Configuration Parameters

The component uses configuration parameters specified in the [SNMPD] section of the unified configuration file of Dr.Web Server Security Suite.

The section contains the following parameters:

Parameter

Description

LogLevel

{logging level}

Logging level of the component.

If a parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.

Default value: Notice

Log

{log type}

Logging method of the component.

Default value: Auto

ExePath

{path to file}

Component executable path.

Default value:

for GNU/Linux: /opt/drweb.com/bin/drweb-snmpd

for FreeBSD: /usr/local/libexec/drweb.com/bin/drweb-snmpd

Start

{boolean}

Launch/do not launch the component by the Dr.Web ConfigD configuration daemon.

When you specify the Yes value for this parameter, it the configuration daemon will start the component immediately; and when you specify the No value, the configuration daemon will terminate the component immediately.

Default value: No

RunAsUser

{UID | user name}

User on behalf of whom the component is started. Either a numerical UID of the user or a user name (login) can be specified. If the user name consists of numbers (that is, the name is similar to a numerical UID), it must be specified with the name: prefix, for example, RunAsUser = name:123456.

If the user name is not specified, the component shuts down with an error upon startup.

Default value: drweb

ListenAddress

{address}

Address (IP address and port) listened by Dr.Web SNMPD, which is waiting for client connections (SNMP managers).

Note that interaction with snmpd requires a specified port, different from the standard port (161), and snmpd must be configured for proxying.

Default value: 127.0.0.1:161

SnmpVersion

{V2c | V3}

The current version of SNMP protocol (SNMPv2c or SNMPv3).

Default value: V2c

V3EngineId

{string}

Identifier (string) of Engine ID for SNMPv3 (according to RFC 3411).

Default value: 800073FA044452574542

TrapReceiver

{address list}

List of addresses (IP address and port) to which Dr.Web SNMPD sends SNMP trap notifications when Dr.Web Server Security Suite components detect a threat.

Accepts a list of values. The values in the list must be comma-separated (with each value put in quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add sockets 192.168.0.1:1234 and 10.20.30.45:5678 to the list.

1.Adding values to the configuration file.

Two values per line:

[SNMPD]
TrapReceiver = "192.168.0.1:1234", "10.20.30.45:5678"

Two lines (one value per line):

[SNMPD]
TrapReceiver = 192.168.0.1:1234
TrapReceiver = 10.20.30.45:5678

2.Adding values with the drweb-ctl cfset command:

# drweb-ctl cfset SNMPD.TrapReceiver -a 192.168.0.1:1234
# drweb-ctl cfset SNMPD.TrapReceiver -a 10.20.30.45:5678

Default value: (not specified)

V2cCommunity

{string}

The string “SNMP read community” for authentication of SNMP managers (SNMPv2c protocol) when Dr.Web MIB variables are accessed for reading.

The parameter is used if SnmpVersion = V2c.

Default value: public

V3UserName

{string}

The user name for authentication of SNMP managers (SNMPv3 protocol) when Dr.Web MIB variables are accessed for reading.

The parameter is used if SnmpVersion = V3.

Default value: noAuthUser

V3Auth

{SHA(<pwd>) | MD5(<pwd>) | None}

Method to authenticate SNMP managers (SNMPv3 protocol) when Dr.Web MIB variables are accessed for reading.

Allowed values:

SHA(<PWD>)—SHA hash of the password is used (<PWD> strings);

MD5(<PWD>)—MD5 hash of the password is used (<PWD> strings);

None—authentication is disabled;

where <PWD> is a plain text password.

When specifying the parameter value from the command line, you may need to escape the brackets by using the slash mark \ in some shells.

Examples:

1.Parameter value in the configuration file:

V3Auth = MD5(123456)

2.Specifying the same parameter value from the command line with the drweb-ctl cfset command:

drweb-ctl cfset SNMPD.V3Auth MD5\(123456\)

The parameter is used if SnmpVersion = V3.

Default value: None

V3Privacy

{DES(<secret>) | AES128(<secret>) | None}

Encryption method for SNMP messages (SNMPv3 protocol).

Allowed values:

DES(<secret>)—DES encryption algorithm;

AES128(<secret>)—AES128 encryption algorithm;

None—SNMP-messages are not encrypted;

where <secret> is a secret key shared by the manager and the agent (plain text).

When specifying the parameter value from the command line, you may need to escape the brackets by using the slash mark \ in some shells.

Examples:

1.Parameter value in the configuration file:

V3Privacy = AES128(supersecret)

2.Specifying the same parameter value from the command line with the drweb-ctl cfset command:

drweb-ctl cfset SNMPD.V3Privacy AES128\(supersecret\)

The parameter is used if SnmpVersion = V3.

Default value: None