SNMPv3 user entries got deleted after reboot on SNMPv3 machine - snmp

After reboot on our SNMPv3 server SNMPv3 user entries get deleted from file /var/net-snmp/snmpd.conf.
It appears on doing reboot engineBoots is set to 1 in /var/net-snmp/snmpd.conf randomly and whenever engineBoot is set to 1 it erases snmpv3 user entries from snmpd.conf file.
Firstly, I want to understand why engineBoots vaule is randomly set to 1, As per standard snmp document , this EngineBoots should be incremented every time we do reboot or EngineTime exceeded the max value.
Secondly, we want to figure out the correlation of engineBoots vaule setting to 1 and the deletion of usmUser entries in /var/net-snmp/snmpd.conf.
Thanks-Ravi

It is normal behavior. Once snmpd is restarted, the create user command line will be deleted from /var/net-snmp/snmpd.conf for security reason and the user will be created in usmUsertable.

Related

Trigger indefinite notification on Windows 10

I'm trying to trigger a notification which has no expiry but must be closed by pressing the top-right X close button. Is this possible?
I've been able to trigger a timed notification which also closes when anywhere else is clicked. With this answer.
[reflection.assembly]::loadwithpartialname("System.Windows.Forms")
[reflection.assembly]::loadwithpartialname("System.Drawing")
$notify = new-object system.windows.forms.notifyicon
$notify.icon = [System.Drawing.SystemIcons]::Information
$notify.visible = $true
$notify.showballoontip(10,"New Chat!","You have received New Chat!",[system.windows.forms.tooltipicon]::None)
Per Microsofts NotifyIcon.ShowBalloonTip Method documentation, the actual timeout property is set by the current system settings.
Minimum and maximum timeout values are enforced by the operating system and are typically 10 and 30 seconds, respectively, however this can vary depending on the operating system. Timeout values that are too large or too small are adjusted to the appropriate minimum or maximum value. In addition, if the user does not appear to be using the computer (no keyboard or mouse events are occurring) then the system does not count this time towards the timeout.
According to a couple of more google searches, you can set the time for your profile through the Registry ( Regedit - HKEY_CURRENT_USER\Control Panel\Accessibility: MessageDuration - didn't work for me).
Through group policy, or using theSystemParametersInfo API which is out of my league to explain any further. Only reference I can find was configuring the Accessibility/System Parameter: SPI_SETMESSAGEDURATION.
Its C++ though and only other article I could find was this one:SystemParametersInfoA function.
Seems possible but, it will definitely be a hassle to get it working.

Access denied calling EnumJobs

I'm trying to get the domain username of jobs in a printer queue on Windows Server 2012 R2 Standard. Code snippet below is in Delphi. OpenPrinter and EnumJobs are part of the Windows Spooler API.
Update! Setting maxJobs to a higher multiple of 4 allows for more jobs in the queue to be enumerated. eg. Setting maxJobs=8 allows for two jobs, but not three. maxJobs=12 allows for three jobs.
Solved! It looks like I can just ignore the return value of EnumJobs, and simply see if the number of jobs it returns > 0 (the last argument when calling). This seems to work fine for all instances listed below, including printer via a share.
const
maxJobs = 4;
var
h : THandle;
jia : array [1..maxJobs] of JOB_INFO_1;
jiz, jic : DWord; // size of jia, count of jia
begin
if OpenPrinter('DocTest', h, nil) then
begin
if EnumJobs(h, 0, maxJobs, 1, #jia, SizeOf(jia), jiz, jic) then
[...]
EnumJobs returns true or false depending on different conditions listed below. If it returns false in any of the following situations, the error message I'm retrieving is "System Error. Code: 5. Access is denied".
Clearly a permissions problem. I have assigned Print, Manage this Printer, and Manage documents to Everyone in the printer security settings. All jobs have been submitted after those settings have been assigned. My program is running in a session logged in as the domain administrator.
EnumJobs returns TRUE if I print a job from the same session I'm running this program in, and there's only one job in the queue. (See Update above for change)
EnumJobs returns TRUE if I print from another session on the server (it has terminal services installed) as any user, and there's only one job in the queue. (See Update above for change)
EnumJobs returns FALSE if there is more than one job in the queue. It doesn't matter if the jobs are for the same user or not. (See Update above for change)
EnumJobs returns FALSE if I print a job from another server to the printer share. Both servers are in the same domain. It doesn't matter which user prints the job, including the domain administrator.
What's going on here, in particular getting an access denied when enumerating more than (maxJobs / 4) job(s) at a time?
Ignore the return value of EnumJobs and inspect the out argument pcReturned to see if it's greater than 0. This indicates the number of print jobs found.

