feat: add SNMP v1/v3 support (#47)

* fix: updated README.md * feat: deleting config (#38) * feat: added SNMPv3 support * fix: added noAuth type and noPriv type for AuthProtocol and privProtocol respectively * fix: fixed the default type for authProtocol and privProtocol and make securityengineId become configurable * refactor: reformatted using black * fix: v1,v2,v3 support * fix: added more options for AuthProtocols and PrivProtocols * fix: added todo for logging Co-authored-by: weliasz <77732905+weliasz@users.noreply.github.com> Co-authored-by: Mayur Pipaliya <mayurah@users.noreply.github.com>
splunk · Apr 2, 2021 · d621dcc · d621dcc
1 parent 6d7fb71
commit d621dcc
Show file tree

Hide file tree

Showing 3 changed files with 115 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -56,4 +56,4 @@ sudo snmptrap -v 2c -c public 0.0.0.0:2162 '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4
 oid-type1="ObjectName" value1-type="TimeTicks" 1.3.6.1.2.1.1.3.0="123" value1="123" SNMPv2-MIB::sysUpTime.0="123" 正常运行时间="123"
 oid-type2="ObjectName" value2-type="ObjectIdentifier" 1.3.6.1.6.3.1.1.4.1.0="1.3.6.1.6.3.1.1.5.1" value2="1.3.6.1.6.3.1.1.5.1" SNMPv2-MIB::snmpTrapOID.0="SNMPv2-MIB::coldStart" 陷阱="None"
 oid-type3="ObjectName" value3-type="OctetString" 1.3.6.1.2.1.1.5.0="testk8s" value3="testk8s" SNMPv2-MIB::sysName.0="testk8s" 
-```
+```
diff --git a/splunk_connect_for_snmp_traps/manager/const.py b/splunk_connect_for_snmp_traps/manager/const.py
@@ -0,0 +1,23 @@
+from pysnmp.entity import config
+
+AuthProtocolMap = {
+    "MD5": config.usmHMACMD5AuthProtocol,
+    "SHA": config.usmHMACSHAAuthProtocol,
+    "SHA224": config.usmHMAC128SHA224AuthProtocol,
+    "SHA256": config.usmHMAC192SHA256AuthProtocol,
+    "SHA384": config.usmHMAC256SHA384AuthProtocol,
+    "SHA512": config.usmHMAC384SHA512AuthProtocol,
+    "NONE": config.usmNoAuthProtocol,
+}
+
+PrivProtocolMap = {
+    "DES": config.usmDESPrivProtocol,
+    "3DES": config.usm3DESEDEPrivProtocol,
+    "AES": config.usmAesCfb128Protocol,
+    "AES128": config.usmAesCfb128Protocol,
+    "AES192": config.usmAesCfb192Protocol,
+    "AES192BLMT": config.usmAesBlumenthalCfb192Protocol,
+    "AES256": config.usmAesCfb256Protocol,
+    "AES256BLMT": config.usmAesBlumenthalCfb256Protocol,
+    "NONE": config.usmNoPrivProtocol,
+}
diff --git a/splunk_connect_for_snmp_traps/manager/trap_server.py b/splunk_connect_for_snmp_traps/manager/trap_server.py
@@ -4,11 +4,23 @@
 from pysnmp.entity import engine, config
 from pysnmp.entity.rfc3413 import ntfrcv
 
+from pysnmp.proto.secmod.rfc3826.priv import aes
+from pysnmp.proto.secmod.rfc3414.auth import hmacsha
+from pysnmp.proto import rfc1902
+
 from splunk_connect_for_snmp_traps.manager.hec_sender import HecSender
 from splunk_connect_for_snmp_traps.manager.mib_server_client import get_translation
+from splunk_connect_for_snmp_traps.manager.const import AuthProtocolMap, PrivProtocolMap
 import socket
 import os
 
+
+# *TODO*: enable debug all only if end-user has set debug logging mode.
+# debugging log for SNMPv3 trap
+from pysnmp import debug
+
+debug.setLogger(debug.Debug("all"))
+
 logger = logging.getLogger(__name__)
 
