WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/dell/DNOS-MGMT-SECURITY-MIB

692 lines
25 KiB
Plaintext
Raw Blame History

DNOS-MGMT-SECURITY-MIB DEFINITIONS ::= BEGIN
-- Broadcom FastPath Mgmt Security MIB
-- Copyright 2016-2022 Broadcom.
-- This SNMP Management Information Specification
-- embodies Broadcom's confidential and proprietary
-- intellectual property. Broadcom retains all title
-- and ownership in the Specification including any revisions.
-- This Specification is supplied "AS IS", Broadcom
-- makes no warranty, either expressed or implied,
-- as to the use, operation, condition, or performance of the
-- Specification.
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
IpAddress, Integer32 FROM SNMPv2-SMI
dnOS FROM DELL-REF-MIB
DisplayString FROM RFC1213-MIB
TruthValue FROM SNMPv2-TC;
fastPathMgmtSecurity MODULE-IDENTITY
LAST-UPDATED "202111220000Z" -- 22 Nov 2021 12:00:00 GMT
ORGANIZATION "Dell"
CONTACT-INFO ""
DESCRIPTION
"The Dell Networking Private MIB for Security"
-- Revision history.
REVISION
"202202220000Z" -- 22 Feb 2022 12:00:00 GMT
DESCRIPTION
"Added agentSSLCryptoDhParam to agentSSLConfigGroup.
Added tls12 option in agentSSLProtocolLevel object."
REVISION
"202111220000Z" -- 22 Nov 2021 12:00:00 GMT
DESCRIPTION
"Added rsa-dsa(7),rsa-ecdsa(8) and dsa-ecdsa(9) to agentSSHKeysPresent and agentSSHKeyGenerationStatus."
REVISION
"202109210000Z" -- 21 Sep 2021 12:00:00 GMT
DESCRIPTION
"Added agentSSLIpHttpSecureCiphersuite to agentSSLConfigGroup.
Added agentSSHDsaKeyLen and agentSSHRsaKeyLen to agentSSHConfigGroup.
Added agentSSHAuthenticationRetries to agentSSHConfigGroup.
Added agentSSHEncryptionAlgorithmsConfigGroup, agentSSHMacAlgorithmsConfigGroup and
agentSSHKexAlgorithmsConfigGroup to agentSSHConfigGroup."
REVISION
"201907250000Z" -- 25 July 2019 12:00:00 GMT
DESCRIPTION
"Added MIB objects for Outbound SSH."
REVISION
"201812050000Z" -- 05 Dec 2018 12:00:00 GMT
DESCRIPTION
"Added object agentSSHEcdsaKeyControl, agentSSHEcdsaKeyLen to agentSSHConfigGroup."
REVISION
"201803010000Z" -- 01 March 2018 12:00:00 GMT
DESCRIPTION
"Modified the description of the object agentSSHProtocolLevel."
REVISION
"200705230000Z" -- 23 May 2007 12:00:00 GMT
DESCRIPTION
"Dell branding related changes."
REVISION
"200311210000Z" -- 21 Nov 2003 12:00:00 GMT
DESCRIPTION
"Initial revision."
::= { dnOS 11 }
--**************************************************************************************
-- agentSSLConfigGroup
--
--**************************************************************************************
agentSSLConfigGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 1 }
agentSSLAdminMode OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures whether the SSL service is enabled on this switch. The
default value is disable(2)."
::= { agentSSLConfigGroup 1 }
agentSSLSecurePort OBJECT-TYPE
SYNTAX Integer32 (443|1025..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures a layer 4 port number in the range 1025-65535 for secure HTTP
connections. The default port is 443."
::= { agentSSLConfigGroup 2 }
agentSSLProtocolLevel OBJECT-TYPE
SYNTAX INTEGER {
ssl30(1), -- SSL 3.0
tls10(2), -- TSL 1.0
both(3),
tls12(4) -- TLS 1.2
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates which protocol versions of SSL are enabled on this
switch. The default value is tls12(4)."
::= { agentSSLConfigGroup 3 }
agentSSLMaxSessions OBJECT-TYPE
SYNTAX Integer32 (0..16)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures the maximum number of allowable SSL sessions. The default
value is 16."
::= { agentSSLConfigGroup 4 }
agentSSLHardTimeout OBJECT-TYPE
SYNTAX Integer32 (1..86400)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures the hard timeout for SSL sessions in seconds. The default
value is 30 minutes (1800 seconds). Configure the value equal to the value of agentHTTPHardTimeout."
::= { agentSSLConfigGroup 5 }
agentSSLSoftTimeout OBJECT-TYPE
SYNTAX Integer32 (1..3600)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures the soft (activity) timeout for SSL sessions in seconds.
