CABH-IETF-SEC-MIB: View SNMP OID List / Download MIB

VENDOR: INTERNET-STANDARD


 Home MIB: CABH-IETF-SEC-MIB
Download as:   

Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
Keep in mind that standard MIB files can be successfully loaded by systems and programs only if all the required MIB's from the "Imports" section are already loaded.
The tree-like SNMP object navigator requires no explanations because it is very simple to use. And if you stumbled on this MIB from Google note that you can always go back to the home page if you need to perform another MIB or OID lookup.


Object Name OID Type Access Info
 cabhSecMib 1.3.6.1.2.1.1
This MIB module supplies the basic management objects for the Security Portal Services. Copyright (C) The Internet Society (2003). This version of this MIB module is part of RFC xxxx; see the RFC itself for full legal notices.
     cabhSecMibObjects 1.3.6.1.2.1.1.1
         cabhSecFwObjects 1.3.6.1.2.1.1.1.1
             cabhSecFwBase 1.3.6.1.2.1.1.1.1.1
                 cabhSecFwPolicyFileEnable 1.3.6.1.2.1.1.1.1.1.1 integer read-write
This parameter indicates whether or not to enable the firewall functionality. Enumeration: 'enable': 1, 'disable': 2.
                 cabhSecFwPolicyFileURL 1.3.6.1.2.1.1.1.1.1.2 snmpadminstring read-write
Contains the location of the last successfull downloaded policy rule set file in the format pointed in the reference. A policy rule set file download is triggered when the value used to SET this MIB is different than the value in the cabhSecFwPolicySuccessfulFileURL object.
                 cabhSecFwPolicyFileHash 1.3.6.1.2.1.1.1.1.1.3 octet string read-write
Hash of the contents of the rules set file, calculated and sent to the PS prior to sending the rules set file. For the SHA-1 authentication algorithm the length of the hash is 160 bits. This hash value is encoded in binary format.
                 cabhSecFwPolicyFileOperStatus 1.3.6.1.2.1.1.1.1.1.4 integer read-only
inProgress(1) indicates a firewall configuration file download is underway. complete (2) indicates the firewall configuration file downloaded and configured successfully. completeFromMgt(3) This state is deprecated. failed(4) indicates the last attempted firewall configuration file download or processing failed ordinarily due to TFTP timeout. Enumeration: 'failed': 4, 'inProgress': 1, 'complete': 2.
                 cabhSecFwPolicyFileCurrentVersion 1.3.6.1.2.1.1.1.1.1.5 snmpadminstring read-only
The rule set version currently operating in the PS device. This object should be in the syntax used by the individual vendor to identify software versions. Any PS element MUST return a string descriptive of the current rule set file load. If this is not applicable, this object MUST contain an empty string.
                 cabhSecFwPolicySuccessfulFileURL 1.3.6.1.2.1.1.1.1.1.6 snmpadminstring read-only
Contains the location of the last successfull downloaded policy rule set file in the format pointed in the reference. If a successful download has not yet occurred, this MIB object should report empty string.
             cabhSecFwLogCtl 1.3.6.1.2.1.1.1.1.2
                 cabhSecFwEventType1Enable 1.3.6.1.2.1.1.1.1.2.1 integer read-write
This object enables or disables logging of type 1 firewall event messages. Type 1 event messages report attempts from both private and public clients to traverse the firewall that violate the Security Policy. Enumeration: 'enable': 1, 'disable': 2.
                 cabhSecFwEventType2Enable 1.3.6.1.2.1.1.1.1.2.2 integer read-write
This object enables or disables logging of type 2 firewall event messages. Type 2 event messages report identified Denial of Service attack attempts. Enumeration: 'enable': 1, 'disable': 2.
                 cabhSecFwEventType3Enable 1.3.6.1.2.1.1.1.1.2.3 integer read-write
Enables or disables logging of type 3 firewall event messages. Type 3 event messages report changes made to the following firewall management parameters: cabhSecFwPolicyFileURL, cabhSecFwPolicyFileCurrentVersion, cabhSecFwPolicyFileEnable Enumeration: 'enable': 1, 'disable': 2.
                 cabhSecFwEventAttackAlertThreshold 1.3.6.1.2.1.1.1.1.2.4 integer read-write
If the number of type 1 or 2 hacker attacks exceeds this threshold in the period define by cabhSecFwEventAttackAlertPeriod, a firewall message event MUST be logged with priority level 4.
