757 lines
31 KiB
Plaintext
757 lines
31 KiB
Plaintext
HP-ICF-SECURITY DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
Integer32, IpAddress, TimeTicks,
|
|
OBJECT-TYPE, MODULE-IDENTITY
|
|
FROM SNMPv2-SMI
|
|
DisplayString, RowStatus
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
hpicfObjectModules, icfSecurity
|
|
FROM HP-ICF-OID
|
|
InetAddress, InetAddressType, InetAddressPrefixLength
|
|
FROM INET-ADDRESS-MIB;
|
|
|
|
icfSecurityMib MODULE-IDENTITY
|
|
LAST-UPDATED "200710010903Z" -- October 01, 2007
|
|
ORGANIZATION "Hewlett Packard Company,
|
|
Network Infrastructure Solutions"
|
|
CONTACT-INFO "Hewlett Packard Company
|
|
8000 Foothills Blvd.
|
|
Roseville, CA 95747"
|
|
DESCRIPTION "This MIB module describes objects for managing
|
|
the SNMPv1 authorization configuration for
|
|
devices in the HP Integrated Communication
|
|
Facility product line."
|
|
|
|
REVISION "200710010903Z" -- October 01, 2007
|
|
DESCRIPTION "Deprecated icfAuthIPMgrAddress and icfAuthIPMgrMask."
|
|
|
|
REVISION "200301090112Z" -- January 9, 2003
|
|
DESCRIPTION "Deprecated icfCommunityTable and icfAuthMgrTable."
|
|
|
|
REVISION "200011030756Z" -- November 3, 2000
|
|
DESCRIPTION "Added icfAuthIPMgrTable. Updated division name."
|
|
|
|
REVISION "9609100200Z" -- September 10, 1996
|
|
DESCRIPTION "Updated division name in ORGANIZATION clause."
|
|
|
|
REVISION "9601250356Z" -- October 25, 1996
|
|
DESCRIPTION "Split this MIB module from the former monolithic
|
|
hp-icf MIB. Added the SNMP community group."
|
|
|
|
REVISION "9307090000Z" -- July 9, 1993
|
|
DESCRIPTION "Initial version of this MIB module."
|
|
::= { hpicfObjectModules 1 }
|
|
|
|
|
|
-- The HP ICF Security Group. This group contains objects for
|
|
-- configuring SNMPv1 (non)security for this agent.
|
|
|
|
|
|
icfSecurPassword OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..63))
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS OBJECT IS DEPRECATED *********
|
|
|
|
This variable contains a string which is used
|
|
both as the community name for the password
|
|
community, and as the login password for the
|
|
console port. This community name is needed for
|
|
most SET operations. In addition, the variables
|
|
in the ICF security group are only visible within
|
|
the password community, and must use the value of
|
|
this variable as the community name for GET
|
|
operations. If the value of this variable is
|
|
equal to the null string, the community name
|
|
'public' or the null string will be treated the
|
|
same as the password community.
|
|
|
|
This object has been deprecated. Its functionality
|
|
has been replaced by the icfCommunityTable."
|
|
::= { icfSecurity 1 }
|
|
|
|
icfSecurAuthAnyMgr OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS OBJECT IS DEPRECATED *********
|
|
|
|
When this variable is set to enabled, any manager
|
|
with a valid community name may perform SET
|
|
operations on this device. In this configuration,
|
|
entries in the icfSecurAuthMgrTable are used only
|
|
for trap destinations. If this variable is set to
|
|
disabled, a manager must be in the
|
|
icfSecurAuthMgrTable and have a valid community
|
|
name in order to perform SET operations.
|
|
|
|
This object has been deprecated. Its functionality
|
|
has been replaced by the icfAuthMgrTable."
|
|
::= { icfSecurity 2 }
|
|
|
|
icfSecurAuthMgrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF IcfSecurAuthMgrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS OBJECT IS DEPRECATED *********
|
|
|
|
This table contains a list of addresses of
|
|
managers that are allowed to perform SET
|
|
operations on this device, and controls the
|
|
destination addresses for traps. If
|
|
icfSecurAuthAnyMgr is set to disabled, a manager
|
|
must be in this table and use the correct
|
|
community name for the password community in order
|
|
to perform a GET operation on this table.
