WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/avaya/SECURITY-MANAGEMENT-MIB

1310 lines
40 KiB
Plaintext
Raw Blame History

--
-- security-management-mib.my
-- MIB generated by MG-SOFT Visual MIB Builder Version 6.0 Build 88
-- Monday, March 13, 2006 at 18:53:18
--
-- security-management-mib.my
-- MIB generated by MG-SOFT Visual MIB Builder Version 3.0 Build 253
-- Monday, February 27, 2006 at 19:18:22
--
-- SECURITY-MANAGEMENT-MIB.my
-- MIB generated by MG-SOFT Visual MIB Builder Version 3.0 Build 253
-- Wednesday, November 23, 2005 at 13:35:05
--
-- SECURITY-MANAGEMENT-MIB.my
-- MIB generated by MG-SOFT Visual MIB Builder Version 3.0 Build 253
-- Wednesday, April 20, 2005 at 16:07:15
--
-- SECURITYMANAGEMENTMIB.my
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Wednesday, January 12, 2005 at 14:00:10
--
-- SECURITYMANAGEMENTMIB.my
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Tuesday, January 11, 2005 at 18:41:44
--
-- SECURITYMANAGEMENTMIB.my
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Wednesday, September 15, 2004 at 13:47:14
--
-- SECURITYMANAGEMENTMIB.my
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Sunday, June 27, 2004 at 18:06:47
--
-- ==========================================================
--
-- MIB : SECURITYMANAGEMENTMIB Avaya
--
-- Version : 1.1.0
--
-- ==========================================================
--
-- Copyright 1999 2010 Avaya Ltd.
-- All Rights Reserved.
--
-- Reproduction of this document is authorized on condition
-- that the foregoing copyright notice is included.
--
-- This Avaya SNMP Management Information Base
-- Specification embodies Avaya confidential and
-- proprietary intellectual property. Lucent Technologies retains all
-- title and ownership in the Specification, including any revisions
--
-- It is Avaya intent to encourage the widespread use of this
-- Specification in connection with the management of Avaya
-- products.
--
-- Avaya grants vendors, endusers, and other interested parties
-- a nonexclusive license to use this Specification in connection
-- with the management of Avaya products.
--
-- This Specification is supplied "as is," and Avaya makes
-- no warranty, either express or implied, as to the use,
-- operation, condition, or performance of the Specification.
--
--==========================================================
--
-- Version 1.1.0
-- 24 Oct 2010
-- Adding traps which support IPv6.
-- a. avUnAuthAccessEvent.
-- b. avAccountLockoutEvent.
-- c. avIPv6AddressDuplicationEvent.
-- Shlomi biton
--
--==========================================================
--
-- Version 1.0.12
-- 15 Jun 2009
-- Adding arpInspection(23) enumeration to secMngProtoId.
-- Shlomi biton
--
--==========================================================
--
-- Version 1.0.11
-- 07 Feb 2008
-- Changing the secMngNumOfDays2Expire to
-- Udi Ezra ; Shlomi biton
--==========================================================
--
-- Version 1.0.10
-- 07 Feb 2008
-- Adding the trap avPasswordToExpireAlert
-- Pesah Spector
-- ==========================================================
--
-- Version 1.0.9
-- 11 Jan 2007
-- Adding avSecLocalDateAndTime - for setting date and time.
--
-- ==========================================================
--
-- Version 1.0.8
-- 02 Nov 2006
-- Adding DNS Relay to dnsRelay(22) to secMngProtoId.
--
-- ==========================================================
--
-- Version 1.0.7
-- 2 MAr 2005
-- Added support for MSS notification generated as result of DoS attacks
-- or unauthenticated attempts - see definition in CID 104904. All
-- new MIB objects - notification and varbinds are located under
-- avMssNotifications MIB subtree.
--
-- ==========================================================
--
-- Version 1.0.6
-- 11 Jan 2005
-- Added support for SYN cookies operational state monitoring,
-- and configueration state monitoring/change.
-- The following items were added:
-- o secTcpSynCookies
-- o secTcpSynCkiOpState
-- o secTcpSynCkiCfgState
--
-- Changed by Nimrod Dezent
-- ==========================================================
--
-- Version 1.0.5
-- 04 Oct 2004
-- Definition of DNS resolver enumerations.
