...
...we may want to use SNMPv3, but the general idea is clear... we can expose arbitrary configuration data through SNMP. Since there are only a few dozen probes (and maybe only a subset of actual interest to Yale) we should be able to leverage SNMP for UNIX discovery instrumentation.
Rewire Discovery
This is simple to do. There are two main objectives:
- make sure SSH discovery doesn't happen
- no credentials
- configure the behavior of the MID server to skip SSH
- Expand the stock Linux classifier for SNMP so that it runs additional Explore-phase probes
Write SNMP Hooks & Custom MIB
- scripts to call from net-snmp extend directives. Put logic in these as opposed to SN... hides information, gives the discovery targets maximum control over the process.
- custom MIB will aid in probe & sensor clarity
Probe Replacement
There are a couple of steps:
- create a probe that gets the desires SNMP object(s)
- add that probe to the "Triggers Probes" section of the Linux SNMP classifier
- write a replacement sensor (next section)
Sensor Replacement
- here is a very simple sensor that works with SNMP:
Code Block /* * bw - sensor for SNMP Distribution discovery (Yale SNMP Discovery) * * william.west@yale.edu */ new DiscoverySensor({ process: function() { // // XML should be in var payload (a global) var element = XMLUtil.getText(payload, '//unk_111'); var rows = element.split('\n'); //expecting multiple lines current.os = rows[0]; current.os_version = rows[1]; }, type: 'DiscoverySensor' }); - list the new sensor in the "Sensors" section of the appropriate probe record
Identifying Which Probes/Sensors to Replace
The most complete approach here is probably something like this:
...