|
|
|
|
This table has been deprecated. It is replaced by
|
|
the icfAuthMgrTable. The trap destination
|
|
functionality has been replaced by the
|
|
hpicfTrapDestTable."
|
|
::= { icfSecurity 3 }
|
|
|
|
icfSecurAuthMgrEntry OBJECT-TYPE
|
|
SYNTAX IcfSecurAuthMgrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS OBJECT IS DEPRECATED *********
|
|
|
|
An entry in the icfSecurAuthMgrTable containing
|
|
information about a single manager.
|
|
|
|
This table has been deprecated. It is replaced by
|
|
the icfAuthMgrTable. The trap destination
|
|
functionality has been replaced by the
|
|
hpicfTrapDestTable."
|
|
INDEX { icfAuthMgrIndex }
|
|
::= { icfSecurAuthMgrTable 1 }
|
|
|
|
IcfSecurAuthMgrEntry ::=
|
|
SEQUENCE {
|
|
icfAuthMgrIndex Integer32,
|
|
icfAuthMgrIpAddress IpAddress,
|
|
icfAuthMgrIpxAddress OCTET STRING,
|
|
icfAuthMgrRcvTraps INTEGER
|
|
}
|
|
|
|
icfAuthMgrIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..10)
|
|
MAX-ACCESS read-only
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS OBJECT IS DEPRECATED *********
|
|
|
|
This object contains the index which uniquely
|
|
identifies this entry in the
|
|
icfSecurAuthMgrTable.
|
|
|
|
This table has been deprecated. It is replaced by
|
|
the icfAuthMgrTable. The trap destination
|
|
functionality has been replaced by the
|
|
hpicfTrapDestTable."
|
|
::= { icfSecurAuthMgrEntry 1 }
|
|
|
|
icfAuthMgrIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS OBJECT IS DEPRECATED *********
|
|
|
|
The IP address of a manager that is allowed to
|
|
manage this device. Setting this variable to a
|
|
nonzero value will clear the corresponding
|
|
instance of the icfAuthMgrIpxAddress variable.
|
|
|
|
This table has been deprecated. It is replaced by
|
|
the icfAuthMgrTable. The trap destination
|
|
functionality has been replaced by the
|
|
hpicfTrapDestTable."
|
|
::= { icfSecurAuthMgrEntry 2 }
|
|
|
|
icfAuthMgrIpxAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (10))
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS OBJECT IS DEPRECATED *********
|
|
|
|
The IPX address of a manager that is allowed to
|
|
manage this device. Setting this variable to a
|
|
valid IPX address will clear the corresponding
|
|
instance of the icfAuthMgrIpAddress variable.
|
|
|
|
This table has been deprecated. It is replaced by
|
|
the icfAuthMgrTable. The trap destination
|
|
functionality has been replaced by the
|
|
hpicfTrapDestTable."
|
|
::= { icfSecurAuthMgrEntry 3 }
|
|
|
|
icfAuthMgrRcvTraps OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS OBJECT IS DEPRECATED *********
|
|
|
|
If this variable is set to enabled, any traps
|
|
generated by this device will be sent to the
|
|
manager indicated by the corresponding instance of
|
|
either icfAuthMgrIpAddress or
|
|
icfAuthMgrIpxAddress, whichever is valid.
|
|
|
|
This table has been deprecated. It is replaced by
|
|
the icfAuthMgrTable. The trap destination
|
|
functionality has been replaced by the
|
|
hpicfTrapDestTable."
|
|
::= { icfSecurAuthMgrEntry 4 }
|
|
|
|
-- icfSecurIntruder objects. When the agent detects an
|
|
-- authentication failure, it records the violation in the
|
|
-- following objects and in nonvolatile memory. It uses the
|
|
-- icfSecurIntruderFlag as a throttle to prevent excessive
|
|
-- nvram writes.
