DNOS-MGMT-SECURITY-MIB DEFINITIONS ::= BEGIN

-- Broadcom FastPath Mgmt Security MIB
-- Copyright 2016-2019 Broadcom.
-- This SNMP Management Information Specification
-- embodies Broadcom's confidential and proprietary
-- intellectual property.  Broadcom retains all title
-- and ownership in the Specification including any revisions.

-- This Specification is supplied "AS IS", Broadcom 
-- makes no warranty, either expressed or implied,
-- as to the use, operation, condition, or performance of the
-- Specification.


IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
    IpAddress, Integer32                FROM SNMPv2-SMI
    dnOS                            FROM DELL-REF-MIB
    DisplayString                       FROM RFC1213-MIB
    TruthValue                          FROM SNMPv2-TC;

    fastPathMgmtSecurity MODULE-IDENTITY
        LAST-UPDATED "201912050000Z" -- 05 Dec 2019 12:00:00 GMT
        ORGANIZATION "Dell EMC"
        CONTACT-INFO ""
        DESCRIPTION
          "The Dell Networking Private MIB for Security"

        -- Revision history.
        REVISION
          "201912120000Z" -- 12 December 2019 12:00:00 GMT
        DESCRIPTION
          "Added MIB objects for Outbound SSH."
        REVISION
          "201812050000Z" -- 05 Dec 2018 12:00:00 GMT
        DESCRIPTION
          "Added object agentSSHEcdsaKeyControl, agentSSHEcdsaKeyLen to agentSSHConfigGroup."
        REVISION
          "201803010000Z" -- 01 March 2018 12:00:00 GMT
        DESCRIPTION
          "Modified the description of the object agentSSHProtocolLevel."
        REVISION
          "200705230000Z" -- 23 May 2007 12:00:00 GMT
        DESCRIPTION
          "Dell branding related changes."
        REVISION
          "200311210000Z" -- 21 Nov 2003 12:00:00 GMT
        DESCRIPTION
          "Initial revision."

    ::= { dnOS 11 }


    --**************************************************************************************
    -- agentSSLConfigGroup
    --
    --**************************************************************************************

    agentSSLConfigGroup                        OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 1 }

    agentSSLAdminMode OBJECT-TYPE
         SYNTAX      INTEGER {
                     enable(1),
                     disable(2)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures whether the SSL service is enabled on this switch.  The
                      default value is disable(2)."
         ::= { agentSSLConfigGroup 1 }

    agentSSLSecurePort OBJECT-TYPE
         SYNTAX      Integer32 (443|1025..65535)
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures a layer 4 port number in the range 1025-65535 for secure HTTP 
                      connections. The default port is 443."
         ::= { agentSSLConfigGroup 2 }

    agentSSLProtocolLevel OBJECT-TYPE
         SYNTAX      INTEGER {
                     ssl30(1), -- SSL 3.0
                     tls10(2), -- TSL 1.0
                     both(3)
                     }
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Displays which protocol versions of SSL are enabled on this
                     switch.  The default value is both(3)."
         ::= { agentSSLConfigGroup 3 }

    agentSSLMaxSessions OBJECT-TYPE
         SYNTAX      Integer32 (0..16)
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures the maximum number of allowable SSL sessions.  The default
                      value is 16."
         ::= { agentSSLConfigGroup 4 }

    agentSSLHardTimeout OBJECT-TYPE
         SYNTAX      Integer32 (1..86400)
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures the hard timeout for SSL sessions in seconds.  The default
                      value is 30 minutes (1800 seconds). Configure the value equal to the value of agentHTTPHardTimeout."
         ::= { agentSSLConfigGroup 5 }

    agentSSLSoftTimeout OBJECT-TYPE
         SYNTAX      Integer32 (1..3600)
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures the soft (activity) timeout for SSL sessions in seconds.
                      The default value is 3 minutes (180 seconds). Configure the value equal to the value of agentHTTPSortTimeout."
         ::= { agentSSLConfigGroup 6 }

    agentSSLCertificatePresent OBJECT-TYPE
         SYNTAX      TruthValue
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Boolean value indicating whether SSL certificate files exist on the device."
         ::= { agentSSLConfigGroup 7 }

    agentSSLCertificateControl OBJECT-TYPE
         SYNTAX      INTEGER {
                     noop(1),
                     generate(2),
                     delete(3)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Controls certificate generation and deletion. Always returns noop(1)."
         ::= { agentSSLConfigGroup 8 }

    agentSSLCertificateGenerationStatus OBJECT-TYPE
         SYNTAX      TruthValue
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Indicates whether certificate files are currently being generated."
         ::= { agentSSLConfigGroup 9 }