                 cabhSecFwEventAttackAlertPeriod 1.3.6.1.2.1.1.1.1.2.5 integer read-write
Indicates the period to be used (in hours) for the cabhSecFwEventAttackAlertThreshold. This MIB variable should always keep track of the last x hours of events meaning that if the variable is set to track events for 10 hours then when the 11th hour is reached, the 1st hour of events is deleted from the tracking log. A default value is set to zero, meaning zero time, so that this MIB variable will not track any events unless configured.
         cabhSecCertObjects 1.3.6.1.2.1.1.1.2
             cabhSecCertPsCert 1.3.6.1.2.1.1.1.2.1 docsx509asn1derencodedcertificate read-only
The X509 DER-encoded PS certificate.
         cabhSecKerbObjects 1.3.6.1.2.1.1.1.3
             cabhSecKerbBase 1.3.6.1.2.1.1.1.3.1
                 cabhSecKerbPKINITGracePeriod 1.3.6.1.2.1.1.1.3.1.1 unsigned32 read-write
The PKINIT Grace Period is needed by the PS to know when it should start retrying to get a new ticket. The PS MUST obtain a new Kerberos ticket (with a PKINIT exchange); this may be many minutes before the old ticket expires.
                 cabhSecKerbTGSGracePeriod 1.3.6.1.2.1.1.1.3.1.2 unsigned32 read-write
The TGS Grace Period is needed by the PS to know when it should start retrying to get a new ticket. The PS MUST obtain a new Kerberos ticket (with a TGS Request); this may be many minutes before the old ticket expires.
                 cabhSecKerbUnsolicitedKeyMaxTimeout 1.3.6.1.2.1.1.1.3.1.3 unsigned32 read-write
This timeout applies to PS initiated AP-REQ/REP key management exchange with NMS. The maximum timeout is the value which may not be exceeded in the exponential backoff algorithm.
                 cabhSecKerbUnsolicitedKeyMaxRetries 1.3.6.1.2.1.1.1.3.1.4 unsigned32 read-write
The number of retries the PS is allowed for AP-REQ/REP key management exchange initiation with the NMS. This is the maximum number of retries before the PS gives up attempting to establish an SNMPv3 security association with NMS.
         cabhSec2FwObjects 1.3.6.1.2.1.1.1.4
             cabhSec2FwBase 1.3.6.1.2.1.1.1.4.1
                 cabhSec2FwEnable 1.3.6.1.2.1.1.1.4.1.1 integer read-write
This parameter indicates whether to enable or disable the firewall. Enumeration: 'disabled': 2, 'enabled': 1.
                 cabhSec2FwPolicyFileURL 1.3.6.1.2.1.1.1.4.1.2 snmpadminstring read-write
Contains the location of the last successfull downloaded policy rule set file in the format pointed in the reference. A policy rule set file download is triggered when the value used to SET this MIB is different than the value in the cabhSec2FwPolicySuccessfulFileURL object.
                 cabhSec2FwPolicyFileHash 1.3.6.1.2.1.1.1.4.1.3 octet string read-write
Hash of the contents of the firewall configuration file. For the SHA-1 authentication algorithm the length of the hash is 160 bits. This hash value is encoded in binary format.
                 cabhSec2FwPolicyFileOperStatus 1.3.6.1.2.1.1.1.4.1.4 integer read-only
InProgress(1) indicates a firewall configuration file download is underway. Complete(2) indicates the firewall configuration file was downloaded and processed successfully. Failed(3) indicates that the last attempted firewall configuration file download or processing failed. Enumeration: 'failed': 3, 'inProgress': 1, 'complete': 2.
                 cabhSec2FwPolicyFileCurrentVersion 1.3.6.1.2.1.1.1.4.1.5 snmpadminstring read-write
A label set by the cable operator that can be used to track various versions of configured rulesets. Once the label is set it and configured rules are changed, it may not accurately reflect the version of configured rules running on the box. This object MUST contain the string 'null' if has never been configured.