|
|
|
|
icfSecurIntruder OBJECT IDENTIFIER ::= { icfSecurity 4 }
|
|
|
|
icfSecurIntruderFlag OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
valid(1),
|
|
invalid(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If this object is set to 'valid', the remainder
|
|
of the intruder objects contain information about
|
|
an authentication failure. The Security LED on
|
|
the device will blink if this flag is set to
|
|
'valid'. The intruder objects will not be
|
|
overwritten as long as this flag is set to
|
|
'valid'. Setting this flag to 'invalid' will turn
|
|
off the Security LED if there are no other
|
|
current violations, and will allow the intruder
|
|
objects to be overwritten by subsequent
|
|
authentication failures."
|
|
::= { icfSecurIntruder 1 }
|
|
|
|
icfSecurIntruderIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the manager that caused the
|
|
authentication failure. Only one of
|
|
icfSecurIntruderIpAddress and
|
|
icfSecurIntruderIPXAddress will be valid."
|
|
::= { icfSecurIntruder 2 }
|
|
|
|
icfSecurIntruderIpxAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (10))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IPX address of the manager that caused the
|
|
authentication failure. Only one of
|
|
icfSecurIntruderIpAddress and
|
|
icfSecurIntruderIPXAddress will be valid."
|
|
::= { icfSecurIntruder 3 }
|
|
|
|
icfSecurIntruderTime OBJECT-TYPE
|
|
SYNTAX TimeTicks
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of sysUpTime when the authentication
|
|
failure occurred. A value of 0 indicates that the
|
|
agent has been reset since this authentication
|
|
failure occurred."
|
|
::= { icfSecurIntruder 4 }
|
|
|
|
|
|
-- The SNMP community group. Used for configuring SNMPv1
|
|
-- (non)security. Replaces the old icfSecurity group.
|
|
|
|
icfCommunityTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF IcfCommunityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
This table contains information about community
|
|
names known by this agent."
|
|
::= { icfSecurity 5 }
|
|
|
|
icfCommunityEntry OBJECT-TYPE
|
|
SYNTAX IcfCommunityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
An entry in the table, containing information about
|
|
a single community name."
|
|
INDEX { icfCommunityIndex }
|
|
::= { icfCommunityTable 1 }
|
|
|
|
IcfCommunityEntry ::=
|
|
SEQUENCE {
|
|
icfCommunityIndex Integer32,
|
|
icfCommunityName OCTET STRING,
|
|
icfCommunityReadView INTEGER,
|
|
icfCommunityWriteView INTEGER,
|
|
icfCommunityStatus RowStatus
|
|
}
|
|
|
|
icfCommunityIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
Uniquely identifies this community name entry."
|
|
::= { icfCommunityEntry 1 }
|
|
|
|
icfCommunityName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
Community name this entry is about. Not allowed
|
|
to have two active rows with the same community
|
|
name."
|
|
::= { icfCommunityEntry 2 }
|
|
|
|
icfCommunityReadView OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
discovery(2),
|
|
restricted(3),
|
|
user(4),
|
|
root(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
The MIB view used for read requests using this
|
|
community name. One of the following:
|
|
'none' is the empty MIB view.
|
|
'discovery' has access to discovery objects, which
|
|
will be enough to do an address search, send
|
|
announce packets, and do a link test. This
|
|
view also includes objects under the
|
|
samplingProbe subtree. This view is typically
|
|
used as a writeView for a community used by
|
|
autodiscovery and autotopology applications.
|
|
'restricted' has access to a limited subset of the
|
|
MIB, which includes monitoring objects and
|
|
limited set of configuration objects.
|
|
'user' has access to everything except objects
|
|
under the icfSecurity subtree.
|
|
'root' has access to everything, including the
|
|
icfSecurity subtree."
|
|
::= { icfCommunityEntry 3 }
|
|
|
|
icfCommunityWriteView OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
discovery(2),
|
|
restricted(3),
|
|
user(4),
|
|
root(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
The MIB view used for write requests using this
|
|
community name. One of the following:
|
|
'none' is the empty MIB view.
