mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Correct check for SNMPv3 SHA-192/256 compability (#12494)

Browse Source 
* Correct check for SNMPv3 SHA-192/256 compability

* fixup

* fixup
This commit is contained in:
Jellyfrog
2021-02-10 14:57:12 +01:00
committed by GitHub
parent 7b55863fad
commit 38de49ca30
4 changed files with 40 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
doc/Support/FAQ.md
View File

@@ -66,7 +66,7 @@ You have two options for adding a new device into LibreNMS.
to the directory of your LibreNMS install and typing (be sure to
put the correct details).
```ssh
```bash
./addhost.php [community] [v1|v2c] [port] [udp|udp6|tcp|tcp6]
```
@@ -611,7 +611,7 @@ There is already a reference how to move your whole LNMS installation to another
- On your new server make sure you create a new database with the standard install command, no need to add a user for localhost though.
- Copy this over to your new database server and import it with `mysql -u root -p librenms < librenms.sql`.
- Enter to mysql and add permissions with the following two commands:
```
```sql
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'IP_OF_YOUR_LNMS_SERVER' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'FQDN_OF_YOUR_LNMS_SERVER' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
FLUSH PRIVILEGES;
@@ -622,4 +622,5 @@ exit;
- **Very important**: On your LibreNMS server, inside your install directory is a `.env` file, in it you need to edit the `DBHOST` paramater to point to your new server location.
- After all this is done, enable all the cron entries again and start apache.
## <a name='optional-requirements-for-snmpv3-sha2-auth'>What are the "optional requirements message" when I add SNMPv3 devices?</a>
When you add a device via the WebUI you may see a little message stating "Optional requirements are not met so some options are disabled". Do not panic. This simply means your system does not contain **openssl >= 1.1** and **net-snmp >= 5.8**, which are the minimum specifications needed to be able to use AES-192,AES-256 as crypto algorithms and SHA-224|256|384|512 as auth algorithms.
When you add a device via the WebUI you may see a little message stating "Optional requirements are not met so some options are disabled". Do not panic. This simply means your system does not contain **openssl >= 1.1** and **net-snmp >= 5.8**, which are the minimum specifications needed to be able to use SHA-224|256|384|512 as auth algorithms.
For crypto algorithms AES-192, AES-256 you need **net-snmp** compiled with `--enable-blumenthal-aes`.

13
includes/common.php
View File

@@ -799,15 +799,20 @@ function version_info($remote = false)
}//end version_info()
/**
* checks if System is SNMPv3 SHA2 Capable for Auth Algorithms (SHA-224,SHA-256,SHA-384,SHA-512)
* @return bool
* Checks SNMPv3 capabilities
*
* SHA2 for Auth Algorithms (SHA-224,SHA-256,SHA-384,SHA-512)
* AES-192, AES-256 for Privacy Algorithms
*/
function snmpv3_sha2_capable()
function snmpv3_capabilities(): array
{
$process = new Process([Config::get('snmpget', 'snmpget'), '--help']);
$process->run();
return Str::contains($process->getErrorOutput(), 'SHA-512');
$ret['sha2'] = Str::contains($process->getErrorOutput(), 'SHA-512');
$ret['aes256'] = Str::contains($process->getErrorOutput(), 'AES-256');
return $ret;
}
/**

22
includes/html/pages/addhost.inc.php
View File

@@ -190,7 +190,7 @@ foreach (get_port_assoc_modes() as $mode) {
echo " <option value=\"$mode\" $selected>$mode</option>\n";
}
$snmpv3_sha2_capable = snmpv3_sha2_capable();
['sha2' => $snmpv3_sha2, 'aes256' => $snmpv3_aes256] = snmpv3_capabilities();
?>
</select>
</div>
@@ -242,13 +242,13 @@ $snmpv3_sha2_capable = snmpv3_sha2_capable();
<select name="authalgo" id="authalgo" class="form-control input-sm">
<option value="MD5" selected>MD5</option>
<option value="SHA">SHA</option>
<option value="SHA-224"<?= $snmpv3_sha2_capable ?: ' disabled'?>>SHA-224</option>
<option value="SHA-256"<?= $snmpv3_sha2_capable ?: ' disabled'?>>SHA-256</option>
<option value="SHA-384"<?= $snmpv3_sha2_capable ?: ' disabled'?>>SHA-384</option>
<option value="SHA-512"<?= $snmpv3_sha2_capable ?: ' disabled'?>>SHA-512</option>
<option value="SHA-224"<?= $snmpv3_sha2 ?: ' disabled'?>>SHA-224</option>
<option value="SHA-256"<?= $snmpv3_sha2 ?: ' disabled'?>>SHA-256</option>
<option value="SHA-384"<?= $snmpv3_sha2 ?: ' disabled'?>>SHA-384</option>
<option value="SHA-512"<?= $snmpv3_sha2 ?: ' disabled'?>>SHA-512</option>
</select>
<?php if (! $snmpv3_sha2_capable) {?>
