-- automatically generated by mosy 7.1 #1 (hprnljf), do not edit! HP-ICF-SECURITY DEFINITIONS ::= BEGIN IMPORTS IpAddress, TimeTicks FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212 icfSecurity, hpicfObjectModules FROM HP-ICF-OID RowStatus, DisplayString FROM SNMPv2-TC; -- created from icfSecurityMib (9609100200Z) icfSecurityMib OBJECT IDENTIFIER ::= { hpicfObjectModules 1 } icfSecurPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..63)) ACCESS read-write STATUS deprecated DESCRIPTION "********* THIS OBJECT IS DEPRECATED ********* This variable contains a string which is used both as the community name for the password community, and as the login password for the console port. This community name is needed for most SET operations. In addition, the variables in the ICF security group are only visible within the password community, and must use the value of this variable as the community name for GET operations. If the value of this variable is equal to the null string, the community name 'public' or the null string will be treated the same as the password community. This object has been deprecated. Its functionality has been replaced by the icfCommunityTable." ::= { icfSecurity 1 } icfSecurAuthAnyMgr OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS deprecated DESCRIPTION "********* THIS OBJECT IS DEPRECATED ********* When this variable is set to enabled, any manager with a valid community name may perform SET operations on this device. In this configuration, entries in the icfSecurAuthMgrTable are used only for trap destinations. If this variable is set to disabled, a manager must be in the icfSecurAuthMgrTable and have a valid community name in order to perform SET operations. This object has been deprecated. Its functionality has been replaced by the icfAuthMgrTable." ::= { icfSecurity 2 } icfSecurAuthMgrTable OBJECT-TYPE SYNTAX SEQUENCE OF IcfSecurAuthMgrEntry ACCESS not-accessible STATUS deprecated DESCRIPTION "********* THIS OBJECT IS DEPRECATED ********* This table contains a list of addresses of managers that are allowed to perform SET operations on this device, and controls the destination addresses for traps. If icfSecurAuthAnyMgr is set to disabled, a manager must be in this table and use the correct community name for the password community in order to perform a GET operation on this table. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable." ::= { icfSecurity 3 } icfSecurAuthMgrEntry OBJECT-TYPE SYNTAX IcfSecurAuthMgrEntry ACCESS not-accessible STATUS deprecated DESCRIPTION "********* THIS OBJECT IS DEPRECATED ********* An entry in the icfSecurAuthMgrTable containing information about a single manager. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable." INDEX { icfAuthMgrIndex } ::= { icfSecurAuthMgrTable 1 } IcfSecurAuthMgrEntry ::= SEQUENCE { icfAuthMgrIndex INTEGER, icfAuthMgrIpAddress IpAddress, icfAuthMgrIpxAddress OCTET STRING, icfAuthMgrRcvTraps INTEGER } icfAuthMgrIndex OBJECT-TYPE SYNTAX INTEGER (1..10) ACCESS read-only STATUS deprecated DESCRIPTION "********* THIS OBJECT IS DEPRECATED ********* This object contains the index which uniquely identifies this entry in the icfSecurAuthMgrTable. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable." ::= { icfSecurAuthMgrEntry 1 } icfAuthMgrIpAddress OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS deprecated DESCRIPTION "********* THIS OBJECT IS DEPRECATED ********* The IP address of a manager that is allowed to manage this device. Setting this variable to a nonzero value will clear the corresponding instance of the icfAuthMgrIpxAddress variable. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable." ::= { icfSecurAuthMgrEntry 2 } icfAuthMgrIpxAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE (10)) ACCESS read-write STATUS deprecated DESCRIPTION "********* THIS OBJECT IS DEPRECATED ********* The IPX address of a manager that is allowed to manage this device. Setting this variable to a valid IPX address will clear the corresponding instance of the icfAuthMgrIpAddress variable. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable." ::= { icfSecurAuthMgrEntry 3 } icfAuthMgrRcvTraps OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS deprecated DESCRIPTION "********* THIS OBJECT IS DEPRECATED ********* If this variable is set to enabled, any traps generated by this device will be sent to the manager indicated by the corresponding instance of either icfAuthMgrIpAddress or icfAuthMgrIpxAddress, whichever is valid. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable." ::= { icfSecurAuthMgrEntry 4 } icfSecurIntruder OBJECT IDENTIFIER ::= { icfSecurity 4 } icfSecurIntruderFlag OBJECT-TYPE SYNTAX INTEGER { valid(1), invalid(2) } ACCESS read-write STATUS mandatory DESCRIPTION "If this object is set to 'valid', the remainder of the intruder objects contain information about an authentication failure. The Security LED on the device will blink if this flag is set to 'valid'. The intruder objects will not be overwritten as long as this flag is set to 'valid'. Setting this flag to 'invalid' will turn off the Security LED if there are no other current violations, and will allow the intruder objects to be overwritten by subsequent authentication failures." ::= { icfSecurIntruder 1 } icfSecurIntruderIpAddress OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the manager that caused the authentication failure. Only one of icfSecurIntruderIpAddress and icfSecurIntruderIPXAddress will be valid." ::= { icfSecurIntruder 2 } icfSecurIntruderIpxAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE (10)) ACCESS read-only STATUS mandatory DESCRIPTION "The IPX address of the manager that caused the authentication failure. Only one of icfSecurIntruderIpAddress and icfSecurIntruderIPXAddress will be valid." ::= { icfSecurIntruder 3 } icfSecurIntruderTime OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "The value of sysUpTime when the authentication failure occurred. A value of 0 indicates that the agent has been reset since this authentication failure occurred." ::= { icfSecurIntruder 4 } icfCommunityTable OBJECT-TYPE SYNTAX SEQUENCE OF IcfCommunityEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table contains information about community names known by this agent." ::= { icfSecurity 5 } icfCommunityEntry OBJECT-TYPE SYNTAX IcfCommunityEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the table, containing information about a single community name." INDEX { icfCommunityIndex } ::= { icfCommunityTable 1 } IcfCommunityEntry ::= SEQUENCE { icfCommunityIndex INTEGER, icfCommunityName OCTET STRING, icfCommunityReadView INTEGER, icfCommunityWriteView INTEGER, icfCommunityStatus RowStatus } icfCommunityIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) ACCESS not-accessible STATUS mandatory DESCRIPTION "Uniquely identifies this community name entry." ::= { icfCommunityEntry 1 } icfCommunityName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(1..32)) ACCESS read-write STATUS mandatory DESCRIPTION "Community name this entry is about. Not allowed to have two active rows with the same community name." ::= { icfCommunityEntry 2 } icfCommunityReadView OBJECT-TYPE SYNTAX INTEGER { none(1), discovery(2), restricted(3), user(4), root(5) } ACCESS read-write STATUS mandatory DESCRIPTION "The MIB view used for read requests using this community name. One of the following: 'none' is the empty MIB view. 'discovery' has access to discovery objects, which will be enough to do an address search, send announce packets, and do a link test. This view also includes objects under the samplingProbe subtree. This view is typically used as a writeView for a community used by autodiscovery and autotopology applications. 'restricted' has access to a limited subset of the MIB, which includes monitoring objects and limited set of configuration objects. 'user' has access to everything except objects under the icfSecurity subtree. 'root' has access to everything, including the icfSecurity subtree." ::= { icfCommunityEntry 3 } icfCommunityWriteView OBJECT-TYPE SYNTAX INTEGER { none(1), discovery(2), restricted(3), user(4), root(5) } ACCESS read-write STATUS mandatory DESCRIPTION "The MIB view used for write requests using this community name. One of the following: 'none' is the empty MIB view. 