-- Adding dnsResolver(18) to secMngProtoId.
--
-- Changed by Shlomi Biton
-- ==========================================================
--
-- Version 1.0.4
-- 04 July 2004
-- Add new mib object fipsEnhancedSecurityFlg under fip140 subtree
--
-- Changed by Pesah Spector
-- ==========================================================
-- Version 1.0.3
-- 04 July 2004
-- Updating the enumeration scpConfigFile to be scpConfigFiles in secMngProtoId.
--
-- 1. Change by Shlomi Biton
-- ==========================================================
--
-- Version 1.0.2
-- 28 June 2004
-- Definition of DHCP and TFTP enumerations.
-- Adding tftp(16) and dhcp(17) to secMngProtoId.
--
-- 1. Add by Shlomi Biton
-- ==========================================================
--
-- Version 1.0.1
-- 27 June 2004
-- Definition of RFA based license support
--
-- 1. Add by Pesah Spector
-- ==========================================================
--
-- Version 1.0.0
-- Definition of network services protocols first relase
-- ==========================================================
--
--
--
SECURITY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN
IMPORTS
lsg
FROM AVAYAGEN-MIB
cmgTrapLocation, cmgTrapOnBoard, cmgTrapSubsystem, cmgTrapOnIccMissing, cmgTrapModule
FROM G700-MG-MIB
ifIndex, ifType, ifPhysAddress, ifName
FROM IF-MIB
genOpLastFailureDisplay, genAppFileId, genAppFileName, genAppFileVersionNumber
FROM LOAD-MIB
DisplayString
FROM RFC1213-MIB
OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
IpAddress, Unsigned32, Counter64, OBJECT-TYPE, MODULE-IDENTITY,
OBJECT-IDENTITY, NOTIFICATION-TYPE
FROM SNMPv2-SMI
InetAddress, InetAddressType
FROM INET-ADDRESS-MIB
avEntPhySeverity
FROM AVAYA-ENTITY-MIB
PhysAddress, DateAndTime, TEXTUAL-CONVENTION
FROM SNMPv2-TC;
-- 1.3.6.1.4.1.6889.2.1.14.1
secMngModule MODULE-IDENTITY
LAST-UPDATED "201003231045Z" -- Mar 22, 2010 at 10:46 GMT
ORGANIZATION
"Avaya"
CONTACT-INFO
"Contact-info."
DESCRIPTION
"Defines MIB objects related to device secured management."
REVISION "200603131849Z" -- March 13, 2006 at 18:49 GMT
DESCRIPTION
"Support for ASG Authentication
File and Authentication
Notifications"
REVISION "200511231321Z" -- November 23, 2005 at 13:21 GMT
DESCRIPTION
"Version 1.0.9
add support for new portocol enum value
telnetServices in object secMngProtoId, added as part of G450 project
development - ref CID 110907
Pesah
"
REVISION "200501111654Z" -- January 11, 2005 at 16:54 GMT
DESCRIPTION
" Version 1.0.6
Added support for SYN cookies operational state monitoring,
and configueration state monitoring/change.
The following items were added:
o secTcpSynCookies
o secTcpSynCkiOpState
o secTcpSynCkiCfgState
Changed by Nimrod Dezent"
REVISION "200503021602Z" -- March 02, 2005 at 16:02 GMT
DESCRIPTION
"
Version 1.0.7
2 MAr 2005
Added support for MSS notification generated as result of DoS attacks
or unauthenticated attempts - see definition in CID 104904. All
new MIB objects - notification and varbinds are located under
avMssNotifications MIB subtree
"
REVISION "200504201606Z" -- April 20, 2005 at 16:06 GMT
DESCRIPTION
"
1.0.8 Changed default value of MSS rate
limiting from 60 seconds to
300 seconds"
REVISION "200602271916Z" -- February 27, 2006 at 19:16 GMT
DESCRIPTION
"Adding new
notifictations supporting Secret
Management
for backup and restore
(startup-config) file
"
REVISION "201003231045Z" -- Mar 21, 2010 at 16:57 GMT
DESCRIPTION
" Adding traps which support IPv6.
a. avUnAuthAccessEvent.
b. avAccountLockoutEvent.
c. avIPv6AddressDuplicationEvent.
d. avNSReceivedDuplicateAddressEvent.
e. avNAReceivedDuplicateAddressEvent.