The default value is 3 minutes (180 seconds). Configure the value equal to the value of agentHTTPSortTimeout."
::= { agentSSLConfigGroup 6 }
agentSSLCertificatePresent OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Boolean value indicating whether SSL certificate files exist on the device."
::= { agentSSLConfigGroup 7 }
agentSSLCertificateControl OBJECT-TYPE
SYNTAX INTEGER {
noop(1),
generate(2),
delete(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Controls certificate generation and deletion. Always returns noop(1)."
::= { agentSSLConfigGroup 8 }
agentSSLCertificateGenerationStatus OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates whether certificate files are currently being generated."
::= { agentSSLConfigGroup 9 }
agentSSLIpHttpSecureCiphersuite OBJECT-TYPE
SYNTAX BITS {
undefined(0),
aes128-cbc-sha(1),
aes256-cbc-sha(2),
dhe-aes128-cbc-sha(3),
dhe-aes-cbc-sha2(4),
dhe-aes-gcm-sha2(5),
ecdhe-rsa-aes-cbc-sha2(6),
ecdhe-rsa-aes-gcm-sha2(7),
rsa-aes-cbc-sha2(8),
rsa-aes-gcm-sha2(9)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies ciphersuites to be used for SSL tunnel.
This object is being used for assigning specified Secure Ciphersuite list.
Bit mask value is being used for configuring Secure Ciphersuites."
::= { agentSSLConfigGroup 10 }
agentSSLCryptoDhParam OBJECT-TYPE
SYNTAX INTEGER {
dh1024(1),
dh2048(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures the Diffie-Hellman to be used for SSL tunnel."
::= { agentSSLConfigGroup 11 }
--**************************************************************************************
-- agentSSHConfigGroup
--
--**************************************************************************************
agentSSHConfigGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 2 }
agentSSHAdminMode OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures whether the SSH service is enabled on this switch. The
default value is disable(2)."
::= { agentSSHConfigGroup 1 }
agentSSHProtocolLevel OBJECT-TYPE
SYNTAX INTEGER {
ssh10(1), -- deprecated, SSH 1.0 no longer supported
ssh20(2), -- SSH 2.0
both(3) -- deprecated, SSH 1.0 no longer supported
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the protocol version of SSH enabled on this switch.
Starting with the use of OpenSSH version 7.5P1,
SSH Protocol Version 1.0 is no longer supported."
DEFVAL { ssh20}
::= { agentSSHConfigGroup 2 }
agentSSHSessionsCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Current number of active SSH sessions on this switch."
::= { agentSSHConfigGroup 3 }
agentSSHMaxSessionsCount OBJECT-TYPE
SYNTAX Integer32 (0..5)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Max number of SSH sessions permitted on this switch."
::= { agentSSHConfigGroup 4 }
agentSSHSessionTimeout OBJECT-TYPE
SYNTAX Integer32 (1..3932159)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"SSH idle timeout value for this switch in seconds. The
upper limit represents 65535 minutes and 59 seconds."
::= { agentSSHConfigGroup 5 }
agentSSHKeysPresent OBJECT-TYPE
SYNTAX INTEGER {
dsa(1),
rsa(2),
both(3), --deprecated
none(4),
ecdsa(5),
all(6),
rsa-dsa(7),
rsa-ecdsa(8),
dsa-ecdsa(9)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates what key files are present on the device, if any."
::= { agentSSHConfigGroup 6 }
agentSSHKeyGenerationStatus OBJECT-TYPE
SYNTAX INTEGER {
dsa(1),
rsa(2),
both(3), --deprecated
none(4),
ecdsa(5),
all(6),
rsa-dsa(7),
rsa-ecdsa(8),
dsa-ecdsa(9)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates what key files are currently being generated, if any."
::= { agentSSHConfigGroup 7 }
agentSSHRSAKeyControl OBJECT-TYPE
SYNTAX INTEGER {
noop(1),
generate(2),
delete(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Controls RSA key generation and deletion. A read of this object always returns noop(1)."
::= { agentSSHConfigGroup 8 }
agentSSHDSAKeyControl OBJECT-TYPE
SYNTAX INTEGER {
noop(1),
generate(2),
delete(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Controls DSA key generation and deletion. A read of this object always returns noop(1)."
::= { agentSSHConfigGroup 9 }
agentSSHExecBannerState OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Shows/Changes EXEC banner state on SSH session."
DEFVAL { enable }
::= { agentSSHConfigGroup 10 }
agentSSHLoginBannerState OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Shows/Changes login banner state on SSH session."