    --**************************************************************************************
    -- agentSSHConfigGroup
    --
    --**************************************************************************************

    agentSSHConfigGroup                        OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 2 }

    agentSSHAdminMode OBJECT-TYPE
         SYNTAX      INTEGER {
                     enable(1),
                     disable(2)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures whether the SSH service is enabled on this switch.  The
                      default value is disable(2)."
         ::= { agentSSHConfigGroup 1 }

    agentSSHProtocolLevel OBJECT-TYPE
         SYNTAX      INTEGER {
                     ssh10(1), -- deprecated, SSH 1.0 no longer supported
                     ssh20(2), -- SSH 2.0
                     both(3)   -- deprecated, SSH 1.0 no longer supported
                     }
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Indicates the protocol version of SSH enabled on this switch.
                      Starting with the use of OpenSSH version 7.5P1,
                      SSH Protocol Version 1.0 is no longer supported."
         DEFVAL { ssh20}
         ::= { agentSSHConfigGroup 2 }

    agentSSHSessionsCount OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Current number of active SSH sessions on this switch."
         ::= { agentSSHConfigGroup 3 }

   agentSSHMaxSessionsCount OBJECT-TYPE
         SYNTAX       Integer32 (0..5)
         MAX-ACCESS   read-write
         STATUS       current
         DESCRIPTION
                     "Max number of SSH sessions permitted on this switch."
         ::= { agentSSHConfigGroup 4 }

   agentSSHSessionTimeout OBJECT-TYPE
         SYNTAX       Integer32 (1..3932159)
         MAX-ACCESS   read-write
         STATUS       current
         DESCRIPTION
                     "SSH idle timeout value for this switch in seconds.  The
                     upper limit represents 65535 minutes and 59 seconds."
         ::= { agentSSHConfigGroup 5 }

    agentSSHKeysPresent OBJECT-TYPE
         SYNTAX      INTEGER {
                     dsa(1),
                     rsa(2),
                     both(3), --deprecated
                     none(4),
                     ecdsa(5),
                     all(6)
                     }
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Indicates what key files are present on the device, if any."
         ::= { agentSSHConfigGroup 6 }

    agentSSHKeyGenerationStatus OBJECT-TYPE
         SYNTAX      INTEGER {
                     dsa(1),
                     rsa(2),
                     both(3), --deprecated
                     none(4),
                     ecdsa(5),
                     all(6)
                     }
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Indicates what key files are currently being generated, if any."
         ::= { agentSSHConfigGroup 7 }

    agentSSHRSAKeyControl OBJECT-TYPE
         SYNTAX      INTEGER {
                     noop(1),
                     generate(2),
                     delete(3)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Controls RSA key generation and deletion.  Always returns noop(1)."
         ::= { agentSSHConfigGroup 8 }

    agentSSHDSAKeyControl OBJECT-TYPE
         SYNTAX      INTEGER {
                     noop(1),
                     generate(2),
                     delete(3)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Controls DSA key generation and deletion.  Always returns noop(1)."
         ::= { agentSSHConfigGroup 9 }

    agentSSHExecBannerState OBJECT-TYPE
        SYNTAX      INTEGER {
                    enable(1),
                    disable(2)
                    }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION 
                    "Shows/Changes EXEC banner state on SSH session."
        DEFVAL      { enable }
        ::= { agentSSHConfigGroup 10 }

    agentSSHLoginBannerState OBJECT-TYPE
        SYNTAX      INTEGER {
                    enable(1),
                    disable(2)
                    }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION 
                    "Shows/Changes login banner state on SSH session."
        DEFVAL      { enable }
        ::= { agentSSHConfigGroup 11 }

    agentSSHMotdBannerState OBJECT-TYPE
        SYNTAX      INTEGER {
                    enable(1),
                    disable(2)
                    }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION "Shows/Changes MOTD banner state on SSH session."
        DEFVAL      { enable }
        ::= { agentSSHConfigGroup 12 }

    agentSSHEcdsaKeyControl OBJECT-TYPE
        SYNTAX      INTEGER {
                    noop(1),
                    generate(2),
                    delete(3)
                    }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION "Controls ECDSA key generation and deletion.  A read of this object always returns noop(1)."
        ::= { agentSSHConfigGroup 13 }

    agentSSHEcdsaKeyLen OBJECT-TYPE
        SYNTAX      Integer32
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION "Get/Set ECDSA key length. Supported Key lengths are 256, 384 and 521 bits."
        ::= { agentSSHConfigGroup 14 }


    --**************************************************************************************
    -- agentOutboundSSHGroup -> contains MIB objects displaying various properties 
    --                          of a Outbound SSH
    --
    --**************************************************************************************

    agentOutboundSSHGroup       OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 3}

    agentOutboundSSHMaxSessions OBJECT-TYPE
      SYNTAX     INTEGER (0..5)
      MAX-ACCESS read-write
      STATUS     current
      DESCRIPTION
       " The maximum no. of Outbound SSH sessions allowed."
      DEFVAL { 5 }
    ::= { agentOutboundSSHGroup 1 }

    agentOutboundSSHActiveSessions OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Get the number of active outgoing SSH sessions."
         ::= { agentOutboundSSHGroup 2 }


    agentOutboundSSHTimeout OBJECT-TYPE
      SYNTAX     INTEGER (0..160)
      MAX-ACCESS read-write
      STATUS     current
      DESCRIPTION
       " The login inactivity timeout value for Outbound SSH."
      DEFVAL { 5 }
    ::= { agentOutboundSSHGroup 3 }


END
