Update : check SNMP

custom/custom_snmp

@@ -0,0 +1,7 @@
+# variables
+
+SNMP_SYSLOCATION="Server Room"
+SNMP_SYSCONTACT="admin@tips-of-mine.fr"
+SNMP_SYSNAME="$(hostname)"
+SNMP_SYSDESCR="Linux $(uname -r) on $(uname -m)"
+$SNMP_AGENTADDRESS="10.0.4.190,10.0.4.191"

modules/custom_prompt.sh

@@ -19,7 +19,6 @@ configure_custom_banner() {
   log_message "INFO" "Creating custom banner file"
 
   cat > "$banner_file" << 'EOF'
-
   _______ _                ____   __     __  __ _
  |__   __(_)              / __ \ / _|   |  \/  (_)
     | |   _ _ __  ___ ___| |  | | |_ ___| \  / |_ _ __   ___
@@ -40,6 +39,7 @@ Tout utilisateur autorisé est informé et reconnaît que ses actions
 peuvent être enregistrées, conservées et auditées conformément aux
 chartes/politiques internes de aux chartes/politiques internes de
 Tips-Of-Mine.
+
 EOF
 
   chmod +x "$banner_file"

modules/monitoring.sh

@@ -8,6 +8,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 # Source common functions and variables
 source "./common.sh"
+source "./custom/custom_snmp"
 
 # Function to configure SNMP
 configure_snmp() {
@@ -36,44 +37,59 @@ configure_snmp() {
 # SNMP Configuration
 # Generated by security hardening script
 
+# SECTION: Agent Operating Mode
+# This section defines how the agent will operate when it is running.
+
+# master: Should the agent operate as a master agent or not.
+# Currently, the only supported master agent type for this token is "agentx".
+master  agentx
+
 # Listen on localhost and specific network interface
-agentAddress udp:127.0.0.1:161,udp:161
+agentAddress 127.0.0.1,[::1],$SNMP_AGENTADDRESS
 
 # Information about this host
-sysLocation    "Server Room"
-sysContact     admin@example.com
-sysName        $(hostname)
-sysDescr       "Linux $(uname -r) on $(uname -m)"
+sysLocation    "$SNMP_SYSLOCATION"
+sysContact     $SNMP_SYSCONTACT
+sysName        $SNMP_SYSDESCR
+sysDescr       "$SNMP_SYSDESCR"
+
+# sysservices: The proper value for the sysServices object.
+sysServices    72
 
 # Authentication (replace with your own values)
 # Format: user_name security_name auth_protocol auth_passphrase priv_protocol priv_passphrase
-createUser authOnlyUser  MD5 "auth_pass_phrase"
-createUser authPrivUser  SHA "auth_pass_phrase" DES "priv_pass_phrase"
+#createUser authOnlyUser  MD5 "auth_pass_phrase"
+#createUser authPrivUser  SHA "auth_pass_phrase" DES "priv_pass_phrase"
 
 # Grant access to SNMPv3 users
-rouser   authOnlyUser auth
-rouser   authPrivUser priv
+#rouser   authOnlyUser auth
+#rouser   authPrivUser priv
+rouser   authPrivUser authpriv -V systemonly
 
 # Views
 view    systemonly   included    .1.3.6.1.2.1.1
 view    systemonly   included    .1.3.6.1.2.1.25.1
 
+# rocommunity: a SNMPv1/SNMPv2c read-only access community name
+rocommunity  public default -V systemonly
+rocommunity6 public default -V systemonly
+
 # Grant only system information to SNMPv3 users
-access  grpAuthOnlyUser  ""      usm     auth    nopriv  exact   systemonly  none    none
-access  grpAuthPrivUser  ""      usm     auth    priv    exact   systemonly  none    none
+#access  grpAuthOnlyUser  ""      usm     auth    nopriv  exact   systemonly  none    none
+#access  grpAuthPrivUser  ""      usm     auth    priv    exact   systemonly  none    none
 
 # Additional monitoring
 # Load averages
-extend load    /bin/cat   /proc/loadavg
+#extend load    /bin/cat   /proc/loadavg
 # Disk space
-extend dfspace /bin/df    -P
+#extend dfspace /bin/df    -P
 
 # Disable older SNMP versions (only allow SNMPv3)
-disableSnmpv1d yes
-disableSnmpv2cd yes
+#disableSnmpv1d yes
+#disableSnmpv2cd yes
 
 # Logging
-authtrapenable 1
+#authtrapenable 1
 EOF
 
   log_message "SUCCESS" "SNMP configuration created at $snmpd_conf"