"
::= { avayaSecurity 1 }
--
-- Textual conventions
--
-- January 11, 2005 at 17:00 GMT
-- February 27, 2006 at 19:16 GMT
-- April 20, 2005 at 16:06 GMT
-- March 02, 2005 at 16:02 GMT
-- January 11, 2005 at 16:54 GMT
-- November 23, 2005 at 13:21 GMT
--
-- Textual conventions
--
-- January 11, 2005 at 17:00 GMT
-- November 23, 2005 at 13:21 GMT
-- January 11, 2005 at 16:54 GMT
-- March 02, 2005 at 16:02 GMT
-- April 20, 2005 at 16:06 GMT
--
-- Textual conventions
--
-- January 11, 2005 at 17:00 GMT
-- April 20, 2005 at 16:06 GMT
-- March 02, 2005 at 16:02 GMT
-- January 11, 2005 at 16:54 GMT
--
-- Textual conventions
--
-- January 11, 2005 at 17:00 GMT
-- January 11, 2005 at 16:54 GMT
--
-- Textual conventions
--
-- January 11, 2005 at 17:00 GMT
-- January 11, 2005 at 16:54 GMT
--
-- Textual conventions
--
-- January 01, 2003 at 18:26 GMT
--
-- Textual conventions
--
OnOffType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Description."
SYNTAX INTEGER
{
on(1),
off(2)
}
-- January 01, 2003 at 18:26 GMT
-- January 01, 2003 at 18:26 GMT
--
-- Textual conventions
--
ServiceStateType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Description."
SYNTAX INTEGER
{
on(1),
off(2),
notSupported(3)
}
--
-- Node definitions
--
-- Node definitions
--
-- Node definitions
--
-- Node definitions
--
-- Node definitions
--
-- Node definitions
--
-- Node definitions
--
-- Node definitions
--
-- 1.3.6.1.4.1.6889.2.1.14
-- 1.3.6.1.4.1.6889.2.1.14
-- 1.3.6.1.4.1.6889.2.1.14
avayaSecurity OBJECT IDENTIFIER ::= { lsg 14 }
-- Node definitions
--
-- 1.3.6.1.4.1.6889.2.1.2.1
-- 1.3.6.1.4.1.6889.2.1.14.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.1
secMode OBJECT-TYPE
SYNTAX OnOffType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When the security mode flag = on - it indicates that device operates
in secured mode, =off - in non-secured mode. Otherwize when the value retuned
=Not relevant - secured mode is not supported in this device."
::= { secMngModule 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.2
-- 1.3.6.1.4.1.6889.2.1.14.1.2
secTcpSynCookies OBJECT IDENTIFIER ::= { secMngModule 2 }
-- 1.3.6.1.4.1.6889.2.1.14.1.2.1
-- 1.3.6.1.4.1.6889.2.1.14.1.2.1
secTcpSynCkiOpState OBJECT-TYPE
SYNTAX OnOffType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Monitors the operational state of the TCP SYN cookies
defense mechanism.
The operational state of the SYN cookies can change
only after a reset, if the configuration state was
changed and the running configuration was saved to
the startup configuration before the reset.
Use secTcpSynCkiCfgState to monitor and change the
SYN cookies configuration state.
When the SYN cookies feature is turned on, it helps
protect the local host from SYN attacks (a type of
DoS attack)."
::= { secTcpSynCookies 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.2.2
-- 1.3.6.1.4.1.6889.2.1.14.1.2.2
secTcpSynCkiCfgState OBJECT-TYPE
SYNTAX OnOffType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Controls and monitors the configuration state of the
TCP SYN cookies defense mechanism.
The operational state of the SYN cookies can change
only after reset, if the configuration state was
changed and the running configuration was saved to
the startup configuration before the reset.
Use secTcpSynCkiOpState to monitor the SYN cookies
operational state.
When the SYN cookies feature is turned on, it helps
protect the local host from SYN attacks (a type of
DoS attack).
