Ad Widget

Collapse

SNMP with Private Localized Keys

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Quitarre
    Junior Member
    • Feb 2021
    • 3
    #1

    SNMP with Private Localized Keys

    Hi all,

    I've been tasked with implementing Zabbix monitoring of in house hardware used for testing, however due to the way in which SNMP has been implemented, SNMP requests must use privAuth, with the -X Privacy Passphrase flag being replaced with the --defPrivLocalizedKey flag. When using Zabbix's SNMPv3 agent item, this does not seem to be an option. Is there a backdoor way for this to be used/am I missing something obvious here?

    Thanks in advance!
    Tags: encryption keys, snmpv3
    • Quitarre
      Junior Member
      • Feb 2021
      • 3
      #2
      So continuing on from this, it seems to me that this would have to be done by modifying the source code. My current idea is checking to see if the given passphrase starts with "0x", and if so using it the kul by modifying checks_snmp.c around the call to generate_Ku around line 630 as seen below. But also please let me know if this is a bad way to do this.

      Original Code:
      if(SNMPERR_SUCCESS != generate_Ku(session.securityAuthProto,
      session.securityAuthProtoLen, (u_char *)item->snmpv3_privpassphrase,
      strlen(item->snmpv3_privpassphrase), session.securityPrivKey,
      &session.securityPrivKeyLen))
      {
      zbx_strlcpy(error, "Error generating Ku from privacy pass phrase",
      max_error_len);
      goto end;
      }

      New Code:
      if (strncmp("0x", snmpv3_privpassphrase, 2) == 0)
      {
      session.securityPrivLocalKey = snmpv3_privpassphrase
      session.securityPrivLocalKeyLen = strlen(snmpv3_privpassphrase)
      } else if(SNMPERR_SUCCESS != generate_Ku(session.securityAuthProto,
      session.securityAuthProtoLen, (u_char *)item->snmpv3_privpassphrase,
      strlen(item->snmpv3_privpassphrase), session.securityPrivKey,
      &session.securityPrivKeyLen))
      {
      zbx_strlcpy(error, "Error generating Ku from privacy pass phrase",
      max_error_len);
      goto end;
      }

        Comment

        Previous template Next
        Working...