Re: How to create a VACM view that blocks particular rows in a table

Tue, 04 Sep 2012 03:11:13 -0700 

On 4 September 2012 09:37, Suresh kumar <skjaiswa...@hotmail.com> wrote:
>                                   But anyone who has
> rw/ro access to the Snmpusm table will be able to view these internal users
> starting with “defaultXXXX” as well. We want that when any operator accesses
> SNMPUSM table, he should be able to view users that are created ( for
> example deepti1 in the below case) but not the internal users/default users
> ( starting with “defaultXXXXX”).

OK - I see what you mean.

>                               In VACM terms, this implies creating a view
> where particular rows belonging to a table can be accessed while some can be
> blocked.

Exactly.

>   We want a sample VACM configuration for the same.

Not tested, but try something like the following:

    view   myVacm  included  .1.3.6.1.6.3.15.1.2.2
    view   myVacm  excluded
.1.3.6.1.6.3.15.1.2.2.1.0.17.{engineID}.0.100.101.102.97.117.108.116
0xff:ef:ff:fd:fa
    rouser  {operator}  auth  -V myVacm

or

    view   myVacm  included  .1.3.6.1.6.3.15.1.2.2
    view   myVacm  excluded
.1.3.6.1.6.3.15.1.2.2.1.0.17.{engineID}.0.100.101.102.97.117.108.116
0xff:e0:00:01:fa
    rouser  {operator}  auth  -V myVacm


You'll need to insert the (numeric) value of your SNMP Engine ID where
indicated.
Try running the same "snmpwalk" command as before but with the option '-On' to
see the appropriate values.

Note that the mask is crafted based on a 17-octet engineID (which seems to
be what you're using).   If that's not correct, then you'll need to
tweak the OID
and mask accordingly.
   The difference between the two sample above are whether the engine ID is
explicitly matched, or ignored.   It shouldn't make any real
difference which you use.
But the length of the engineID *is* significant, as this affects the
masking bits
that are applied to the username.


Dave

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Reply via email to