DEFVAL { enable }
::= { agentSSHConfigGroup 11 }
agentSSHMotdBannerState OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION "Shows/Changes MOTD banner state on SSH session."
DEFVAL { enable }
::= { agentSSHConfigGroup 12 }
agentSSHEcdsaKeyControl OBJECT-TYPE
SYNTAX INTEGER {
noop(1),
generate(2),
delete(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION "Controls ECDSA key generation and deletion. A read of this object always returns noop(1)."
::= { agentSSHConfigGroup 13 }
agentSSHEcdsaKeyLen OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION "Get/Set ECDSA key length. Supported Key lengths are 256, 384 and 521 bits."
::= { agentSSHConfigGroup 14 }
agentSSHDsaKeyLen OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Get/Set DSA key length. Supported Key length is 1024 bits."
DEFVAL { 1024 }
::= { agentSSHConfigGroup 15 }
agentSSHRsaKeyLen OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Get/Set RSA key length. Supported Key lengths are 1024, 2048 and 3072 bits."
DEFVAL { 1024 }
::= { agentSSHConfigGroup 16 }
agentSSHAuthenticationRetries OBJECT-TYPE
SYNTAX Unsigned32 (0..5)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"To configure the maximum authentication retries allowed per SSH connection."
DEFVAL { 3 }
::= { agentSSHConfigGroup 17 }
--**************************************************************************************
-- agentSSHEncryptionAlgorithmsConfigGroup
--
--**************************************************************************************
agentSSHEncryptionAlgorithmsConfigGroup OBJECT IDENTIFIER ::= { agentSSHConfigGroup 18 }
agentSSHServerEncryptionAlgorithmsTable OBJECT-TYPE
SYNTAX SEQUENCE OF AgentSSHServerEncryptionAlgorithmsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies SSH encryption algorithms to be used."
::= { agentSSHEncryptionAlgorithmsConfigGroup 1 }
agentSSHServerEncryptionAlgorithmsEntry OBJECT-TYPE
SYNTAX AgentSSHServerEncryptionAlgorithmsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Config entry for SSH encryption algorithms."
INDEX { agentSSHServerEncryptionIndex }
::= { agentSSHServerEncryptionAlgorithmsTable 1 }
AgentSSHServerEncryptionAlgorithmsEntry ::= SEQUENCE {
agentSSHServerEncryptionIndex
Unsigned32,
agentSSHServerEncryptionAlgorithms
INTEGER
}
agentSSHServerEncryptionIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of the SSH encryption configuration order."
::= { agentSSHServerEncryptionAlgorithmsEntry 1 }
agentSSHServerEncryptionAlgorithms OBJECT-TYPE
SYNTAX INTEGER {
undefined(0),
aes128-ctr(1),
aes192-ctr(2),
aes256-ctr(3),
chacha20-poly1305(4)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies encryption algorithm to be used for SSH.
Abbreviation used.
- chacha20-poly1305(4) is used for chacha20-poly1305@openssh.com.
"
DEFVAL { undefined }
::= { agentSSHServerEncryptionAlgorithmsEntry 2 }
agentSSHServerEncryptionRefresh OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When set to enable(1), configuration of agentSSHServerEncryptionAlgorithmsEntry will be configured
and refresh ssh process. The value is write-only.
Attempt to read will return disable(2)."
::= { agentSSHEncryptionAlgorithmsConfigGroup 2 }
--**************************************************************************************
-- agentSSHMacAlgorithmsConfigGroup
--
--**************************************************************************************
agentSSHMacAlgorithmsConfigGroup OBJECT IDENTIFIER ::= { agentSSHConfigGroup 19 }
agentSSHServerMacAlgorithmsTable OBJECT-TYPE
SYNTAX SEQUENCE OF AgentSSHServerMacAlgorithmsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies SSH mac algorithms to be used."
::= { agentSSHMacAlgorithmsConfigGroup 1 }
agentSSHServerMacAlgorithmsEntry OBJECT-TYPE
SYNTAX AgentSSHServerMacAlgorithmsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Config entry for SSH mac algorithms."
INDEX { agentSSHServerMacIndex }
::= { agentSSHServerMacAlgorithmsTable 1 }
AgentSSHServerMacAlgorithmsEntry ::= SEQUENCE {
agentSSHServerMacIndex
Unsigned32,
agentSSHServerMacAlgorithms
INTEGER
}
agentSSHServerMacIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..10)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of the SSH mac algorithms configuration order."
