I have used SNMP4J and SNMP4J-Agent to implement a SNMP agent running on an embedded system. I have used AGENPro to generate my MIB file for my custom application and then went in and implemented the isValueOk(), getValue() and setValue() functions for each datapoint. I am at the point now where I need to set the read-only and read-write community passwords, but I am not sure where to start. The Read communtiy password can be the default “public” but I need the read-write password to be based on another password internal to the system. I also need a way to change this password dynamically, if the user decides to change the password on the machine.
I can post my source if necessary, but the gist is I have impmented a class called Agent that implements VariableProvider, and have a custom Modules.java file that contains my custom MIBS.
When you use AgenPro, the agent has already a couple of standard MIBs included in the agent. With the SNMP-COMMUNITY-MIB you can change the communities using SNMP. In the default configuration, this is only possible using SNMPV3 with an AuthPriv User.
To provision non-default settings, please modify the propertied file that has been generated. That contains the initial confit that is used when no persistent config is available (usually the at first boot).
Does that help?
It helps somewhat.
What if I need to change the security name programatically while the system is running?
As of now In Agent.run() I un-register all of the standard MIBS and then I re-register the SNMPCommunity MIB as well as my custom MIB.
If I go into my MIB viewer I see all of the data from my MIB and the community MIB. If I SET the SNMPCommunityMIB security names from the MIB browser, password protection works ( ie I have to enter the security name into my MIB browser to read/write)
My custom MIB also has OIDs allocated for read and write security words, but they do not behave like security words (they aren’t validated against the read/write community words that I have entered into my MIB browser)
How can I change my MIB file so that they system uses the data at the OID’s that I have specified for read and write communities?
Thanks for the help, I haven’t worked with SNMP before and it is a little overwhelming.
First of all, I think it is not quite a good idea to unregister the standard MIBs. That will break many functions that are required by the agent to work SNMP(v3) standard conform.
Please also note: communities provide no security at all!
Instead, please use SNMPv3 and authPriv security level.
To modify access rights, use the VACM MIB that is a standard MIB and by default registered by the agent. You can access the MIB data using MOServer interface during runtime but also using the VacmMIB object. To be sure to not interfere with concurrent running SNMP requests, you may use the ManagedObject locking DefaultMOServer provides (using write access intention).