See www.zabbix.com for the official Zabbix site.

Docs/specs/ZBXNEXT-450

From Zabbix.org
Jump to: navigation, search

Support of AES and SHA for SNMPv3 checks

ZBXNEXT-450

Status: 1.0

Owner: Alexei, Sasha

Summary

Privacy protocol AES and authentication protocol SHA must be supported for SNMPv3 monitoring. Currently only MD5-DES combination works.

Specification

Additional item-level parameters will be supported for flexible configuration of privacy and authentication protocols.

Front-end changes

  • Two additional attributes will be introduced for item, LLD discovery rule, network discovery check (SNMPv3) and item prototype
    • Radio button: 'Authentication protocol: MD5 (default) or SHA'
      • It will be available for item type 'SNMPv3' if security level is set to authNoPriv or authPriv
      • Location: before 'SNMPv3 auth passphrase'
    • Radio button: 'Privacy protocol: DES (default) or AES'
      • It will be available for item type 'SNMPv3' if security level set to authPriv
      • Location: before 'SNMPv3 priv passphrase'
    • The attributes can be modified for items inherited from a template
  • Two additional fields for item mass-update form after 'SNMPv3 security level'
    • Authentication protocol: MD5 (default) or SHA
    • Privacy protocol: DES (default) or AES
  • Existing drop-down 'Security level' should be replaced by radio-button
  • Labels 'SNMPv3 security name', 'SNMPv3 security level', 'SNMPv3 auth passphrase', 'SNMPv3 priv passphrase' should be renamed to 'Security name', 'Security level', 'Authentication passphrase', 'Privacy passphrase' in all forms

API changes

  • Two additional properties are added to items, item prototypes, discovery rules and low-level discovery rules:
    • snmpv3_authprotocol: integer, 0 - (default) MD5, 1 - SHA
    • snmpv3_privprotocol: integer, 0 - (default) DES, 1 - AES
  • If an incorrect value has been passed, an error should be raised:
    • "Incorrect authentication protocol for item/discovery rule "%name%".";
    • "Incorrect privacy protocol for item/discovery rule "%name%".".

Translation changes

Strings added

9 new strings will be added:

  • Authentication protocol
  • Privacy protocol
  • DES
  • AES
  • SHA
  • Incorrect authentication protocol for item "%1$s".
  • Incorrect authentication protocol for discovery rule "%1$s".
  • Incorrect privacy protocol for item "%1$s".
  • Incorrect privacy protocol for discovery rule "%1$s".

Strings changed

4 existing strings will be changed:

  • SNMPv3 security name -> Security name
  • SNMPv3 security level -> Security level
  • SNMPv3 auth passphrase -> Authentication passphrase
  • SNMPv3 priv passphrase -> Privacy passphrase

XML import/export changes

  • XML import/export will support two new attributes for items, LLD discovery rules and item prototypes
    • snmpv3_authprotocol
    • snmpv3_privprotocol
    • the fields should be validated for acceptable range of values (integer: 0 or 1).

Database changes

  • Two new fields will be introduced for table 'items' and 'dchecks'
    • FIELD |snmpv3_authprotocol|t_integer |'0' |NOT NULL |ZBX_SYNC,ZBX_PROXY
      • 0 - MD5, 1 - SHA
    • FIELD |snmpv3_privprotocol|t_integer |'0' |NOT NULL |ZBX_SYNC,ZBX_PROXY
      • 0 - DES, 1 - AES

Documentation

  • Update what's new in 2.2
  • Update training materials
  • Update database structure
  • Update product description
  • Update the API docs and changelog
  • Update XML documentation

Test cases

  • All possible combinations of SNMPv3 security level, privacy and authentication protocols should work fine
  • Item form behaves as expected
  • LLD discovery rule form behaves as expected
  • Item prototype form behaves as expected
  • Network discovery form behaves as expected
  • API is able to create, update and retrieve information (items, drules) with the new fields included
  • Can export and import items, low level discovery rules item prototypes with all security protocols
  • Can import 1.8 and 2.0 format XML and protocols default to MD5 and DES

ChangeLog

  • v1.1
    • N/A