"
::= { secTcpSynCookies 2 }
-- 1.3.6.1.4.1.6889.2.1.2.3
-- 1.3.6.1.4.1.6889.2.1.14.1.3
-- 1.3.6.1.4.1.6889.2.1.14.1.3
-- 1.3.6.1.4.1.6889.2.1.14.1.3
secMngProtoTable OBJECT-TYPE
SYNTAX SEQUENCE OF SecMngProtoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"List of security management protocols supported in the device.
"
::= { secMngModule 3 }
-- 1.3.6.1.4.1.6889.2.1.2.3.1
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1
secMngProtoEntry OBJECT-TYPE
SYNTAX SecMngProtoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Description."
INDEX { secMngProtoId }
::= { secMngProtoTable 1 }
SecMngProtoEntry ::=
SEQUENCE {
secMngProtoId
INTEGER,
secMngProtoStatus
ServiceStateType
}
-- 1.3.6.1.4.1.6889.2.1.2.3.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.1
secMngProtoId OBJECT-TYPE
SYNTAX INTEGER
{
scpConfigFiles(1),
scpImageFiles(2),
ssh(3),
telnet(4),
snmpv3(5),
http(6),
https(7),
telnetClient(8),
icmpRedirection(9),
icmp(10),
recoveryPassword(11),
sshClient(12),
snmpv1(13),
icmpEcho(14),
ftpClient(15),
tftp(16),
dhcp(17),
dnsResolver(18),
scpClient(19),
tftpClient(20),
telnetServices(21),
dnsRelay(22),
arpInspection(23)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Index to the secMngProtoTable. The index can take one of the following values that
correspond to supported management protocols
scpConfigFiles(1),
scpImageFiles(2),
ssh(3),
telnet(4),
snmpv3(5),
http(6),
https(7),
telnetClient(8),
icmpRedirection(9), - icmp redirection service state
icmp(10), - icmp services status
recoveryPassword(11), - recovery password state
sshClient(12),
snmpv1(13),
icmpEcho(14) - icmp service has been launched in EchoOnly mode
tftp(16),
dhcp(17),
dnsResolver(18,
scpClient(19),
tftpClient(20),
servicesTelnet(21), - reports telnet status on Services interface in G450
Missing entry indicates that
corresponding protocol is not supported. "
::= { secMngProtoEntry 1 }
-- The index of the supported protocols. For not supported protocol
-- the entry will not be
-- 1.3.6.1.4.1.6889.2.1.2.3.1.2
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.2
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.2
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.2
secMngProtoStatus OBJECT-TYPE
SYNTAX ServiceStateType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Portocol status. When the status is =on - it indicates that
correpsonding protocol is up and running, =off - protocol is down.
Otherwize when the value retuned =Not relevant - the protocol is not supported."
::= { secMngProtoEntry 2 }
-- 1.3.6.1.4.1.6889.2.1.14.1.4
-- 1.3.6.1.4.1.6889.2.1.14.1.4
-- 1.3.6.1.4.1.6889.2.1.14.1.4
secMngConformance OBJECT IDENTIFIER ::= { secMngModule 4 }
-- 1.3.6.1.4.1.6889.2.1.14.1.4.1
-- 1.3.6.1.4.1.6889.2.1.14.1.4.1
-- 1.3.6.1.4.1.6889.2.1.14.1.4.1
secMngGroups OBJECT IDENTIFIER ::= { secMngConformance 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.4.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.4.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.4.1.1
secMngBasicGroup OBJECT-GROUP
OBJECTS { secMode, secMngProtoId, secMngProtoStatus, secTcpSynCkiOpState, secTcpSynCkiCfgState,
fipsEnhancedSecurityFlg }
STATUS current
DESCRIPTION
"Description."
::= { secMngGroups 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.4.2
-- 1.3.6.1.4.1.6889.2.1.14.1.4.2
-- 1.3.6.1.4.1.6889.2.1.14.1.4.2
secMngCompliance OBJECT IDENTIFIER ::= { secMngConformance 2 }
-- 1.3.6.1.4.1.6889.2.1.14.1.5
-- 1.3.6.1.4.1.6889.2.1.14.1.5
-- 1.3.6.1.4.1.6889.2.1.14.1.5
lsgLicManagement OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Group of MIBs objects used for configuration/presentation of the
License information generated by Avaya Remote Feature
Activation (RFA) system.