|
|
'discovery' has access to discovery objects, which
|
|
will be enough to do an address search, send
|
|
announce packets, and do a link test. This
|
|
view also includes objects under the
|
|
samplingProbe subtree. This view is typically
|
|
used as a writeView for a community used by
|
|
autodiscovery and autotopology applications.
|
|
'restricted' has access to a limited subset of the
|
|
MIB, which includes monitoring objects and
|
|
limited set of configuration objects.
|
|
'user' has access to everything except objects
|
|
under the icfSecurity subtree.
|
|
'root' has access to everything, including the
|
|
icfSecurity subtree."
|
|
::= { icfCommunityEntry 4 }
|
|
|
|
icfCommunityStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
Status of this entry."
|
|
::= { icfCommunityEntry 5 }
|
|
|
|
icfAuthMgrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF IcfAuthMgrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
This table contains a list of manager addresses.
|
|
Entries in this table are grouped by using a common
|
|
value for icfCommunityIndex, that identifies the
|
|
community name that the group of manager addresses
|
|
has access to. A community name entry which has
|
|
a set of entries in this table can only be used by
|
|
requests originating from one of the addresses in
|
|
the set. A community name entry which has no
|
|
entries in this table can be used by requests
|
|
originating from any address."
|
|
::= { icfSecurity 6 }
|
|
|
|
icfAuthMgrEntry OBJECT-TYPE
|
|
SYNTAX IcfAuthMgrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
An entry in the table, containing a single
|
|
authorized manager address."
|
|
INDEX { icfCommunityIndex, icfAuthMgrSubIndex }
|
|
::= { icfAuthMgrTable 1 }
|
|
|
|
IcfAuthMgrEntry ::=
|
|
SEQUENCE {
|
|
icfAuthMgrSubIndex Integer32,
|
|
icfAuthMgrAddrType INTEGER,
|
|
icfAuthMgrAddress OCTET STRING,
|
|
icfAuthMgrMask OCTET STRING,
|
|
icfAuthMgrStatus RowStatus
|
|
}
|
|
|
|
icfAuthMgrSubIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
An index which uniquely identifies an address within
|
|
a group."
|
|
::= { icfAuthMgrEntry 1 }
|
|
|
|
icfAuthMgrAddrType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ip(1),
|
|
ipx(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
The network type for this entry."
|
|
::= { icfAuthMgrEntry 2 }
|
|
|
|
icfAuthMgrAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4|10))
|
|
MAX-ACCESS read-create
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
The manager address for this entry, formatted
|
|
according to the value of icfAuthMgrAddrType. When
|
|
icfAuthMgrAddrType is 'ip', this value will consist
|
|
of four octets, containing the IP address of the
|
|
manager in network byte order. When
|
|
icfAuthMgrAddrType is 'ipx', this value will consist
|
|
of ten octets. The first four octets will contain
|
|
the IPX network number in network byte order, and the
|
|
remaining six octets will contain the IPX node number
|
|
in network byte order."
|
|
::= { icfAuthMgrEntry 3 }
|
|
|
|
icfAuthMgrMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4|10))
|
|
MAX-ACCESS read-create
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
This object is used to qualify the value of the
|
|
corresponding instance of icfAuthMgrAddress. The
|
|
semantics of this object depend on the corresponding
|
|
value of icfAuthMgrAddrType. When icfAuthMgrType
|
|
is 'ip', this object can be used to allow access
|
|
by all managers on a particular IP subnet. When
|
|
icfAuthMgrType is 'ipx', this object can be used to
|
|
allow access by all managers with a particular IPX
|
|
network number."
|
|
::= { icfAuthMgrEntry 4 }
|
|
|
|
icfAuthMgrStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"******************DEPRECATED*******************
|
|
Status of this entry."
|
|
::= { icfAuthMgrEntry 5 }
|
|
|
|
|
|
icfAuthIPMgrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF IcfAuthIPMgrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table contains a list of IP manager
|
|
addresses. This list is used grant or deny
|
|
access to HTTP, telnet, and TFTP."
