-- $Id: RBN-SYS-SECURITY-MIB.my,v 1.1.18.2.26.1 2012/08/04 00:07:22 chiachun Exp $
-- $Source: /cvsroot/pkt/sw/se/xc/bsd/config/snmp/mibs/Attic/RBN-SYS-SECURITY-MIB.my,v $
-- *****************************************************************
-- RBN-SYS-SECURITY-MIB.my    
--
-- Copyright (c) 2009 Ericsson AB
-- All rights reserved.
--
-- *****************************************************************
RBN-SYS-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
    Gauge32, Counter64
        FROM SNMPv2-SMI     -- [RFC2578]

    DateAndTime
        FROM SNMPv2-TC      -- [RFC2579]

    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF    -- [RFC2580]

    CounterBasedGauge64
        FROM HCNUM-TC
        
    RbnUnsigned64
        FROM RBN-TC
        
    rbnModules
        FROM RBN-SMI;

 
rbnSysSecurityMib MODULE-IDENTITY
    LAST-UPDATED "200911091800Z" -- Nov 9, 2009
    ORGANIZATION "Ericsson Inc."
    CONTACT-INFO
           "       Ericsson Inc.
                   100 Headquarters Drive
                   San Jose, CA  95134
                   USA

            Phone: +1 408 750 5000
              Fax: +1 408 750 5599
           "
    DESCRIPTION
        "This MIB module defines attributes and notifications
         related to system and network level security issues.
        
         All mib objects defined in the module are viewed within
         the context identified in the SNMP protocol (i.e. the
         community string in v1/v2c or the contextName in v3).
        "

    REVISION        "200911091800Z" -- Nov 9, 2009
    DESCRIPTION
        "Initial version"
    ::= {rbnModules 54}


rbnSysSecNotifications  OBJECT IDENTIFIER ::= { rbnSysSecurityMib 0 }

rbnSysSecObjects        OBJECT IDENTIFIER ::= { rbnSysSecurityMib 1 }

rbnSysSecConformance    OBJECT IDENTIFIER ::= { rbnSysSecurityMib 2 }

--
-- Objects
--
rbnSysSecThresholdObjects OBJECT IDENTIFIER ::= { rbnSysSecObjects 1 }

rbnSysSecNotifyEnable OBJECT-TYPE
    SYNTAX  BITS {
                maliciousPkt(0)
            }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The bit mask to enable/disable notifications for crossing
         specific threshold."
    DEFVAL { { } }
    ::= { rbnSysSecThresholdObjects 1 }

rbnMeasurementInterval    OBJECT-TYPE
    SYNTAX       Gauge32 (1..3600)
    UNITS        "seconds"
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "Data is sampled at the start and end of a specified interval. The
         difference between the start and end values |end - start| is called
         the delta value.  When setting the interval, care should be taken
         that the interval should be short enough that the sampled variable
         is very unlikely to increase or decrease by more than range of the
         variable. "
    DEFVAL { 60 }
    ::= { rbnSysSecThresholdObjects 2}
    
rbnMaliciousPktsThresholdHi OBJECT-TYPE
    SYNTAX       RbnUnsigned64
    UNITS        "Packets"
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "When the current sampling interval delta value of the malicious
         packets counter is greater than or equal to this threshold, and
         the delta value at the last sampling interval was less than this
         threshold, a single high threshold exceeded event will be
         generated.  A single high threshold exceeded event will also be
         generated if the first sampling interval delta value of the
         malicious IP packets counter is greater than or equal to this
         threshold.

         After a high threshold exceeded event is generated, another such
         event will not be generated until the delta value falls below
         this threshold and reaches the rbnMaliciousPktsThresholdLow,
         generating a low threshold exceeded event.  In other words there
         cannot be successive high threshold events without an intervening
         low threshold event. "
    ::= { rbnSysSecThresholdObjects 3}
    
rbnMaliciousPktsThresholdLow OBJECT-TYPE
    SYNTAX       RbnUnsigned64
    UNITS        "Packets"
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "When the current sampling interval delta value of the malicious
         packets counter is less than or equal to this threshold, and the
         delta value at the last sampling interval was greater than this
         threshold, a single low threshold exceeded event will be
         generated.  In addition, a high threshold exceeded event must
         occur before a low threshold exceeded event can be generated. "
    ::= { rbnSysSecThresholdObjects 4}
    