::= { agentSSHServerMacAlgorithmsEntry 1 }
agentSSHServerMacAlgorithms OBJECT-TYPE
SYNTAX INTEGER {
undefined(0),
hmac-sha1(1),
hmac-sha1-etm(2),
hmac-md5-etm(3),
hmac-sha2-256(4),
hmac-sha2-512(5),
hmac-sha1-96-etm(6),
hmac-md5-96-etm(7),
hmac-md5(8),
hmac-sha2-256-etm(9),
hmac-sha2-512-etm(10)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies MAC algorithm to be used for SSH.
Abbreviation used.
- hmac-sha1-etm(2) is used for hmac-sha1-etm@openssh.com
- hmac-md5-etm(3) is used for hmac-md5-etm@openssh.com
- hmac-sha1-96-etm(6) is used for hmac-sha1-96-etm@openssh.com
- hmac-md5-96-etm(7) is used for hmac-md5-96-etm@openssh.com
- hmac-sha2-256-etm(9) is used for hmac-sha2-256-etm@openssh.com
- hmac-sha2-512-etm(10) is used for hmac-sha2-512-etm@openssh.com
"
DEFVAL { undefined }
::= { agentSSHServerMacAlgorithmsEntry 2 }
agentSSHServerMacRefresh OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When set to enable(1), configuration of agentSSHServerMacAlgorithmsEntry will be configured
and refresh ssh process. The value is write-only.
Attempt to read will return disable(2)."
::= { agentSSHMacAlgorithmsConfigGroup 2 }
--**************************************************************************************
-- agentSSHKexAlgorithmsConfigGroup
--
--**************************************************************************************
agentSSHKexAlgorithmsConfigGroup OBJECT IDENTIFIER ::= { agentSSHConfigGroup 20 }
agentSSHServerKexAlgorithmsTable OBJECT-TYPE
SYNTAX SEQUENCE OF AgentSSHServerKexAlgorithmsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies SSH kex algorithms to be used."
::= { agentSSHKexAlgorithmsConfigGroup 1 }
agentSSHServerKexAlgorithmsEntry OBJECT-TYPE
SYNTAX AgentSSHServerKexAlgorithmsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Config entry for SSH kex algorithms."
INDEX { agentSSHServerKexIndex }
::= { agentSSHServerKexAlgorithmsTable 1 }
AgentSSHServerKexAlgorithmsEntry ::= SEQUENCE {
agentSSHServerKexIndex
Unsigned32,
agentSSHServerKexAlgorithms
INTEGER
}
agentSSHServerKexIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..10)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of the SSH kex algorithms configuration order."
::= { agentSSHServerKexAlgorithmsEntry 1 }
agentSSHServerKexAlgorithms OBJECT-TYPE
SYNTAX INTEGER {
undefined(0),
curve25519-sha256(1),
curve25519-sha256-libssh(2),
ecdh-sha2-nistp256(3),
ecdh-sha2-nistp384(4),
ecdh-sha2-nistp521(5),
diffie-hellman-group-exchange-sha256(6),
diffie-hellman-group16-sha512(7),
diffie-hellman-group18-sha512(8),
diffie-hellman-group14-sha256(9),
diffie-hellman-group14-sha1(10)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies KEX algorithm to be used for SSH.
Abbreviation used.
- curve25519-sha256-libssh(2) is used for curve25519-sha256@libssh.org
"
DEFVAL { undefined }
::= { agentSSHServerKexAlgorithmsEntry 2 }
agentSSHServerKexRefresh OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When set to enable(1), configuration of agentSSHServerKexAlgorithmsEntry will be configured
and refresh ssh process. The value is write-only.
Attempt to read will return disable(2)."
::= { agentSSHKexAlgorithmsConfigGroup 2 }
--**************************************************************************************
-- agentOutboundSSHGroup -> contains MIB objects displaying various properties
-- of a Outbound SSH
--
--**************************************************************************************
agentOutboundSSHGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 3}
agentOutboundSSHAdminMode OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" Admin-mode of the Outbound SSH."
DEFVAL { disable }
::= { agentOutboundSSHGroup 1 }
agentOutboundSSHMaxSessions OBJECT-TYPE
SYNTAX INTEGER (0..5)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" The maximum no. of Outbound SSH sessions allowed."
DEFVAL { 5 }
::= { agentOutboundSSHGroup 2 }
agentOutboundSSHActiveSessions OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Get the number of active outgoing SSH sessions."
::= { agentOutboundSSHGroup 3 }
agentOutboundSSHTimeout OBJECT-TYPE
SYNTAX INTEGER (0..160)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" The login inactivity timeout value for Outbound SSH."
DEFVAL { 5 }
::= { agentOutboundSSHGroup 4 }
END
View Git Blame Copy Permalink