                 cabhSec2FwClearPreviousRuleset 1.3.6.1.2.1.1.1.4.1.6 integer read-write
Allows PS or firewall configuration files to contain either a complete firewall configured ruleset or an incremental to the already established configured ruleset depending up on its existence in the configuration file. If the PS receives a configuration file with firewall settings which includes a cabhSec2FwClearPreviousRuleset object setting marked as increment(1) or if this object setting is not included in a configuration file which contains filter settings for the firewall, then the PS MUST treat the firewall filter settings in the configuration file as an increment to the configured ruleset. If the PS receives a configuration file with firewall settings which includes a cabhSec2FwClearPreviousRuleset object setting marked as incrementDefault(3) then the PS MUST remove all previously configured rules from the configured ruleset, including any rules in the filter schedule table and increment the newly downloaded rules on top of (i.e. subsequent to) the factory default policy. If the PS receives a configuration file with firewall settings which includes a cabhSec2FwClearPreviousRuleset object setting marked as complete(2), then the PS MUST remove all previously configured rules from the configured ruleset, including any rules in cabhSec2FwFilterScheduleTable table before applying the firewall filter settings contained in the configuration file. If cabhSec2FwClearPreviousRuleset is set to increment(1) using SNMP, the PS MUST treat all of the following firewall filter settings using SNMP as an increment to the configured ruleset. If cabhSec2FwClearPreviousRuleset is set to incrementDefault(3) using SNMP, the PS MUST remove all previously configured rules from the configured ruleset, including any rules in the filter schedule table and treat all of the following firewall filter settings using SNMP as an increment on top of the factory default policy. If cabhSec2FwClearPreviousRuleset is set to complete(2), then the PS MUST remove all rules from the configured ruleset, including any rules in the filter schedule table. In this scenario the PS will operate without any configured rules, (e.g. there will be no defined filtering rules, but the firewall will still provide the minimum set of capabilities and architecture). Enumeration: 'incrementDefault': 3, 'complete': 2, 'increment': 1.
                 cabhSec2FwPolicySelection 1.3.6.1.2.1.1.1.4.1.7 integer read-write
This parameter indicates which policy should currently be running in the firewall, either the factoryDefault policy or the configuredRuleset. Enumeration: 'configuredRuleset': 2, 'factoryDefault': 1.
                 cabhSec2FwEventSetToFactory 1.3.6.1.2.1.1.1.4.1.8 truthvalue read-write
If set to 'true', entries in cabhSec2FwEventControlEntry are set to their default values. Reading this value always returns false.
                 cabhSec2FwEventLastSetToFactory 1.3.6.1.2.1.1.1.4.1.9 timestamp read-only
The value of sysUpTime when cabhSec2FwEventSetToFactory was last set to true. Zero if never reset.
                 cabhSec2FwPolicySuccessfulFileURL 1.3.6.1.2.1.1.1.4.1.10 snmpadminstring read-only
Contains the location of the last successfull downloaded policy rule set file in the format pointed in the reference. If a successful download has not yet occurred, this MIB object should report empty string.
             cabhSec2FwEvent 1.3.6.1.2.1.1.1.4.2
                 cabhSec2FwEventControlTable 1.3.6.1.2.1.1.1.4.2.1 no-access
This table controls the reporting of the Firewall Attacks events
                     cabhSec2FwEventControlEntry 1.3.6.1.2.1.1.1.4.2.1.1 no-access
Allows configuration of the reporting mechanisms for a particular type of attack.
                         cabhSec2FwEventType 1.3.6.1.2.1.1.1.4.2.1.1.1 integer no-access
Classification of the different types of attacks. Type 1 logs all attempts from both LAN and WAN clients to traverse the Firewall that violate the Security Policy. Type 2 logs identified Denial of Service attack attempts. Type 3 logs all changes made to the cabhSec2FwPolicyFileURL, cabhSec2FwPolicyFileCurrentVersion or cabhSec2FwPolicyFileEnable objects. Type 4 logs all failed attempts to modify cabhSec2FwPolicyFileURL and cabhSec2FwPolicyFileEnable objects. Type 5 logs allowed inbound packets from the WAN. Type 6 logs allowed outbound packets from the LAN. Enumeration: 'type5': 5, 'type4': 4, 'type6': 6, 'type1': 1, 'type3': 3, 'type2': 2.
                         cabhSec2FwEventEnable 1.3.6.1.2.1.1.1.4.2.1.1.2 integer read-write
Enables or disables counting and logging of firewall events by type as assigned by cabhSec2FwEventType. Enumeration: 'disabled': 2, 'enabled': 1.
                         cabhSec2FwEventThreshold 1.3.6.1.2.1.1.1.4.2.1.1.3 unsigned32 read-write
Number of attacks to count before sending the appropriate event by type as assigned by cabhSec2FwEventType.