"
::= { secMngModule 5 }
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1
lsgLicMngTable OBJECT-TYPE
SYNTAX SEQUENCE OF LsgLicMngEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"RFA based License management table. All elements are
displaying the feature activation status. License activation
controlled by the license file. The table is indexed by the
license feature keyword assuming that the same keyword describing a
feature cannot appear more than once per a license file.
"
::= { lsgLicManagement 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1
lsgLicMngEntry OBJECT-TYPE
SYNTAX LsgLicMngEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry in lsgLicMngTable. "
INDEX { lsgLicMngFeatureKeyword }
::= { lsgLicMngTable 1 }
LsgLicMngEntry ::=
SEQUENCE {
lsgLicMngFeatureKeyword
OCTET STRING,
lsgLicMngFeatureType
INTEGER,
lsgLicMngAdminStatus
OnOffType,
lsgLicMngOperStatus
OnOffType,
lsgLicMngCountedValue
Unsigned32,
lsgLicMngLastError
INTEGER
}
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.1
lsgLicMngFeatureKeyword OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This table entry contains a features keyword. The feature
keywords are text-based for example FEAT_VPN string. This
field is used as a table index"
::= { lsgLicMngEntry 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.2
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.2
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.2
lsgLicMngFeatureType OBJECT-TYPE
SYNTAX INTEGER
{
onOffFeature(1),
quantifiableFeature(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"License activation mechanism support two feature types
* Boolean on-off feature
* Features that describe quantities for example number
of concurrent VPN peers
"
::= { lsgLicMngEntry 2 }
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.3
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.3
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.3
lsgLicMngAdminStatus OBJECT-TYPE
SYNTAX OnOffType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An administration status shows the feature activation status -
when set to On the feature is activated by the RFA licensing system.
"
::= { lsgLicMngEntry 3 }
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.4
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.4
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.4
lsgLicMngOperStatus OBJECT-TYPE
SYNTAX OnOffType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The operation status shows the actual status of the
corresponding feature - feature can be not operational
enabled if for example device must be reset for feature to
be activated or feature is not supported by a device."
::= { lsgLicMngEntry 4 }
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.5
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.5
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.5
lsgLicMngCountedValue OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"For counted features, this entry shows the associated quantity"
::= { lsgLicMngEntry 5 }
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.6
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.6
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.6
lsgLicMngLastError OBJECT-TYPE
SYNTAX INTEGER { licNoError(2) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Shows feature error state"
::= { lsgLicMngEntry 6 }
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20
lsgLicMngConformance OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Description."
::= { lsgLicManagement 20 }
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20.1
lsgLicMngGroups OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Description."
::= { lsgLicMngConformance 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20.1.1
lsgLicMngBasicGroup OBJECT-GROUP
OBJECTS { lsgLicMngFeatureKeyword, lsgLicMngFeatureType, lsgLicMngAdminStatus, lsgLicMngOperStatus, lsgLicMngCountedValue,
lsgLicMngLastError }
STATUS current
DESCRIPTION
"Description."
::= { lsgLicMngGroups 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.6
-- 1.3.6.1.4.1.6889.2.1.14.1.6
-- 1.3.6.1.4.1.6889.2.1.14.1.6
fips140 OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Description."
::= { secMngModule 6 }
-- 1.3.6.1.4.1.6889.2.1.14.1.6.1
-- 1.3.6.1.4.1.6889.2.1.14.1.6.1
-- 1.3.6.1.4.1.6889.2.1.14.1.6.1
fipsEnhancedSecurityFlg OBJECT-TYPE
SYNTAX OnOffType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"enhanceSecurity flag reports operation of a product in enhance security mode.
When running under enhanced security a product performs certain secure-related
activities safely, closely matching FIPS-140-2 standard. However the
flag doesn't necessary indicate that all device operations comply to
FIPS approved mode as some of security activities might be controlled
via different mechanisms for example manual configuration.
Security policy/Crypto Office guidance documents shall be used as
reference as for if this flag can be used as an evidence for operation
in FIPS approved mode. The flag is read only and set via product CLI.
"
::= { fips140 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7
avMssNotifications OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Subtree hosting MSS notification traps"
::= { secMngModule 7 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.0
avMssNotificationPrefix OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Description."
