-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathHP-ICF-SECURITY
756 lines (662 loc) · 32.2 KB
/
HP-ICF-SECURITY
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
HP-ICF-SECURITY DEFINITIONS ::= BEGIN
IMPORTS
Integer32, IpAddress, TimeTicks,
OBJECT-TYPE, MODULE-IDENTITY
FROM SNMPv2-SMI
DisplayString, RowStatus
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
hpicfObjectModules, icfSecurity
FROM HP-ICF-OID
InetAddress, InetAddressType, InetAddressPrefixLength
FROM INET-ADDRESS-MIB;
icfSecurityMib MODULE-IDENTITY
LAST-UPDATED "200710010903Z" -- October 01, 2007
ORGANIZATION "Hewlett Packard Company,
Network Infrastructure Solutions"
CONTACT-INFO "Hewlett Packard Company
8000 Foothills Blvd.
Roseville, CA 95747"
DESCRIPTION "This MIB module describes objects for managing
the SNMPv1 authorization configuration for
devices in the HP Integrated Communication
Facility product line."
REVISION "200710010903Z" -- October 01, 2007
DESCRIPTION "Deprecated icfAuthIPMgrAddress and icfAuthIPMgrMask."
REVISION "200301090112Z" -- January 9, 2003
DESCRIPTION "Deprecated icfCommunityTable and icfAuthMgrTable."
REVISION "200011030756Z" -- November 3, 2000
DESCRIPTION "Added icfAuthIPMgrTable. Updated division name."
REVISION "9609100200Z" -- September 10, 1996
DESCRIPTION "Updated division name in ORGANIZATION clause."
REVISION "9601250356Z" -- October 25, 1996
DESCRIPTION "Split this MIB module from the former monolithic
hp-icf MIB. Added the SNMP community group."
REVISION "9307090000Z" -- July 9, 1993
DESCRIPTION "Initial version of this MIB module."
::= { hpicfObjectModules 1 }
-- The HP ICF Security Group. This group contains objects for
-- configuring SNMPv1 (non)security for this agent.
icfSecurPassword OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..63))
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"********* THIS OBJECT IS DEPRECATED *********
This variable contains a string which is used
both as the community name for the password
community, and as the login password for the
console port. This community name is needed for
most SET operations. In addition, the variables
in the ICF security group are only visible within
the password community, and must use the value of
this variable as the community name for GET
operations. If the value of this variable is
equal to the null string, the community name
'public' or the null string will be treated the
same as the password community.
This object has been deprecated. Its functionality
has been replaced by the icfCommunityTable."
::= { icfSecurity 1 }
icfSecurAuthAnyMgr OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"********* THIS OBJECT IS DEPRECATED *********
When this variable is set to enabled, any manager
with a valid community name may perform SET
operations on this device. In this configuration,
entries in the icfSecurAuthMgrTable are used only
for trap destinations. If this variable is set to
disabled, a manager must be in the
icfSecurAuthMgrTable and have a valid community
name in order to perform SET operations.
This object has been deprecated. Its functionality
has been replaced by the icfAuthMgrTable."
::= { icfSecurity 2 }
icfSecurAuthMgrTable OBJECT-TYPE
SYNTAX SEQUENCE OF IcfSecurAuthMgrEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"********* THIS OBJECT IS DEPRECATED *********
This table contains a list of addresses of
managers that are allowed to perform SET
operations on this device, and controls the
destination addresses for traps. If
icfSecurAuthAnyMgr is set to disabled, a manager
must be in this table and use the correct
community name for the password community in order
to perform a GET operation on this table.
This table has been deprecated. It is replaced by
the icfAuthMgrTable. The trap destination
functionality has been replaced by the
hpicfTrapDestTable."
::= { icfSecurity 3 }
icfSecurAuthMgrEntry OBJECT-TYPE
SYNTAX IcfSecurAuthMgrEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"********* THIS OBJECT IS DEPRECATED *********
An entry in the icfSecurAuthMgrTable containing
information about a single manager.