                         cabhSec2FwEventInterval 1.3.6.1.2.1.1.1.4.2.1.1.4 unsigned32 read-write
Indicates the time interval in hours to count and log occurrences of a firewall event type as assigned in cabhSec2FwEventType. If this MIB has a value of zero then there is no interval assigned and the PS will not count or log events.
                         cabhSec2FwEventCount 1.3.6.1.2.1.1.1.4.2.1.1.5 zerobasedcounter32 read-only
Indicates the current count up to the cabhSec2FwEventThreshold value by type as assigned by cabhSec2FwEventType.
                         cabhSec2FwEventLogReset 1.3.6.1.2.1.1.1.4.2.1.1.6 truthvalue read-write
Setting this object to true clears the log table for the specified event type. Reading this object always returns false.
                         cabhSec2FwEventLogLastReset 1.3.6.1.2.1.1.1.4.2.1.1.7 timestamp read-only
The value of sysUpTime when cabhSec2FwEventLogReset was last set to true. Zero if never reset.
             cabhSec2FwLog 1.3.6.1.2.1.1.1.4.3
                 cabhSec2FwLogTable 1.3.6.1.2.1.1.1.4.3.1 no-access
Contains a log of packet information as related to events enabled by the cable operator. The types are defined in the CableHome 1.1 specification and require various objects to be included in the log. The following is a description for what is expected in the log for each type Type 1, Type 2, Type 5 and Type 6 table MUST include cabhSec2FwEventType, cabhSec2FwEventPriority, cabhSec2FwEventId, cabhSec2FwLogTime, cabhSec2FwIpProtocol, cabhSec2FwIpSourceAddr, cabhSec2FwIpDestAddr, cabhSec2FwIpSourcePort, cabhSec2FwIpDestPort, cabhSec2Fw, cabhSec2FwReplayCount. The other values not used by types 1, 2, 5 and 6 are default values. Type 3 and Type 4 MUST include cabhSec2FwEventType, cabhSec2FwEventPriority, cabhSec2FwEventId, cabhSec2FwLogTime, cabhSec2FwIpSourceAddr, cabhSec2FwLogMIBPointer. The other values not used by type 3 and 4 are default values.
                     cabhSec2FwLogEntry 1.3.6.1.2.1.1.1.4.3.1.1 no-access
Each entry contains the log of firewall events
                         cabhSec2FwLogIndex 1.3.6.1.2.1.1.1.4.3.1.1.1 unsigned32 no-access
A sequence number for the specific events under a cabhSec2FwEventType.
                         cabhSec2FwLogEventType 1.3.6.1.2.1.1.1.4.3.1.1.2 integer read-only
Classification of the different types of attacks. Type 1 logs all attempts from both LAN and WAN clients to traverse the Firewall that violate the Security Policy. Type 2 logs identified Denial of Service attack attempts. Type 3 logs all changes made to the cabhSec2FwPolicyFileURL, cabhSec2FwPolicyFileCurrentVersion or cabhSec2FwPolicyFileEnable objects. Type 4 logs all failed attempts to modify cabhSec2FwPolicyFileURL and cabhSec2FwPolicyFileEnable objects. Type 5 logs allowed inbound packets from the WAN. Type 6 logs allowed outbound packets from the LAN. Enumeration: 'type5': 5, 'type4': 4, 'type6': 6, 'type1': 1, 'type3': 3, 'type2': 2.
                         cabhSec2FwLogEventPriority 1.3.6.1.2.1.1.1.4.3.1.1.3 integer read-only
The priority level of this event as defined by CableHome Specification. If a priority is not assigned in the CableHome specification for a particular event then the vendor or cable operator may assign priorities. These are ordered from most serious (emergency) to least serious (debug). Enumeration: 'information': 7, 'notice': 6, 'emergency': 1, 'alert': 2, 'critical': 3, 'error': 4, 'debug': 8, 'warning': 5.
                         cabhSec2FwLogEventId 1.3.6.1.2.1.1.1.4.3.1.1.4 unsigned32 read-only
The assigned event ID.
                         cabhSec2FwLogTime 1.3.6.1.2.1.1.1.4.3.1.1.5 dateandtime read-only
The time that this entry was created by the PS.