::= { avMssNotifications 0 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.0.1
avMSSDenialOfService NOTIFICATION-TYPE
OBJECTS { avMSSVarbindsDoSType, avMSSVarbindsSrcAddr, avMSSVarbindsDstAddr, avMSSVarbindsDstPort, avMSSVarbindsCount,
avMSSVarbindsIpProtocol, ifIndex, ifName, avMSSVarbindsSrcMACAddr }
STATUS current
DESCRIPTION
"The MSS notification sent on DoS attack"
::= { avMssNotificationPrefix 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.2
avMSSNotificationRate OBJECT-TYPE
SYNTAX INTEGER (10..28800)
UNITS "Second"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Defines the rate of MSS notification report.
MSS reports will be generated as per
rate if the event group counter
passes the threshold correspondingly.
The rate units are given in seconds with
minimum - 10 seconds
maximum - 8 hours (60 * 60 * 8)
"
DEFVAL { 300 }
::= { avMssNotifications 2 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.4
avMSSVarbinds OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Subtree of access-for-notify arguments to
MSS notification varbinds list."
::= { avMssNotifications 4 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.1
avMSSVarbindsDoSType OBJECT-TYPE
SYNTAX INTEGER
{
avMSSDoSMalformedARPs(1),
avMSSDoSLandAttack(2),
avMSSDoSICMPReflectAttack(3),
avMSSDoSUknownPort(4),
avMSSDoSUrgTCPOption(5),
avMSSDoSMalformedIP(6),
avMSSDoSSynFlood(7),
avMSSDoSSmurfAttack(8),
avMSSDoSFraggleAttack(9),
avMSSDoSMalFragmentIP(10),
avMSSSpoofedIP(11),
avMSSUnknownL4Protocol(12),
avMSSunAuthenticatedAccess(13),
avMSSUserDefinedDoSAttack100(100),
avMSSUserDefinedDoSAttack101(101),
avMSSUserDefinedDoSAttack102(102),
avMSSUserDefinedDoSAttack103(103),
avMSSUserDefinedDoSAttack104(104),
avMSSUserDefinedDoSAttack105(105)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Enumeration of DoS attacks"
::= { avMSSVarbinds 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.2
avMSSVarbindsDescription OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Textual description of the DoS event "
::= { avMSSVarbinds 2 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.3
avMSSVarbindsSrcAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Source IP address in IP header. Set to 0.0.0.0 if address is unknown"
::= { avMSSVarbinds 3 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.4
avMSSVarbindsDstAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Destination IP address in IP header. Set to 0.0.0.0 if address is unknown"
::= { avMSSVarbinds 4 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.5
avMSSVarbindsDstPort OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Destination port number in IP header. 0 if port is not applicable or
unknown"
DEFVAL { 0 }
::= { avMSSVarbinds 5 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.6
avMSSVarbindsIpProtocol OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The protocol field in IP header
"
::= { avMSSVarbinds 6 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.7
avMSSVarbindsCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Counted number of events that occur in a given period
for a corresponding class of security violations (DoS,
not authorized access, etc)."
::= { avMSSVarbinds 7 }
-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.8
avMSSVarbindsSrcMACAddr OBJECT-TYPE
SYNTAX PhysAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Source Physical address (MAC) of a packet identified
as a packet carrying DoS payload. Set to 00:00:00:00:00:00 when phyicial address
is not supported or unknown to the system"
DEFVAL { "00:00:00:00:00:00" }
::= { avMSSVarbinds 8 }
-- 1.3.6.1.4.1.6889.2.1.14.1.8
avMSSgroup OBJECT-GROUP
OBJECTS { avMSSNotificationRate, avMSSVarbindsSrcAddr, avMSSVarbindsDstAddr, avMSSVarbindsDstPort, avMSSVarbindsDescription,
avMSSVarbindsIpProtocol, avMSSVarbindsDoSType, avMSSVarbindsCount, avMSSVarbindsSrcMACAddr }
STATUS current
DESCRIPTION
"Description."
::= { secMngModule 8 }
-- 1.3.6.1.4.1.6889.2.1.14.1.9
mssNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { avMSSDenialOfService }
STATUS current
DESCRIPTION
"Description."
::= { secMngModule 9 }
-- 1.3.6.1.4.1.6889.2.1.14.1.10
secMngNotifications OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Description."