This table has been deprecated. It is replaced by
the icfAuthMgrTable. The trap destination
functionality has been replaced by the
hpicfTrapDestTable."
INDEX { icfAuthMgrIndex }
::= { icfSecurAuthMgrTable 1 }
IcfSecurAuthMgrEntry ::=
SEQUENCE {
icfAuthMgrIndex Integer32,
icfAuthMgrIpAddress IpAddress,
icfAuthMgrIpxAddress OCTET STRING,
icfAuthMgrRcvTraps INTEGER
}
icfAuthMgrIndex OBJECT-TYPE
SYNTAX Integer32 (1..10)
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"********* THIS OBJECT IS DEPRECATED *********
This object contains the index which uniquely
identifies this entry in the
icfSecurAuthMgrTable.
This table has been deprecated. It is replaced by
the icfAuthMgrTable. The trap destination
functionality has been replaced by the
hpicfTrapDestTable."
::= { icfSecurAuthMgrEntry 1 }
icfAuthMgrIpAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"********* THIS OBJECT IS DEPRECATED *********
The IP address of a manager that is allowed to
manage this device. Setting this variable to a
nonzero value will clear the corresponding
instance of the icfAuthMgrIpxAddress variable.
This table has been deprecated. It is replaced by
the icfAuthMgrTable. The trap destination
functionality has been replaced by the
hpicfTrapDestTable."
::= { icfSecurAuthMgrEntry 2 }
icfAuthMgrIpxAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (10))
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"********* THIS OBJECT IS DEPRECATED *********
The IPX address of a manager that is allowed to
manage this device. Setting this variable to a
valid IPX address will clear the corresponding
instance of the icfAuthMgrIpAddress variable.
This table has been deprecated. It is replaced by
the icfAuthMgrTable. The trap destination
functionality has been replaced by the
hpicfTrapDestTable."
::= { icfSecurAuthMgrEntry 3 }
icfAuthMgrRcvTraps OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"********* THIS OBJECT IS DEPRECATED *********
If this variable is set to enabled, any traps
generated by this device will be sent to the
manager indicated by the corresponding instance of
either icfAuthMgrIpAddress or
icfAuthMgrIpxAddress, whichever is valid.
This table has been deprecated. It is replaced by
the icfAuthMgrTable. The trap destination
functionality has been replaced by the
hpicfTrapDestTable."
::= { icfSecurAuthMgrEntry 4 }
-- icfSecurIntruder objects. When the agent detects an
-- authentication failure, it records the violation in the
-- following objects and in nonvolatile memory. It uses the
-- icfSecurIntruderFlag as a throttle to prevent excessive
-- nvram writes.
icfSecurIntruder OBJECT IDENTIFIER ::= { icfSecurity 4 }
icfSecurIntruderFlag OBJECT-TYPE
SYNTAX INTEGER {
valid(1),
invalid(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If this object is set to 'valid', the remainder
of the intruder objects contain information about
an authentication failure. The Security LED on
the device will blink if this flag is set to
'valid'. The intruder objects will not be
overwritten as long as this flag is set to
'valid'. Setting this flag to 'invalid' will turn
off the Security LED if there are no other
current violations, and will allow the intruder
objects to be overwritten by subsequent
authentication failures."
::= { icfSecurIntruder 1 }
icfSecurIntruderIpAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the manager that caused the
authentication failure. Only one of
icfSecurIntruderIpAddress and
icfSecurIntruderIPXAddress will be valid."
::= { icfSecurIntruder 2 }
icfSecurIntruderIpxAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (10))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IPX address of the manager that caused the
authentication failure. Only one of
icfSecurIntruderIpAddress and
icfSecurIntruderIPXAddress will be valid."
::= { icfSecurIntruder 3 }
icfSecurIntruderTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime when the authentication
failure occurred. A value of 0 indicates that the
agent has been reset since this authentication
failure occurred."
