banner state on SSH session." DEFVAL { enable } ::= { agentSSHConfigGroup 11 } agentSSHMotdBannerState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Shows/Changes MOTD banner state on SSH session." DEFVAL { enable } ::= { agentSSHConfigGroup 12 } agentSSHEcdsaKeyControl OBJECT-TYPE SYNTAX INTEGER { noop(1), generate(2), delete(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls ECDSA key generation and deletion. A read of this object always returns noop(1)." ::= { agentSSHConfigGroup 13 } agentSSHEcdsaKeyLen OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Get/Set ECDSA key length. Supported Key lengths are 256, 384 and 521 bits." ::= { agentSSHConfigGroup 14 } --************************************************************************************** -- agentOutboundSSHGroup -> contains MIB objects displaying various properties -- of a Outbound SSH -- --************************************************************************************** agentOutboundSSHGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 3} agentOutboundSSHMaxSessions OBJECT-TYPE SYNTAX INTEGER (0..5) MAX-ACCESS read-write STATUS current DESCRIPTION " The maximum no. of Outbound SSH sessions allowed." DEFVAL { 5 } ::= { agentOutboundSSHGroup 1 } agentOutboundSSHActiveSessions OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Get the number of active outgoing SSH sessions." ::= { agentOutboundSSHGroup 2 } agentOutboundSSHTimeout OBJECT-TYPE SYNTAX INTEGER (0..160) MAX-ACCESS read-write STATUS current DESCRIPTION " The login inactivity timeout value for Outbound SSH." DEFVAL { 5 } ::= { agentOutboundSSHGroup 3 } END