::= { secMngModule 10 }
-- 1.3.6.1.4.1.6889.2.1.14.1.10.0
secMngNotificationsPrefix OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Description."
::= { secMngNotifications 0 }
-- 1.3.6.1.4.1.6889.2.1.14.1.10.0.1
avConfigurationEncKeyMismatchFault NOTIFICATION-TYPE
OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation, genAppFileId, genAppFileName,
genAppFileVersionNumber, genOpLastFailureDisplay }
STATUS current
DESCRIPTION
"Encryption keys mismatch error. Configuration download
operation is aborted"
::= { secMngNotificationsPrefix 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.10.0.2
avConfigurationMasterKeyChange NOTIFICATION-TYPE
OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation }
STATUS current
DESCRIPTION
"Configuration Master key was changed
"
::= { secMngNotificationsPrefix 2 }
-- 1.3.6.1.4.1.6889.2.1.14.1.10.0.3
avPasswordToExpireAlert NOTIFICATION-TYPE
OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation, secMngNumOfDays2Expire }
STATUS current
DESCRIPTION
"User password is about to expire in n days
"
::= { secMngNotificationsPrefix 3 }
avUnAuthAccessEvent NOTIFICATION-TYPE
OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation,
avUnauthUserName, avUnauthInetAddressType, avUnauthInetAddress,
avUnauthProtocol, avASGAuthFileAFID, avEntPhySeverity }
STATUS current
DESCRIPTION
"Notification on unauthorized login attempts.
o For CLI and SNMP login failures:
Both SNMP SSH and WEB management interfaces shall identify
situation and alert.
The reported information should include wrong user name,
host name and IP address of remote host. Passwords is not
reported because of the possibility to reveal password.
o For pre-shared-key (PSK) authentication failure in IKE:
* lntUnauthUserName -
- In IKE AM: the ID sent by the remote peer in the ID
payload.
- In IKE MM: the ID associated with the remote peer IP
in the running configuration.
* avUnauthInetAddressType and avUnauthInetAddress - represents
the source IP of the packet sent by the remote peer.
* avUnauthProtocol - lntIKEAccess(500)
"
::= { secMngNotificationsPrefix 200 }
avAccountLockoutEvent NOTIFICATION-TYPE
OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation,
avUnauthUserName, avUnauthInetAddressType, avUnauthInetAddress,
avUnauthProtocol, avASGAuthFileAFID, avEntPhySeverity }
STATUS current
DESCRIPTION
"After configurable number of failed attempts to authenticate a user, device
penalized by locking them out for a pre-specified amount of time."
::= { secMngNotificationsPrefix 201 }
avIPv6AddressDuplicationEvent NOTIFICATION-TYPE
OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation,
avDuplicatedInetAddressType, avDuplicatedInetAddress, avDuplicatedMACAddress,
ifIndex, ifName, avASGAuthFileAFID, avEntPhySeverity }
STATUS current
DESCRIPTION
"The trap is generated whenever there is a detection of IPv6 address
(link-local or global IPv6 address) duplication as part of DAD."
::= { secMngNotificationsPrefix 202 }
-- 1.3.6.1.4.1.6889.2.1.14.1.10.1
secMngVarbinds OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Notify only varbinds used for
notifications in secMngNotifications group"
::= { secMngNotifications 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.10.1.1
secMngNumOfDays2Expire OBJECT-TYPE
SYNTAX Unsigned32
UNITS "Days"
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Description."
::= { secMngVarbinds 1 }
avUnauthUserName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..32))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The name of the user who's attempt to access device was identified as unauthorized.
"
::= { secMngVarbinds 3 }
avUnauthProtocol OBJECT-TYPE
SYNTAX INTEGER
{
avSSHAccess(22),
avTELNETAccess(23),
avHTTPAccess(80),
avSNMPAccess(161),
avHTTPSAccess(443),
avIKEAccess(500),
avRASAccess(6889),
avConsoleAccess(6890),
avPPPAccess(6891)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The management protocol employed for the unauthorized access -
avSSHAccess(22) -- SSH protocol
avTELNETAccess(23), --Telnet protocol
avHTTPAccess(80), -- HTTP protocol
avSNMPAccess(161), -- SNMP protocol
avHTTPSAccess(443), -- HTTPS protocol over TLS sockets
avIKEAccess(500), -- IKE protocol - PSK authentication failure
avRASAccess(6889), -- RAS access over dial-up connection
avConsoleAccess(6890), -- Access from the Console port
avPPPAccess(6891) -- Access to PPP over modem
"
::= { secMngVarbinds 5 }
avUnauthInetAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The Inet Address Type of access violating station"
::= { secMngVarbinds 9 }
avUnauthInetAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The Inet Address of access violating station"
::= { secMngVarbinds 10 }
avDuplicatedInetAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The duplicated Inet Address Type."
