diff --git a/custom/custom_snmp b/custom/custom_snmp new file mode 100644 index 0000000..8301b31 --- /dev/null +++ b/custom/custom_snmp @@ -0,0 +1,7 @@ +# variables + +SNMP_SYSLOCATION="Server Room" +SNMP_SYSCONTACT="admin@tips-of-mine.fr" +SNMP_SYSNAME="$(hostname)" +SNMP_SYSDESCR="Linux $(uname -r) on $(uname -m)" +$SNMP_AGENTADDRESS="10.0.4.190,10.0.4.191" diff --git a/modules/custom_prompt.sh b/modules/custom_prompt.sh index 490d81b..d9ccf23 100644 --- a/modules/custom_prompt.sh +++ b/modules/custom_prompt.sh @@ -19,7 +19,6 @@ configure_custom_banner() { log_message "INFO" "Creating custom banner file" cat > "$banner_file" << 'EOF' - _______ _ ____ __ __ __ _ |__ __(_) / __ \ / _| | \/ (_) | | _ _ __ ___ ___| | | | |_ ___| \ / |_ _ __ ___ @@ -40,6 +39,7 @@ Tout utilisateur autorisé est informé et reconnaît que ses actions peuvent être enregistrées, conservées et auditées conformément aux chartes/politiques internes de aux chartes/politiques internes de Tips-Of-Mine. + EOF chmod +x "$banner_file" diff --git a/modules/monitoring.sh b/modules/monitoring.sh index df8b532..5ed2250 100644 --- a/modules/monitoring.sh +++ b/modules/monitoring.sh @@ -8,6 +8,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # Source common functions and variables source "./common.sh" +source "./custom/custom_snmp" # Function to configure SNMP configure_snmp() { @@ -36,44 +37,59 @@ configure_snmp() { # SNMP Configuration # Generated by security hardening script +# SECTION: Agent Operating Mode +# This section defines how the agent will operate when it is running. + +# master: Should the agent operate as a master agent or not. +# Currently, the only supported master agent type for this token is "agentx". +master agentx + # Listen on localhost and specific network interface -agentAddress udp:127.0.0.1:161,udp:161 +agentAddress 127.0.0.1,[::1],$SNMP_AGENTADDRESS # Information about this host -sysLocation "Server Room" -sysContact admin@example.com -sysName $(hostname) -sysDescr "Linux $(uname -r) on $(uname -m)" +sysLocation "$SNMP_SYSLOCATION" +sysContact $SNMP_SYSCONTACT +sysName $SNMP_SYSDESCR +sysDescr "$SNMP_SYSDESCR" + +# sysservices: The proper value for the sysServices object. +sysServices 72 # Authentication (replace with your own values) # Format: user_name security_name auth_protocol auth_passphrase priv_protocol priv_passphrase -createUser authOnlyUser MD5 "auth_pass_phrase" -createUser authPrivUser SHA "auth_pass_phrase" DES "priv_pass_phrase" +#createUser authOnlyUser MD5 "auth_pass_phrase" +#createUser authPrivUser SHA "auth_pass_phrase" DES "priv_pass_phrase" # Grant access to SNMPv3 users -rouser authOnlyUser auth -rouser authPrivUser priv +#rouser authOnlyUser auth +#rouser authPrivUser priv +rouser authPrivUser authpriv -V systemonly # Views view systemonly included .1.3.6.1.2.1.1 view systemonly included .1.3.6.1.2.1.25.1 +# rocommunity: a SNMPv1/SNMPv2c read-only access community name +rocommunity public default -V systemonly +rocommunity6 public default -V systemonly + # Grant only system information to SNMPv3 users -access grpAuthOnlyUser "" usm auth nopriv exact systemonly none none -access grpAuthPrivUser "" usm auth priv exact systemonly none none +#access grpAuthOnlyUser "" usm auth nopriv exact systemonly none none +#access grpAuthPrivUser "" usm auth priv exact systemonly none none # Additional monitoring # Load averages -extend load /bin/cat /proc/loadavg +#extend load /bin/cat /proc/loadavg # Disk space -extend dfspace /bin/df -P +#extend dfspace /bin/df -P # Disable older SNMP versions (only allow SNMPv3) -disableSnmpv1d yes -disableSnmpv2cd yes +#disableSnmpv1d yes +#disableSnmpv2cd yes # Logging -authtrapenable 1 +#authtrapenable 1 EOF log_message "SUCCESS" "SNMP configuration created at $snmpd_conf"