355 lines
12 KiB
Plaintext
355 lines
12 KiB
Plaintext
DNOS-MGMT-SECURITY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
-- Broadcom FastPath Mgmt Security MIB
|
|
-- Copyright 2016-2019 Broadcom.
|
|
-- This SNMP Management Information Specification
|
|
-- embodies Broadcom's confidential and proprietary
|
|
-- intellectual property. Broadcom retains all title
|
|
-- and ownership in the Specification including any revisions.
|
|
|
|
-- This Specification is supplied "AS IS", Broadcom
|
|
-- makes no warranty, either expressed or implied,
|
|
-- as to the use, operation, condition, or performance of the
|
|
-- Specification.
|
|
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
|
|
IpAddress, Integer32 FROM SNMPv2-SMI
|
|
dnOS FROM DELL-REF-MIB
|
|
DisplayString FROM RFC1213-MIB
|
|
TruthValue FROM SNMPv2-TC;
|
|
|
|
fastPathMgmtSecurity MODULE-IDENTITY
|
|
LAST-UPDATED "201912050000Z" -- 05 Dec 2019 12:00:00 GMT
|
|
ORGANIZATION "Dell EMC"
|
|
CONTACT-INFO ""
|
|
DESCRIPTION
|
|
"The Dell Networking Private MIB for Security"
|
|
|
|
-- Revision history.
|
|
REVISION
|
|
"201912120000Z" -- 12 December 2019 12:00:00 GMT
|
|
DESCRIPTION
|
|
"Added MIB objects for Outbound SSH."
|
|
REVISION
|
|
"201812050000Z" -- 05 Dec 2018 12:00:00 GMT
|
|
DESCRIPTION
|
|
"Added object agentSSHEcdsaKeyControl, agentSSHEcdsaKeyLen to agentSSHConfigGroup."
|
|
REVISION
|
|
"201803010000Z" -- 01 March 2018 12:00:00 GMT
|
|
DESCRIPTION
|
|
"Modified the description of the object agentSSHProtocolLevel."
|
|
REVISION
|
|
"200705230000Z" -- 23 May 2007 12:00:00 GMT
|
|
DESCRIPTION
|
|
"Dell branding related changes."
|
|
REVISION
|
|
"200311210000Z" -- 21 Nov 2003 12:00:00 GMT
|
|
DESCRIPTION
|
|
"Initial revision."
|
|
|
|
::= { dnOS 11 }
|
|
|
|
|
|
--**************************************************************************************
|
|
-- agentSSLConfigGroup
|
|
--
|
|
--**************************************************************************************
|
|
|
|
agentSSLConfigGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 1 }
|
|
|
|
agentSSLAdminMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configures whether the SSL service is enabled on this switch. The
|
|
default value is disable(2)."
|
|
::= { agentSSLConfigGroup 1 }
|
|
|
|
agentSSLSecurePort OBJECT-TYPE
|
|
SYNTAX Integer32 (443|1025..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configures a layer 4 port number in the range 1025-65535 for secure HTTP
|
|
connections. The default port is 443."
|
|
::= { agentSSLConfigGroup 2 }
|
|
|
|
agentSSLProtocolLevel OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ssl30(1), -- SSL 3.0
|
|
tls10(2), -- TSL 1.0
|
|
both(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Displays which protocol versions of SSL are enabled on this
|
|
switch. The default value is both(3)."
|
|
::= { agentSSLConfigGroup 3 }
|
|
|
|
agentSSLMaxSessions OBJECT-TYPE
|
|
SYNTAX Integer32 (0..16)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configures the maximum number of allowable SSL sessions. The default
|
|
value is 16."
|
|
::= { agentSSLConfigGroup 4 }
|
|
|
|
agentSSLHardTimeout OBJECT-TYPE
|
|
SYNTAX Integer32 (1..86400)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configures the hard timeout for SSL sessions in seconds. The default
|
|
value is 30 minutes (1800 seconds). Configure the value equal to the value of agentHTTPHardTimeout."
|
|
::= { agentSSLConfigGroup 5 }
|
|
|
|
agentSSLSoftTimeout OBJECT-TYPE
|
|
SYNTAX Integer32 (1..3600)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configures the soft (activity) timeout for SSL sessions in seconds.
|
|
The default value is 3 minutes (180 seconds). Configure the value equal to the value of agentHTTPSortTimeout."
|
|
::= { agentSSLConfigGroup 6 }
|
|
|
|
agentSSLCertificatePresent OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Boolean value indicating whether SSL certificate files exist on the device."
|
|
::= { agentSSLConfigGroup 7 }
|
|
|
|
agentSSLCertificateControl OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noop(1),
|
|
generate(2),
|
|
delete(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Controls certificate generation and deletion. Always returns noop(1)."
|
|
::= { agentSSLConfigGroup 8 }
|
|
|
|
agentSSLCertificateGenerationStatus OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates whether certificate files are currently being generated."