::= { secMngVarbinds 11 }
avDuplicatedInetAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The duplicated Inet Address."
::= { secMngVarbinds 12 }
avDuplicatedMACAddress OBJECT-TYPE
SYNTAX PhysAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The MAC address of the station that claims to be
configured with the duplicated IPv6 address."
::= { secMngVarbinds 13 }
-- 1.3.6.1.4.1.6889.2.1.14.1.10.2
avMngNotificationCompliance OBJECT-GROUP
OBJECTS { secMngNumOfDays2Expire }
STATUS current
DESCRIPTION
"Description."
::= { secMngNotifications 2 }
-- 1.3.6.1.4.1.6889.2.1.14.1.11
secMngNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { avConfigurationEncKeyMismatchFault, avConfigurationMasterKeyChange }
STATUS current
DESCRIPTION
"Description."
::= { secMngModule 11 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12
avASGAuthenticationFiles OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Info on authentication file(s) installed in a product"
::= { secMngModule 12 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12.3
avASGAuthFileHeader OBJECT-IDENTITY
STATUS current
DESCRIPTION
"The information on Authentication File stored
in ASG AF file header "
::= { avASGAuthenticationFiles 3 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.1
avASGAuthFileAFID OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..10))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The productID value ascociated with the
Authentication File (format 7xxxxxxxxx) "
::= { avASGAuthFileHeader 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.2
avASGAuthFileGenDate OBJECT-TYPE
SYNTAX DisplayString
UNITS "YYYY/MM/DD"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Date of Authentication file generation
(format YYYY/MM/DD)"
::= { avASGAuthFileHeader 2 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.3
avASGAuthFileGenTime OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..8))
UNITS "HH:MM:SS"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A 8-character string in US short locale
time (format= HH:MM:SS)"
::= { avASGAuthFileHeader 3 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.4
avASGAuthFileRelease OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Major software release the AF file was generated for "
::= { avASGAuthFileHeader 4 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.5
avASGNotifications OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Description."
::= { avASGAuthFileHeader 5 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.5.0
avASGNotificationsPrefix OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Description."
::= { avASGNotifications 0 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.5.0.1
avASGAFDownloadSuccess NOTIFICATION-TYPE
OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation, genAppFileId, genAppFileName,
genAppFileVersionNumber, avASGAuthFileAFID }
STATUS current
DESCRIPTION
"AF download successfully accomplished"
::= { avASGNotificationsPrefix 1 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.5.0.2
avASGAFDownloadFailure NOTIFICATION-TYPE
OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation, genAppFileId, genAppFileName,
genAppFileVersionNumber, genOpLastFailureDisplay, avASGAuthFileAFID }
STATUS current
DESCRIPTION
"AF download Failed "
::= { avASGNotificationsPrefix 2 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12.1000
avASGAuthFileGroup OBJECT-GROUP
OBJECTS { avASGAuthFileAFID, avASGAuthFileGenDate, avASGAuthFileGenTime, avASGAuthFileRelease }
STATUS current
DESCRIPTION
"Description."
::= { avASGAuthenticationFiles 1000 }
-- 1.3.6.1.4.1.6889.2.1.14.1.12.1001
avASGAuthFileNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { avASGAFDownloadFailure, avASGAFDownloadSuccess }
STATUS current
DESCRIPTION
"ASG authentictation File Notification Group"
::= { avASGAuthenticationFiles 1001 }
-- 1.3.6.1.4.1.6889.2.1.13
avSecLocalDateAndTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting the Local current RTC date and time, when not registered with CM"
::= { secMngModule 13 }
END
--
-- security-management-mib.my
--
View Git Blame Copy Permalink