|
|
::= { icfSecurity 7 }
|
|
|
|
icfAuthIPMgrEntry OBJECT-TYPE
|
|
SYNTAX IcfAuthIPMgrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "An entry in the table containing a single
|
|
IP authorized manager address."
|
|
INDEX { icfAuthIPMgrIndex }
|
|
::= { icfAuthIPMgrTable 1 }
|
|
|
|
IcfAuthIPMgrEntry ::=
|
|
SEQUENCE {
|
|
icfAuthIPMgrIndex Integer32,
|
|
icfAuthIPMgrAddress IpAddress,
|
|
icfAuthIPMgrMask IpAddress,
|
|
icfAuthIPMgrAccess INTEGER,
|
|
icfAuthIPMgrStatus RowStatus,
|
|
icfAuthIPMgrInetAddrType InetAddressType,
|
|
icfAuthIPMgrInetAddress InetAddress,
|
|
icfAuthIPMgrInetAddrMaskType InetAddressType,
|
|
icfAuthIPMgrInetAddrMask InetAddress
|
|
}
|
|
|
|
icfAuthIPMgrIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "An index which uniquely identifies an address
|
|
within the group."
|
|
::= { icfAuthIPMgrEntry 1 }
|
|
|
|
icfAuthIPMgrAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS deprecated
|
|
DESCRIPTION "**************deprecated*********************
|
|
The IP address of the authorized manager for
|
|
this entry.
|
|
This object is deprecated new object icfAuthIPMgr
|
|
InetAddress has been defined to hold version neutral
|
|
address type."
|
|
::= { icfAuthIPMgrEntry 2 }
|
|
|
|
icfAuthIPMgrMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS deprecated
|
|
DESCRIPTION "**************deprecated**********************
|
|
This object qualifies the value of the
|
|
corresponding instance of icfAuthIPMgrAddress.
|
|
This object can be used to allow access by all
|
|
managers on a particular IP subnet.
|
|
This object is deprecated the new objects which are
|
|
defined to hold this is value are
|
|
icfAuthIPMgrInetAddrMaskType and icfAuthIPMgrInetAddrMask."
|
|
::= { icfAuthIPMgrEntry 3 }
|
|
|
|
icfAuthIPMgrAccess OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
operator(1),
|
|
manager(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object defines the access level for a
|
|
given manager. Operator allows for read only
|
|
access, and Manager allows for read/write
|
|
access."
|
|
::= { icfAuthIPMgrEntry 4 }
|
|
|
|
icfAuthIPMgrStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "Status of this entry."
|
|
::= { icfAuthIPMgrEntry 5 }
|
|
|
|
icfAuthIPMgrInetAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "Specifies the type of address stored in
|
|
icfAuthIPMgrInetAddress object."
|
|
::= { icfAuthIPMgrEntry 6 }
|
|
|
|
icfAuthIPMgrInetAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "The IP address of the authorized manager for
|
|
this entry.This object can hold the version
|
|
neutral IP address."
|
|
::= { icfAuthIPMgrEntry 7 }
|
|
|
|
icfAuthIPMgrInetAddrMaskType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "Specifies the type of IP Mask stored in
|
|
icfAuthIPMgrInetAddrMask object."
|
|
::= { icfAuthIPMgrEntry 8 }
|
|
|
|
icfAuthIPMgrInetAddrMask OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "This object qualifies the value of the
|
|
corresponding instance of icfAuthIPMgrInetAddress.
|
|
This object can be used to allow access by all
|
|
managers on a particular IP subnet.This object can
|
|
hold the version neutral IP address Mask."
|
|
::= { icfAuthIPMgrEntry 9 }
|
|
|
|
-- Conformance information
|
|
|
|
icfSecurityConformance
|
|
OBJECT IDENTIFIER ::= { icfSecurityMib 1 }
|
|
|
|
icfSecurityCompliances
|
|
OBJECT IDENTIFIER ::= { icfSecurityConformance 1 }
|
|
icfSecurityGroups
|
|
OBJECT IDENTIFIER ::= { icfSecurityConformance 2 }
|
|
|
|
|
|
-- compliance statements
|
|
|
|
icfSecurCompliance MODULE-COMPLIANCE
|
|
STATUS obsolete -- change to deprecated when new SMI
|
|
DESCRIPTION
|
|
"********* THIS COMPLIANCE IS DEPRECATED *********/
|
|
|
|
A compliance statement for agents implementing
|
|
the original version of this module."