 
@@ -41,9 +53,87 @@ def configure_trap_server(self):
             )
         # SNMPv1/2c setup
         # SecurityName <-> CommunityName mapping
-        for community in snmp_config["communities"]["v1"]:
+        """
+        test snmptrap command:
+        v1: 
+        sudo snmptrap -v 1 -c public localhost:2162 '1.2.3.4.5.6' '192.193.194.195' 6 99 '55' 1.11.12.13.14.15  s "teststring"
+        v2c:
+        sudo snmptrap -v 2c -c public localhost:2162 123 1.3.6.1.6.3.1.1.5.1 1.3.6.1.2.1.1.5.0 s test2
+
+        """
+        for community in snmp_config["communities"].get("v1", None):
+            logger.info(f"Configuring V1 {community}")
+            config.addV1System(self._snmp_engine, community, community)
+
+        for community in snmp_config["communities"].get("v2", None):
             logger.info(f"Configuring V1 {community}")
             config.addV1System(self._snmp_engine, community, community)
+
+        # SNMPv3/USM setup
+        """
+        SNMPv3 params for addV3User(
+            snmpEngine,
+            userName,
+            authProtocal: MD5(default),
+            authKey,
+            privProtocal: DES(default),
+            engineID: snmptrap command should specify the same egienID by using option -e
+        )
+
+        test snmptrap command:
+        user1: snmpv3test
+        sudo snmptrap -v 3 -e 0x8000000004030201 -l noAuthNoPriv -u snmpv3test localhost:2162 123 1.3.6.1.6.3.1.1.5.1
+        sudo snmptrap -v 3 -e 0x8000000004030201 -l authPriv -u snmpv3test -A AuthPass1 -X PrivPass2 localhost:2162 2 1.3.6.1.2.1.1.3.0
+        sudo snmptrap -v 3 -e 0x8000000004030201 -l authPriv -u snmpv3test -a MD5 -A AuthPass1 -x DES -X PrivPass2 localhost:2162 ''  1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 60
+
+        user2: snmpv3test2
+        sudo snmptrap -v 3 -e 0x8000000004030202 -l noAuthNoPriv -u snmpv3test2 localhost:2162 123 1.3.6.1.6.3.1.1.5.1
+        sudo snmptrap -v 3 -e 0x8000000004030202 -l authPriv -u snmpv3test2 -a SHA -A AuthPass11 -x AES -X PrivPass22 localhost:2162 ''  1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 120
+        
+        user3: snmpv3test3
+        sudo snmptrap -e 0x8000000004030203 -v3 -l noAuthNoPriv -u snmpv3test3 localhost:2162 123 1.3.6.1.6.3.1.1.5.1
+        """
+        for user_config in snmp_config["communities"].get("v3", None):
+            # user_config = snmp_config["communities"]["v3"].get(user)
+            logger.info(f"Configuring V3 {user_config}")
+            username = user_config.get("userName", None)
+            authprotocol = AuthProtocolMap[
+                user_config.get("authProtocol", "NONE").upper()
+            ]
+            authkey = user_config.get("authKey", None)
+            # authProtocol default is NoAuth if authKey is None
+            # authProtocol default is MD5 if authKey is given
+            if user_config.get("authProtocol", None) is None and authkey is not None:
+                authprotocol = AuthProtocolMap[
+                    user_config.get("authProtocol", "MD5").upper()
+                ]
+            privprotocol = PrivProtocolMap[
+                user_config.get("privProtocol", "NONE").upper()
+            ]
+            privkey = user_config.get("privKey", None)
+            # privProtocol default is NoPriv if privKey is None
+            # privProtocol default is DES if privKey is given
+            if user_config.get("privProtocol", None) is None and privkey is not None:
+                privprotocol = PrivProtocolMap[
+                    user_config.get("privProtocol", "DES").upper()
+                ]
+            securityengineId = user_config.get("securityEngineId", None)
+            if securityengineId:
+                securityengineId = rfc1902.OctetString(hexValue=str(securityengineId))
+            logger.info(
+                f"V3 params: username: {username}, authprotocol: {user_config.get('authProtocol', None)}-{authprotocol}, authkey: {authkey}, privprotocol: {user_config.get('privProtocol', None)}-{privprotocol}, privkey: {privkey}, securityengineId: {securityengineId}"
+            )
+            config.addV3User(
+                self._snmp_engine,
+                username,
+                authprotocol,
+                authkey,
+                privprotocol,
+                privkey,
+                securityengineId,
+            )
+        logger.debug(f"config: {config}")
+
         # Register SNMP Application at the SNMP engine
         ntfrcv.NotificationReceiver(self._snmp_engine, self.snmp_callback_function)