::= { icfSecurIntruder 4 }
-- The SNMP community group. Used for configuring SNMPv1
-- (non)security. Replaces the old icfSecurity group.
icfCommunityTable OBJECT-TYPE
SYNTAX SEQUENCE OF IcfCommunityEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
This table contains information about community
names known by this agent."
::= { icfSecurity 5 }
icfCommunityEntry OBJECT-TYPE
SYNTAX IcfCommunityEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
An entry in the table, containing information about
a single community name."
INDEX { icfCommunityIndex }
::= { icfCommunityTable 1 }
IcfCommunityEntry ::=
SEQUENCE {
icfCommunityIndex Integer32,
icfCommunityName OCTET STRING,
icfCommunityReadView INTEGER,
icfCommunityWriteView INTEGER,
icfCommunityStatus RowStatus
}
icfCommunityIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
Uniquely identifies this community name entry."
::= { icfCommunityEntry 1 }
icfCommunityName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..32))
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
Community name this entry is about. Not allowed
to have two active rows with the same community
name."
::= { icfCommunityEntry 2 }
icfCommunityReadView OBJECT-TYPE
SYNTAX INTEGER {
none(1),
discovery(2),
restricted(3),
user(4),
root(5)
}
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
The MIB view used for read requests using this
community name. One of the following:
'none' is the empty MIB view.
'discovery' has access to discovery objects, which
will be enough to do an address search, send
announce packets, and do a link test. This
view also includes objects under the
samplingProbe subtree. This view is typically
used as a writeView for a community used by
autodiscovery and autotopology applications.
'restricted' has access to a limited subset of the
MIB, which includes monitoring objects and
limited set of configuration objects.
'user' has access to everything except objects
under the icfSecurity subtree.
'root' has access to everything, including the
icfSecurity subtree."
::= { icfCommunityEntry 3 }
icfCommunityWriteView OBJECT-TYPE
SYNTAX INTEGER {
none(1),
discovery(2),
restricted(3),
user(4),
root(5)
}
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
The MIB view used for write requests using this
community name. One of the following:
'none' is the empty MIB view.
'discovery' has access to discovery objects, which
will be enough to do an address search, send
announce packets, and do a link test. This
view also includes objects under the
samplingProbe subtree. This view is typically
used as a writeView for a community used by
autodiscovery and autotopology applications.
'restricted' has access to a limited subset of the
MIB, which includes monitoring objects and
limited set of configuration objects.
'user' has access to everything except objects
under the icfSecurity subtree.
'root' has access to everything, including the
icfSecurity subtree."
::= { icfCommunityEntry 4 }
icfCommunityStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
Status of this entry."
::= { icfCommunityEntry 5 }
icfAuthMgrTable OBJECT-TYPE
SYNTAX SEQUENCE OF IcfAuthMgrEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
This table contains a list of manager addresses.
Entries in this table are grouped by using a common
value for icfCommunityIndex, that identifies the
community name that the group of manager addresses
has access to. A community name entry which has
a set of entries in this table can only be used by
requests originating from one of the addresses in
the set. A community name entry which has no
entries in this table can be used by requests
originating from any address."
::= { icfSecurity 6 }
icfAuthMgrEntry OBJECT-TYPE
SYNTAX IcfAuthMgrEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
An entry in the table, containing a single
authorized manager address."
INDEX { icfCommunityIndex, icfAuthMgrSubIndex }
::= { icfAuthMgrTable 1 }
IcfAuthMgrEntry ::=
SEQUENCE {
icfAuthMgrSubIndex Integer32,
icfAuthMgrAddrType INTEGER,
icfAuthMgrAddress OCTET STRING,
icfAuthMgrMask OCTET STRING,
icfAuthMgrStatus RowStatus
}
icfAuthMgrSubIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
An index which uniquely identifies an address within
a group."
::= { icfAuthMgrEntry 1 }
icfAuthMgrAddrType OBJECT-TYPE
SYNTAX INTEGER {
ip(1),
ipx(2)
}
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
The network type for this entry."