'discovery' has access to discovery objects, which will be enough to do an address search, send announce packets, and do a link test. This view also includes objects under the samplingProbe subtree. This view is typically used as a writeView for a community used by autodiscovery and autotopology applications. 'restricted' has access to a limited subset of the MIB, which includes monitoring objects and limited set of configuration objects. 'user' has access to everything except objects under the icfSecurity subtree. 'root' has access to everything, including the icfSecurity subtree." ::= { icfCommunityEntry 4 } icfCommunityStatus OBJECT-TYPE SYNTAX RowStatus ACCESS read-write STATUS mandatory DESCRIPTION "Status of this entry." ::= { icfCommunityEntry 5 } icfAuthMgrTable OBJECT-TYPE SYNTAX SEQUENCE OF IcfAuthMgrEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table contains a list of manager addresses. Entries in this table are grouped by using a common value for icfCommunityIndex, that identifies the community name that the group of manager addresses has access to. A community name entry which has a set of entries in this table can only be used by requests originating from one of the addresses in the set. A community name entry which has no entries in this table can be used by requests originating from any address." ::= { icfSecurity 6 } icfAuthMgrEntry OBJECT-TYPE SYNTAX IcfAuthMgrEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the table, containing a single authorized manager address." INDEX { icfCommunityIndex, icfAuthMgrSubIndex } ::= { icfAuthMgrTable 1 } IcfAuthMgrEntry ::= SEQUENCE { icfAuthMgrSubIndex INTEGER, icfAuthMgrAddrType INTEGER, icfAuthMgrAddress OCTET STRING, icfAuthMgrMask OCTET STRING, icfAuthMgrStatus RowStatus } icfAuthMgrSubIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) ACCESS not-accessible STATUS mandatory DESCRIPTION "An index which uniquely identifies an address within a group." ::= { icfAuthMgrEntry 1 } icfAuthMgrAddrType OBJECT-TYPE SYNTAX INTEGER { ip(1), ipx(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The network type for this entry." ::= { icfAuthMgrEntry 2 } icfAuthMgrAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4|10)) ACCESS read-write STATUS mandatory DESCRIPTION "The manager address for this entry, formatted according to the value of icfAuthMgrAddrType. When icfAuthMgrAddrType is 'ip', this value will consist of four octets, containing the IP address of the manager in network byte order. When icfAuthMgrAddrType is 'ipx', this value will consist of ten octets. The first four octets will contain the IPX network number in network byte order, and the remaining six octets will contain the IPX node number in network byte order." ::= { icfAuthMgrEntry 3 } icfAuthMgrMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4|10)) ACCESS read-write STATUS mandatory DESCRIPTION "This object is used to qualify the value of the corresponding instance of icfAuthMgrAddress. The semantics of this object depend on the corresponding value of icfAuthMgrAddrType. When icfAuthMgrType is 'ip', this object can be used to allow access by all managers on a particular IP subnet. When icfAuthMgrType is 'ipx', this object can be used to allow access by all managers with a particular IPX network number." ::= { icfAuthMgrEntry 4 } icfAuthMgrStatus OBJECT-TYPE SYNTAX RowStatus ACCESS read-write STATUS mandatory DESCRIPTION "Status of this entry." ::= { icfAuthMgrEntry 5 } icfSecurityConformance OBJECT IDENTIFIER ::= { icfSecurityMib 1 } icfSecurityCompliances OBJECT IDENTIFIER ::= { icfSecurityConformance 1 } icfSecurityGroups OBJECT IDENTIFIER ::= { icfSecurityConformance 2 } icfSecurCompliance OBJECT IDENTIFIER ::= { icfSecurityCompliances 1 } icfV1CommunityCompliance OBJECT IDENTIFIER ::= { icfSecurityCompliances 2 } icfSnmpSecurityGroup OBJECT IDENTIFIER ::= { icfSecurityGroups 1 } icfSecIntruderGroup OBJECT IDENTIFIER ::= { icfSecurityGroups 2 } icfV1CommunityGroup OBJECT IDENTIFIER ::= { icfSecurityGroups 13 } END