|
|
::= { agentSSLConfigGroup 9 }
|
|
|
|
--**************************************************************************************
|
|
-- agentSSHConfigGroup
|
|
--
|
|
--**************************************************************************************
|
|
|
|
agentSSHConfigGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 2 }
|
|
|
|
agentSSHAdminMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configures whether the SSH service is enabled on this switch. The
|
|
default value is disable(2)."
|
|
::= { agentSSHConfigGroup 1 }
|
|
|
|
agentSSHProtocolLevel OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ssh10(1), -- deprecated, SSH 1.0 no longer supported
|
|
ssh20(2), -- SSH 2.0
|
|
both(3) -- deprecated, SSH 1.0 no longer supported
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the protocol version of SSH enabled on this switch.
|
|
Starting with the use of OpenSSH version 7.5P1,
|
|
SSH Protocol Version 1.0 is no longer supported."
|
|
DEFVAL { ssh20}
|
|
::= { agentSSHConfigGroup 2 }
|
|
|
|
agentSSHSessionsCount OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current number of active SSH sessions on this switch."
|
|
::= { agentSSHConfigGroup 3 }
|
|
|
|
agentSSHMaxSessionsCount OBJECT-TYPE
|
|
SYNTAX Integer32 (0..5)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Max number of SSH sessions permitted on this switch."
|
|
::= { agentSSHConfigGroup 4 }
|
|
|
|
agentSSHSessionTimeout OBJECT-TYPE
|
|
SYNTAX Integer32 (1..3932159)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SSH idle timeout value for this switch in seconds. The
|
|
upper limit represents 65535 minutes and 59 seconds."
|
|
::= { agentSSHConfigGroup 5 }
|
|
|
|
agentSSHKeysPresent OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
dsa(1),
|
|
rsa(2),
|
|
both(3), --deprecated
|
|
none(4),
|
|
ecdsa(5),
|
|
all(6)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates what key files are present on the device, if any."
|
|
::= { agentSSHConfigGroup 6 }
|
|
|
|
agentSSHKeyGenerationStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
dsa(1),
|
|
rsa(2),
|
|
both(3), --deprecated
|
|
none(4),
|
|
ecdsa(5),
|
|
all(6)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates what key files are currently being generated, if any."
|
|
::= { agentSSHConfigGroup 7 }
|
|
|
|
agentSSHRSAKeyControl OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noop(1),
|
|
generate(2),
|
|
delete(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Controls RSA key generation and deletion. Always returns noop(1)."
|
|
::= { agentSSHConfigGroup 8 }
|
|
|
|
agentSSHDSAKeyControl OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noop(1),
|
|
generate(2),
|
|
delete(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Controls DSA key generation and deletion. Always returns noop(1)."
|
|
::= { agentSSHConfigGroup 9 }
|
|
|
|
agentSSHExecBannerState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Shows/Changes EXEC banner state on SSH session."
|
|
DEFVAL { enable }
|
|
::= { agentSSHConfigGroup 10 }
|
|
|
|
agentSSHLoginBannerState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Shows/Changes login banner state on SSH session."
|
|
DEFVAL { enable }
|
|
::= { agentSSHConfigGroup 11 }
|
|
|
|
agentSSHMotdBannerState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Shows/Changes MOTD banner state on SSH session."
|
|
DEFVAL { enable }
|
|
::= { agentSSHConfigGroup 12 }
|
|
|
|
agentSSHEcdsaKeyControl OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noop(1),
|
|
generate(2),
|
|
delete(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Controls ECDSA key generation and deletion. A read of this object always returns noop(1)."
|
|
::= { agentSSHConfigGroup 13 }
|
|
|
|
agentSSHEcdsaKeyLen OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Get/Set ECDSA key length. Supported Key lengths are 256, 384 and 521 bits."
|
|
::= { agentSSHConfigGroup 14 }
|
|
|
|
|
|
--**************************************************************************************
|
|
-- agentOutboundSSHGroup -> contains MIB objects displaying various properties
|
|
-- of a Outbound SSH
|
|
--
|
|
--**************************************************************************************
|
|
|
|
agentOutboundSSHGroup OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 3}
|
|
|
|
agentOutboundSSHMaxSessions OBJECT-TYPE
|
|
SYNTAX INTEGER (0..5)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The maximum no. of Outbound SSH sessions allowed."
|
|
DEFVAL { 5 }
|
|
::= { agentOutboundSSHGroup 1 }
|
|
|
|
agentOutboundSSHActiveSessions OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Get the number of active outgoing SSH sessions."
|
|
::= { agentOutboundSSHGroup 2 }
|
|
|
|
|
|
agentOutboundSSHTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER (0..160)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The login inactivity timeout value for Outbound SSH."
|
|
DEFVAL { 5 }
|
|
::= { agentOutboundSSHGroup 3 }
|
|
|
|
|
|
END
|