0

I have created a MIB file which contains some fields which I want to hide from the user.

I don't want the user to see the field or column in a MIB browser; neither do I want the user to be able to fetch the value of the field using SNMP SET/GET linux commands.

Is there any way to do so?

k1eran
  • 4,492
  • 8
  • 50
  • 73
user1578656
  • 131
  • 1
  • 3
  • 6

2 Answers2

0

No. If it's in the MIB, the user can see it. Even if the user doesn't have the MIB file, he will still get the columns' data from the server with a walk command.

QuestionC
  • 10,006
  • 4
  • 26
  • 44
  • Agree with this answer regarding GETs but perhaps worth also mentioning use of MAX-ACCESS which will allow you to prevent e.g. SNMP SETs. See http://stackoverflow.com/questions/11735527/how-does-system-fill-mib-entries-with-read-only-access which also lists the set of allowed MAX-ACCESS values. – k1eran Mar 04 '15 at 10:01
  • Actually i want to hide it from mib browsers as well so basically was asking whether there is any procedure in ASN by which we can hide any field in MIB table? – user1578656 Mar 04 '15 at 11:02
0

Dont know of a ASN-level solution though I guess you could have two separate tables (or branches) at different parts of the OID tree, one with the secret column (or OIDs) and the other without.

Then you could use different users (via SNMP community strings) to control access to each part of the tree. I know SNMP security (in v2) is really weak but that's another story.

See discussion on opennms forum for some views on this painful approach.

k1eran
  • 4,492
  • 8
  • 50
  • 73