|
|
MODULE
|
|
MANDATORY-GROUPS { icfSnmpSecurityGroup,
|
|
icfSecIntruderGroup }
|
|
|
|
::= { icfSecurityCompliances 1 }
|
|
|
|
|
|
icfV1CommunityCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS GROUP IS DEPRECATED *********
|
|
A compliance statement for HP ICF agents
|
|
implementing SNMPv1 community name management."
|
|
MODULE
|
|
MANDATORY-GROUPS { icfV1CommunityGroup }
|
|
|
|
GROUP icfSecIntruderGroup
|
|
DESCRIPTION
|
|
"This group should be implemented by devices
|
|
that are able to keep a non-volatile
|
|
record of authentication failures."
|
|
|
|
::= { icfSecurityCompliances 2 }
|
|
|
|
|
|
-- units of conformance
|
|
|
|
icfSnmpSecurityGroup OBJECT-GROUP
|
|
OBJECTS { icfSecurPassword,
|
|
icfSecurAuthAnyMgr,
|
|
icfAuthMgrIndex,
|
|
icfAuthMgrIpAddress,
|
|
icfAuthMgrIpxAddress,
|
|
icfAuthMgrRcvTraps
|
|
}
|
|
STATUS obsolete -- change to deprecated when new SMI
|
|
DESCRIPTION
|
|
"********* THIS GROUP IS DEPRECATED *********
|
|
|
|
A collection of objects for managing the SNMPv1
|
|
(non-)security configuration on HP networking
|
|
devices."
|
|
::= { icfSecurityGroups 1 }
|
|
|
|
icfSecIntruderGroup OBJECT-GROUP
|
|
OBJECTS { icfSecurIntruderFlag,
|
|
icfSecurIntruderIpAddress,
|
|
icfSecurIntruderIpxAddress,
|
|
icfSecurIntruderTime
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for tracking
|
|
authentication failures."
|
|
::= { icfSecurityGroups 2 }
|
|
|
|
icfV1CommunityGroup OBJECT-GROUP
|
|
OBJECTS { icfCommunityName,
|
|
icfCommunityReadView,
|
|
icfCommunityWriteView,
|
|
icfCommunityStatus,
|
|
icfAuthMgrAddrType,
|
|
icfAuthMgrAddress,
|
|
icfAuthMgrMask,
|
|
icfAuthMgrStatus
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS GROUP IS DEPRECATED *********
|
|
A collection of objects for managing SNMPv1
|
|
community strings."
|
|
::= { icfSecurityGroups 13 }
|
|
|
|
icfAuthIPMgrGroup OBJECT-GROUP
|
|
OBJECTS { icfAuthIPMgrAddress,
|
|
icfAuthIPMgrMask,
|
|
icfAuthIPMgrAccess,
|
|
icfAuthIPMgrStatus
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION "***************** deprecated ******************
|
|
A collection of objects for granting or denying
|
|
access to specific IP addresses for HTTP, telnet,
|
|
and TFTP.
|
|
This Group object has been deprecated and a new
|
|
group object has been defined with name
|
|
icfAuthIPMgrInetGroup."
|
|
::= { icfSecurityGroups 14 }
|
|
|
|
icfAuthIPMgrInetGroup OBJECT-GROUP
|
|
OBJECTS { icfAuthIPMgrInetAddrType,
|
|
icfAuthIPMgrInetAddress,
|
|
icfAuthIPMgrInetAddrMaskType,
|
|
icfAuthIPMgrInetAddrMask
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "A collection of objects for granting or denying
|
|
access to specific IP addresses for HTTP, telnet,
|
|
and TFTP."
|
|
::= { icfSecurityGroups 15 }
|
|
END
|
|
|