<label class="text-left"><small>Optional requirements not resolved so some options are disabled</small></label>
<?php if (! $snmpv3_sha2) {?>
<label class="text-left"><small>Some options are disabled. <a href="https://docs.librenms.org/Support/FAQ/#optional-requirements-for-snmpv3-sha2-auth">Read more here</a></small></label>
<?php } ?>
</div>
</div>
@@ -263,12 +263,12 @@ $snmpv3_sha2_capable = snmpv3_sha2_capable();
<div class="col-sm-9">
<select name="cryptoalgo" id="cryptoalgo" class="form-control input-sm">
<option value="AES" selected>AES</option>
<option value="AES-192"<?= $snmpv3_sha2_capable ?: ' disabled'?>>AES-192</option>
<option value="AES-256"<?= $snmpv3_sha2_capable ?: ' disabled'?>>AES-256</option>
<option value="AES-192"<?= $snmpv3_aes256 ?: ' disabled'?>>AES-192</option>
<option value="AES-256"<?= $snmpv3_aes256 ?: ' disabled'?>>AES-256</option>
<option value="DES">DES</option>
</select>
<?php if (! $snmpv3_sha2_capable) {?>
<label class="text-left"><small>Optional requirements not resolved so some options are disabled</small></label>
<?php if (! $snmpv3_aes256) {?>
<label class="text-left"><small>Some options are disabled. <a href="https://docs.librenms.org/Support/FAQ/#optional-requirements-for-snmpv3-sha2-auth">Read more here</a></small></label>
<?php } ?>
</div>
</div>

22
includes/html/pages/device/edit/snmp.inc.php
View File

@@ -301,7 +301,7 @@ foreach (get_port_assoc_modes() as $pam_id => $pam) {
echo ">$pam</option>\n";
}
$snmpv3_sha2_capable = snmpv3_sha2_capable();
['sha2' => $snmpv3_sha2, 'aes256' => $snmpv3_aes256] = snmpv3_capabilities();
echo " </select>
</div>
</div>
@@ -360,14 +360,14 @@ echo " </select>
<select id='authalgo' name='authalgo' class='form-control'>
<option value='MD5'>MD5</option>
<option value='SHA' " . ($device['authalgo'] === 'SHA' ? 'selected' : '') . ">SHA</option>
<option value='SHA-224' " . ($device['authalgo'] === 'SHA-224' ? 'selected' : '') . ($snmpv3_sha2_capable ?: ' disabled') . ">SHA-224</option>
<option value='SHA-256' " . ($device['authalgo'] === 'SHA-256' ? 'selected' : '') . ($snmpv3_sha2_capable ?: ' disabled') . ">SHA-256</option>
<option value='SHA-384' " . ($device['authalgo'] === 'SHA-384' ? 'selected' : '') . ($snmpv3_sha2_capable ?: ' disabled') . ">SHA-384</option>
<option value='SHA-512' " . ($device['authalgo'] === 'SHA-512' ? 'selected' : '') . ($snmpv3_sha2_capable ?: ' disabled') . '>SHA-512</option>
<option value='SHA-224' " . ($device['authalgo'] === 'SHA-224' ? 'selected' : '') . ($snmpv3_sha2 ?: ' disabled') . ">SHA-224</option>
<option value='SHA-256' " . ($device['authalgo'] === 'SHA-256' ? 'selected' : '') . ($snmpv3_sha2 ?: ' disabled') . ">SHA-256</option>
<option value='SHA-384' " . ($device['authalgo'] === 'SHA-384' ? 'selected' : '') . ($snmpv3_sha2 ?: ' disabled') . ">SHA-384</option>
<option value='SHA-512' " . ($device['authalgo'] === 'SHA-512' ? 'selected' : '') . ($snmpv3_sha2 ?: ' disabled') . '>SHA-512</option>
</select>
';
if (! $snmpv3_sha2_capable) {
echo '<label class="text-left"><small>Optional requirements not resolved so some options are disabled</small></label>';
if (! $snmpv3_sha2) {
echo '<label class="text-left"><small>Some options are disabled. <a href="https://docs.librenms.org/Support/FAQ/#optional-requirements-for-snmpv3-sha2-auth">Read more here</a></small></label>';
}
echo "
</div>
@@ -383,13 +383,13 @@ if (! $snmpv3_sha2_capable) {
<div class='col-sm-4'>
<select id='cryptoalgo' name='cryptoalgo' class='form-control'>
<option value='AES' " . ($device['cryptoalgo'] === 'AES' ? 'selected' : '') . ">AES</option>
<option value='AES-192' " . ($device['cryptoalgo'] === 'AES-192' ? 'selected' : '') . ($snmpv3_sha2_capable ?: ' disabled') . ">AES-192</option>
<option value='AES-256' " . ($device['cryptoalgo'] === 'AES-256' ? 'selected' : '') . ($snmpv3_sha2_capable ?: ' disabled') . ">AES-256</option>
<option value='AES-192' " . ($device['cryptoalgo'] === 'AES-192' ? 'selected' : '') . ($snmpv3_aes256 ?: ' disabled') . ">AES-192</option>
<option value='AES-256' " . ($device['cryptoalgo'] === 'AES-256' ? 'selected' : '') . ($snmpv3_aes256 ?: ' disabled') . ">AES-256</option>
<option value='DES'>DES</option>
</select>
";
if (! $snmpv3_sha2_capable) {
echo '<label class="text-left"><small>Optional requirements not resolved so some options are disabled</small></label>';
if (! $snmpv3_aes256) {
echo '<label class="text-left"><small>Some options are disabled. <a href="https://docs.librenms.org/Support/FAQ/#optional-requirements-for-snmpv3-sha2-auth">Read more here</a></small></label>';
}
echo '
</div>