How windows recovery work with failure count?

I am using the following command to configure the service failure recovery
sc failure "service" actions= ""/60000/restart/60000/run/120000 reset= 60 command = "\"c:\\windows\notepad2.exe
(used notepad2.exe just for testing)
From the Microsoft documentation here:-
Actions
This field contains an array of integer values that specify the
actions taken by the SCM if the service fails. Separate the values in
the array by [~]. The integer value in the Nth element of the array
specifies the action performed when the service fails for the Nth
time.
So, what I am getting from this is the count of failure will decide the action => For first failure Actions[0] will be executed and for the second Actions[1] will be executed and for all subsequent failures Actions[2] will be
I have following configuration for the service for testing this behavior:-
Then I tried killing the process under which service is running by using taskkill.
Here is the first log
Then I tried starting the service manually.
Then again I tried killing the service after ~ 2 mins ( => the reset count will set failure count to 0 as it is configured to 1 minute).
Here is the log for the error
In above figure, it is clear that why count is resetting to 0 because reset setting we have given60 sec and our service was running more than 2 mins.
But the action described for recovery is wrong as Restarting the service is the action for the second failure not for the first failure.
So why the count for failure is coming 1 but the action for recovery is the action corresponding to the second failure action?
I was just playing around with a similar issue, and after I set the "Reset fail count after:" to "1" day, it seems to be working. A possible explanation is that by setting the "Reset fail count" to 1 day, it will not reset the fail count back to 0 after the first fail (which is you stopping and restarting the service manually), and lets it cycle through the rest of the actions (depending on conditions/actions). Your mileage may vary.

DisMan Monitoring - traps not being generated

In order to set up a self-monitoring of a linux OS (CentOS) in order to send traps if a condition occurs i have configured the lines
com2sec notConfigUser default Public0
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1
access notConfigGroup "" any noauth exact systemview systemview none
for disk query
disk / 100000000
trap2sink 10.10.64.132
authorization for self monitoring
rouser admin
iquerySecName admin
define message to send OID to monitor threshold values
monitor -r 10 DiskAlmostFull dskPercent < 90
monitor -r 10 machineTooBusy hrProcessorLoad < 90
But the traps are generated only when i restart the snmpd deamon.
I have tried to troubleshoot this issue without success.
Any held will be helpful.
Thanks in advance
Having had the same problem, I discovered the following explanation in "man snmpd.conf".
Section "monitor [OPTIONS] NAME EXPRESSION" states:
"Note that the event will only be triggered once, when the expression first matches. This monitor entry will not fire again until the monitored condition first becomes false, and then matches again."
You may not like the answer, but the monitor command behaves as advertised.

VBSCipt LOGON Script - Evaluate two items and map shares accordingly

I have a logon script mapping user drives Windows Network. Some users are now logging into a terminal server these days and I'd like to map a different drive, based on computer name they are logging in to.
I am looking at which user AD group they are in (departmental group so I know which shares to map).
If IsAMemberOf(objNetwork.UserDomain, objNetwork.UserName, "Sales Dept. Users - Acton") Then MapIt "G:", "\\phillip\sales"
I need to now evaluate what the computer name is as well.
The basic logic is: If user is in Sales group from this computer bur-ts-01, then map this share \\bur-fil-01\sales; else, if user is in Sales group use \\phillip\sales.
It's a fairly comprehensive script mapping drives, printers, etc. Our VBScript person is long gone however and remote users are not able to access a local share to the TS server as a result.
Can anyone offer any suggestions or sample code that I could review?
You could add a check for the computer name to see if it includes "-ts-" and if so, then map accordingly. A lot of different ways to write it, but here's my take.
bDomainGroupMember = IsAMemberOf(objNetwork.UserDomain, objNetwork.UserName, "Sales Dept. Users - Acton")
If bDomainGroupMember AND Not instr(objNetwork.ComputerName, "-ts-") > 0 Then
MapIt "G:", "\\phillip\sales"
ElseIf bDomainGroupMember AND instr(objNetwork.ComputerName, "-ts-") > 0 Then
MapIt "G:", "\\bur-fil-01\sales"
End If
So basically, I pulled the function query out and assigned the value to bDomanGroupMember so you can use it in two checks without calling the function twice. Then, the If / ElseIf checks to see if the user is both a member of the sales domain group and whether or not the user logged in from a terminal server session, ie. a machine with "-ts-" in the name.
Hope that helps :)

Resources