::= { icfAuthMgrEntry 2 }
icfAuthMgrAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(4|10))
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
The manager address for this entry, formatted
according to the value of icfAuthMgrAddrType. When
icfAuthMgrAddrType is 'ip', this value will consist
of four octets, containing the IP address of the
manager in network byte order. When
icfAuthMgrAddrType is 'ipx', this value will consist
of ten octets. The first four octets will contain
the IPX network number in network byte order, and the
remaining six octets will contain the IPX node number
in network byte order."
::= { icfAuthMgrEntry 3 }
icfAuthMgrMask OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(4|10))
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
This object is used to qualify the value of the
corresponding instance of icfAuthMgrAddress. The
semantics of this object depend on the corresponding
value of icfAuthMgrAddrType. When icfAuthMgrType
is 'ip', this object can be used to allow access
by all managers on a particular IP subnet. When
icfAuthMgrType is 'ipx', this object can be used to
allow access by all managers with a particular IPX
network number."
::= { icfAuthMgrEntry 4 }
icfAuthMgrStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"******************DEPRECATED*******************
Status of this entry."
::= { icfAuthMgrEntry 5 }
icfAuthIPMgrTable OBJECT-TYPE
SYNTAX SEQUENCE OF IcfAuthIPMgrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "This table contains a list of IP manager
addresses. This list is used grant or deny
access to HTTP, telnet, and TFTP."
::= { icfSecurity 7 }
icfAuthIPMgrEntry OBJECT-TYPE
SYNTAX IcfAuthIPMgrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An entry in the table containing a single
IP authorized manager address."
INDEX { icfAuthIPMgrIndex }
::= { icfAuthIPMgrTable 1 }
IcfAuthIPMgrEntry ::=
SEQUENCE {
icfAuthIPMgrIndex Integer32,
icfAuthIPMgrAddress IpAddress,
icfAuthIPMgrMask IpAddress,
icfAuthIPMgrAccess INTEGER,
icfAuthIPMgrStatus RowStatus,
icfAuthIPMgrInetAddrType InetAddressType,
icfAuthIPMgrInetAddress InetAddress,
icfAuthIPMgrInetAddrMaskType InetAddressType,
icfAuthIPMgrInetAddrMask InetAddress
}
icfAuthIPMgrIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An index which uniquely identifies an address
within the group."
::= { icfAuthIPMgrEntry 1 }
icfAuthIPMgrAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION "**************deprecated*********************
The IP address of the authorized manager for
this entry.
This object is deprecated new object icfAuthIPMgr
InetAddress has been defined to hold version neutral
address type."
::= { icfAuthIPMgrEntry 2 }
icfAuthIPMgrMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION "**************deprecated**********************
This object qualifies the value of the
corresponding instance of icfAuthIPMgrAddress.
This object can be used to allow access by all
managers on a particular IP subnet.
This object is deprecated the new objects which are
defined to hold this is value are
icfAuthIPMgrInetAddrMaskType and icfAuthIPMgrInetAddrMask."
::= { icfAuthIPMgrEntry 3 }
icfAuthIPMgrAccess OBJECT-TYPE
SYNTAX INTEGER {
operator(1),
manager(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION "This object defines the access level for a
given manager. Operator allows for read only
access, and Manager allows for read/write
access."
::= { icfAuthIPMgrEntry 4 }
icfAuthIPMgrStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Status of this entry."
::= { icfAuthIPMgrEntry 5 }
icfAuthIPMgrInetAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Specifies the type of address stored in
icfAuthIPMgrInetAddress object."
::= { icfAuthIPMgrEntry 6 }
icfAuthIPMgrInetAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The IP address of the authorized manager for
this entry.This object can hold the version
neutral IP address."
::= { icfAuthIPMgrEntry 7 }
icfAuthIPMgrInetAddrMaskType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Specifies the type of IP Mask stored in
icfAuthIPMgrInetAddrMask object."