                         cabhSec2FwLogIpProtocol 1.3.6.1.2.1.1.1.4.3.1.1.6 unsigned32 read-only
The IP Protocol
                         cabhSec2FwLogIpAddrType 1.3.6.1.2.1.1.1.4.3.1.1.7 inetaddresstype read-only
The type of IP addresses in the packet
                         cabhSec2FwLogIpSourceAddr 1.3.6.1.2.1.1.1.4.3.1.1.8 inetaddress read-only
The Source IP Address of the packet logged. The address type of this object is specified by cabhSec2FwLogIpAddrType.
                         cabhSec2FwLogIpDestAddr 1.3.6.1.2.1.1.1.4.3.1.1.9 inetaddress read-only
The Destination IP Address of the packet logged. The address type of this object is specified by cabhSec2FwLogIpAddrType.
                         cabhSec2FwLogIpSourcePort 1.3.6.1.2.1.1.1.4.3.1.1.10 inetportnumber read-only
The Source IP Port of the packet logged
                         cabhSec2FwLogIpDestPort 1.3.6.1.2.1.1.1.4.3.1.1.11 inetportnumber read-only
The Source IP Port of the packet logged
                         cabhSec2FwLogMessageType 1.3.6.1.2.1.1.1.4.3.1.1.12 unsigned32 read-only
The ICMP defined types.
                         cabhSec2FwLogReplayCount 1.3.6.1.2.1.1.1.4.3.1.1.13 unsigned32 read-only
The number of identical attack packets that were seen by the firewall based on cabhSec2FwLogIpProtocol, cabhSec2FwLogIpSourceAddr, cabhSec2FwLogIpDestAddr, cabhSec2FwLogIpSourcePort, cabhSec2FwLogIpDestPort and cabhSec2FwLogMessageType
                         cabhSec2FwLogMIBPointer 1.3.6.1.2.1.1.1.4.3.1.1.14 variablepointer read-only
Identifies if the cabhSec2FwPolicyFileURL or the cabhSec2FwEnable MIB object changed or an attempt was made to change it.
             cabhSec2FwFilter 1.3.6.1.2.1.1.1.4.4
                 cabhSec2FwFilterScheduleTable 1.3.6.1.2.1.1.1.4.4.1 no-access
Extends the filtering matching parameters of docsDevFilterIpTable defined in RFC 2669 for CableHome Residential Gateways to include time day intervals and days of the week.
                     cabhSec2FwFilterScheduleEntry 1.3.6.1.2.1.1.1.4.4.1.1 no-access
Extended values for entries of docsDevFilterIpTable. If the PS has not acquired ToD the entire docsDevFilterIpEntry rule set is ignored.
                         cabhSec2FwFilterScheduleStartTime 1.3.6.1.2.1.1.1.4.4.1.1.1 dateandtime read-only
The start time, with optional time zone, for a firewall filter ruleset. Only the time portion of the DateAndTime TEXTUAL-CONVENTION have a meaning.
                         cabhSec2FwFilterScheduleEndTime 1.3.6.1.2.1.1.1.4.4.1.1.2 dateandtime read-only
The end time, with optional time zone, for a firewall filter ruleset. Only the time portion of the DateAndTime TEXTUAL-CONVENTION have a meaning.
                         cabhSec2FwFilterScheduleDOW 1.3.6.1.2.1.1.1.4.4.1.1.3 bits read-only
If the day of week bit associated with the PS given day is '1', this object criteria matches. Bits: 'monday': 1, 'tuesday': 2, 'friday': 5, 'wednesday': 3, 'thursday': 4, 'sunday': 0, 'saturday': 6.
     cabhSecNotification 1.3.6.1.2.1.1.2
     cabhSecConformance 1.3.6.1.2.1.1.3
         cabhSecCompliances 1.3.6.1.2.1.1.3.1
             cabhSecCompliance 1.3.6.1.2.1.1.3.1.1
The compliance statement for CableHome Security.
         cabhSecGroups 1.3.6.1.2.1.1.3.2
             cabhSecGroup 1.3.6.1.2.1.1.3.2.1
Group of objects in CableHome 1.0 Firewall MIB.
             cabhSecCertGroup 1.3.6.1.2.1.1.3.2.2
Group of objects in CableHome gateway for PS Certificate.
             cabhSecKerbGroup 1.3.6.1.2.1.1.3.2.3
Group of objects in CableHome gateway for Kerberos.
             cabhSec2Group 1.3.6.1.2.1.1.3.2.4
Group of objects in CableHome 1.1 Firewall MIB.