    
--
-- Counters to compare to above thresholds
--
rbnSysSecStatsObjects OBJECT IDENTIFIER ::= { rbnSysSecObjects 2 }

rbnMaliciousPktsCounter OBJECT-TYPE
    SYNTAX       Counter64
    UNITS        "Packets"
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "A count of all malicious pkts.  This includes but is not limited
         to malformed IP packets, malformed layer 4 IP, packets filtered by
         ACLs for specific faults, IP packets identified as attempting to
         spoof a system, and IP packets which failed reassembly."
    ::= { rbnSysSecStatsObjects 1}

rbnMaliciousPktsDelta OBJECT-TYPE
    SYNTAX       CounterBasedGauge64
    UNITS        "packets"
    MAX-ACCESS   accessible-for-notify
    STATUS       current
    DESCRIPTION
        "The delta value of rbnMaliciousPktsCounter at the most recently
         completed measurement interval."
    ::= { rbnSysSecStatsObjects 2 }

--
-- Objects only for notifications
-- 
rbnSysSecNotifyObjects  OBJECT IDENTIFIER ::= { rbnSysSecObjects 4 }

rbnThresholdNotifyTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The DateAndTime of the notification."
    ::= { rbnSysSecNotifyObjects 1 }

--
-- NOTIFICATIONS
--
rbnMaliciousPktThresholdHiExceeded NOTIFICATION-TYPE
    STATUS current
    DESCRIPTION
        "This notification signifies that one of the delta values is equal
         to or greater than the corresponding high threshold value.  The
         specific delta value is the last object in the notification varbind
         list. "
    ::= { rbnSysSecNotifications 1 }

rbnMaliciousPktThresholdLowExceeded NOTIFICATION-TYPE
    OBJECTS {
        rbnThresholdNotifyTime
    }
    STATUS current
    DESCRIPTION
        "This notification signifies that one of the delta values is less
         than or equal to the corresponding low threshold value. The
         specific delta value is the last object in the notification
         varbind list. "
    ::= { rbnSysSecNotifications 2 }

--
-- Conformance
--
rbnSysSecCompliances OBJECT IDENTIFIER ::= { rbnSysSecConformance 1 }
rbnSysSecGroups      OBJECT IDENTIFIER ::= { rbnSysSecConformance 2 }

rbnMaliciousPktGroup OBJECT-GROUP
    OBJECTS {
        rbnSysSecNotifyEnable,
        rbnMeasurementInterval,
        rbnMaliciousPktsThresholdHi,
        rbnMaliciousPktsThresholdLow,
        rbnMaliciousPktsCounter
    }
    STATUS current
    DESCRIPTION
        "Set of objects for the group."
    ::= { rbnSysSecGroups 1 }
   
rbnSysSecNotifyObjectsGroup OBJECT-GROUP
    OBJECTS {
        rbnMaliciousPktsDelta,
        rbnThresholdNotifyTime
    }
    STATUS current
    DESCRIPTION
        "Set of objects for the group."
    ::= { rbnSysSecGroups 4 }

rbnSysSecNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        rbnMaliciousPktThresholdHiExceeded,
        rbnMaliciousPktThresholdLowExceeded
    }
    STATUS current
    DESCRIPTION
        "Set of notifications for the group."
    ::= { rbnSysSecGroups 5 }
    

rbnSysSecCompliance MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
       "The compliance statement for support of this mib module."
    MODULE -- this module
        MANDATORY-GROUPS {
            rbnMaliciousPktGroup,
            rbnSysSecNotifyObjectsGroup,
            rbnSysSecNotificationGroup
        }
        
        OBJECT rbnMeasurementInterval
        MIN-ACCESS   read-only
        DESCRIPTION
            "Write access is not required"

        OBJECT rbnMaliciousPktsThresholdHi
        MIN-ACCESS   read-only
        DESCRIPTION
            "Write access is not required"

        OBJECT rbnMaliciousPktsThresholdLow
        MIN-ACCESS   read-only
        DESCRIPTION
            "Write access is not required"

        OBJECT rbnSysSecNotifyEnable
        MIN-ACCESS   read-only
        DESCRIPTION
            "Write access is not required"

        
    ::= { rbnSysSecCompliances 1 }
    
END