::= { icfAuthIPMgrEntry 8 }
icfAuthIPMgrInetAddrMask OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION "This object qualifies the value of the
corresponding instance of icfAuthIPMgrInetAddress.
This object can be used to allow access by all
managers on a particular IP subnet.This object can
hold the version neutral IP address Mask."
::= { icfAuthIPMgrEntry 9 }
-- Conformance information
icfSecurityConformance
OBJECT IDENTIFIER ::= { icfSecurityMib 1 }
icfSecurityCompliances
OBJECT IDENTIFIER ::= { icfSecurityConformance 1 }
icfSecurityGroups
OBJECT IDENTIFIER ::= { icfSecurityConformance 2 }
-- compliance statements
icfSecurCompliance MODULE-COMPLIANCE
STATUS obsolete -- change to deprecated when new SMI
DESCRIPTION
"********* THIS COMPLIANCE IS DEPRECATED *********/
A compliance statement for agents implementing
the original version of this module."
MODULE
MANDATORY-GROUPS { icfSnmpSecurityGroup,
icfSecIntruderGroup }
::= { icfSecurityCompliances 1 }
icfV1CommunityCompliance MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"********* THIS GROUP IS DEPRECATED *********
A compliance statement for HP ICF agents
implementing SNMPv1 community name management."
MODULE
MANDATORY-GROUPS { icfV1CommunityGroup }
GROUP icfSecIntruderGroup
DESCRIPTION
"This group should be implemented by devices
that are able to keep a non-volatile
record of authentication failures."
::= { icfSecurityCompliances 2 }
-- units of conformance
icfSnmpSecurityGroup OBJECT-GROUP
OBJECTS { icfSecurPassword,
icfSecurAuthAnyMgr,
icfAuthMgrIndex,
icfAuthMgrIpAddress,
icfAuthMgrIpxAddress,
icfAuthMgrRcvTraps
}
STATUS obsolete -- change to deprecated when new SMI
DESCRIPTION
"********* THIS GROUP IS DEPRECATED *********
A collection of objects for managing the SNMPv1
(non-)security configuration on HP networking
devices."
::= { icfSecurityGroups 1 }
icfSecIntruderGroup OBJECT-GROUP
OBJECTS { icfSecurIntruderFlag,
icfSecurIntruderIpAddress,
icfSecurIntruderIpxAddress,
icfSecurIntruderTime
}
STATUS current
DESCRIPTION
"A collection of objects for tracking
authentication failures."
::= { icfSecurityGroups 2 }
icfV1CommunityGroup OBJECT-GROUP
OBJECTS { icfCommunityName,
icfCommunityReadView,
icfCommunityWriteView,
icfCommunityStatus,
icfAuthMgrAddrType,
icfAuthMgrAddress,
icfAuthMgrMask,
icfAuthMgrStatus
}
STATUS deprecated
DESCRIPTION
"********* THIS GROUP IS DEPRECATED *********
A collection of objects for managing SNMPv1
community strings."
::= { icfSecurityGroups 13 }
icfAuthIPMgrGroup OBJECT-GROUP
OBJECTS { icfAuthIPMgrAddress,
icfAuthIPMgrMask,
icfAuthIPMgrAccess,
icfAuthIPMgrStatus
}
STATUS deprecated
DESCRIPTION "***************** deprecated ******************
A collection of objects for granting or denying
access to specific IP addresses for HTTP, telnet,
and TFTP.
This Group object has been deprecated and a new
group object has been defined with name
icfAuthIPMgrInetGroup."
::= { icfSecurityGroups 14 }
icfAuthIPMgrInetGroup OBJECT-GROUP
OBJECTS { icfAuthIPMgrInetAddrType,
icfAuthIPMgrInetAddress,
icfAuthIPMgrInetAddrMaskType,
icfAuthIPMgrInetAddrMask
}
STATUS current
DESCRIPTION "A collection of objects for granting or denying
access to specific IP addresses for HTTP, telnet,
and TFTP."
::= { icfSecurityGroups 15 }
END