Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.22.1 < 8.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-simp_snmpd', '1.1.0'
Learn more about managing modules with a PuppetfileDocumentation
Table of Contents
- Description
- Setup - The basics of getting started with simp_snmp
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
This module is a SIMP Puppet profile for setting up SNMP v3, and USM configuration.
This is a SIMP module
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they should be submitted to our bug tracker.
This module is designed for use within a SIMP ecosystem, but it can be used independently.
-
When included within a SIMP ecosystem, security compliance settings will be managed from the Puppet server.
-
If used independently, all SIMP-managed security subsystems are disabled by default and must be explicitly opted into by administrators. Please review the parameters in
simp/simp_options
for details.
This module is a simp profile module and configures snmp using version 3 with usm authentication. To configure snmp in a different way use puppet-snmp directly.
#TODO add tsm and configure snmp to use encryption
Setup
What simp_snmp Affects
This profile wraps around the puppet-snmp module. It is designed to:
- Install the
net-snmpd
package - Configure and manage the
snmpd
service - Optionally install the
net-snmp-utils
package and manage clients
NOTE: This module does not configure snmptrapd
. This module will,
default, ensure snmptrapd
is stopped and disabled. If you decide to enable
snmptrapd
, you must configure it manually.
Beginning With simp_snmp
Install the puppet-snmp
and pupmod-simp-simp_snmpd
modules. The net-snmp
and net-snmp-utils
packages and their dependencies must be available through
the package manager.
Usage
Simp_snmpd configures the snmpd daemon to listen only on the local interface by default.
Set the following in hieradata to configure snmpd
to Listen on UDP port 161
on the local interface and tcp on the interface with the ipaddress associated
with the hostname. For more information, see the LISTENING ADDRESS section
of the snmpd
man page.
---
simp_snmpd::agentaddress:
- udp:localhost:161
- tcp:%{facts.fqdn}:161
classes:
- simp_snmpd
Or, via instantiation:
class { simp_snmpd:
agentaddress => ["udp:${facts['fqdn']}:161",'udp:localhost:161']
}
See the "Access" section for details on how the access is configured.
There are a few snmp options that can be configured directly from this
module via hiera. Other changes to the configuration can be done
by adding configuration files to the user snmpd dir. Set
simp_snmpd::include_userdir
to true in hiera, and add configuration files
to the directory defined by simp_snmpd::user_snmpd_dir
,
by default /etc/snmp/snmpd.d
.
Access
simp_snmpd
configures access using the User-based Security Module (USM)
and View-based Access Control Model (VACM). By default, it
will create two users:
-
snmp_ro
: A user with readonly access to the system information only -
snmp_rw
: A user with read/write access to all SNMP variables- Both users and access are configurable via hiera. See the SIMP user guide, How To Configure SNMPD for more information.
- User passwords are automatically generated using SIMP's passgen from the simplib module. The SIMP user guide General Administration section gives information on where these passwords are stored.
- The passwords for the users are configured when SNMP is configured the
first time. If you need to change them, you will need to use the
snmpusm
command, or remove/var/lib/net-snmp
and runpuppet
again to regenerate all of them.
Logging
simp_snmpd
is configured to send logs to the system daemon. If simp_options
syslog and logrotate are enabled, it will configure rsyslog rules to send
logging to /var/log/snmpd.log
.
This is configured via the simp_snmpd::snmpd_options
setting. These are
the options sent to the snmpd daemon on start up. By default it is logging
to facility 6 which will be forwarded to the server if log forwarding is enabled.
For more information on these options see the man page for snmpcmd,
the Logging section. Snmpcmd
and its man pages are installed with the
net-snmp-utils
package.
Firewall
If simp_options
firewall is enabled, it will parse the
simp_snmpd::agentaddress
list and configure iptables rules to open those
ports to the trusted nets. If you want only the SNMP manager to be able to
access the system, set simp_snmpd::trusted_nets
to include only the manager
systems addresses.
SNMP System Information
simp_snmpd
configures some basic system information: contact, location
system name, and services, in the snmpd configuration directory. These settings
can be changed via hiera, instantiation, by creating a configuration file
in the user directory.
NOTE: If the system variables are set in a configuration file then net-snmp
marks them as not writable and will not allow them to be changed via snmpset
or other client utilities.
To be able to set information via a client, set simp_snmpd::system_info
to
false and the defaults will not be set in the configuration file.
SNMP Client
By default, the snmpd utilities (snmpget
, snmpset
, etc.) are not included. To
include them, set simp_snmp::manage_client
to true.
Reference
More information is included in the SIMP User Guide under SIMP HOWTO Guides: Configure SNMP. It includes information on copying additional MIBS and modules to the system.
Limitations
This is a SIMP Profile. It will not expose all options of the underlying modules, only the ones that are conducive to a supported SIMP infrastructure. If you need to do things that this module does not cover, you may need to create your own profile or inherit this profile and extend it to meet your needs.
SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux
and compatible distributions, such as CentOS. Please see the
metadata.json
file for the most up-to-date list of
supported operating systems, Puppet versions, and module dependencies.
Development
Please read our Contribution Guide.
Acceptance tests
This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:
bundle install
bundle exec rake beaker:suites
Please refer to the SIMP Beaker Helpers documentation for more information.
Reference
Table of Contents
Classes
simp_snmpd
: Configures the snmpd daemon. Currently, it only uses v3 USM.simp_snmpd::config
: Configure the SNMPD servicesimp_snmpd::config::agent
: Set up sensible agent defaultssimp_snmpd::config::firewall
: Ensure that firewall rules are definedsimp_snmpd::config::logging
: Ensures that appropriate logging rules are definedsimp_snmpd::config::tcpwrappers
: This class is meant to be called from simp_snmp.simp_snmpd::install
: Set up snmp group/user if needed, and subsequently change permissionssimp_snmpd::install::snmpduser
: Create systems users for running snmpd daemon and owning the snmpd filessimp_snmpd::install::vacmusers
: Create v3 users from user hashsimp_snmpd::rsync
: Set up MIBs in rsync
Functions
simp_snmpd::accesslist
: parse the access hash and return strings that for access entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD dsimp_snmpd::firewall_list
: function to return a list of protocol and ports to open in iptables for snmpd to work.simp_snmpd::grouplist
: parse the group hash and return strings for group entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describesimp_snmpd::viewlist
: parse the view hash and return strings that for view entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD descr
Data types
Simp_snmpd::Seclevel
: The default authentication level for the client to use in snmp.confSimp_snmpd::Secmodel
: type Simp_snmpd::Secmodel = Enum['usm','v1','v2c','tsm','ksm'] Right now usm is the only type suppoerted by this module. If you want to use aSimp_snmpd::Vacmlevel
: The default type to use in VACM access directives
Classes
simp_snmpd
- This module does not configure the snmptrap service.
Trap service parameters SNMPD Agent Parameters Settings for rsync USM/VACM parameters snmp.conf access configuration default items. These are also used to set up view and access directives if specific settings are not used in the hash. snmpd.conf system info parameters If the system parameters are set in the snmpd.conf files net-snmp sets them as not writeable and they can not be changed by an 'set' call from an snmpd client or manager. If you want to set them this way the change simp_snmpd::system_info to false. SIMP parameters used
- See also
- man
- snmpd for options.
- man
An array of listening addresses for the snmpd to listen on. This array is also used by the config/firewall.pp to open ports if iptables is being used.* snmpd in the LISTENING ADDRESSES section for more details.
- man
This setting disables the log messages for accepted connections. Denied connections will still be logged.* snmpd.conf AGENT BEHAVIOR section for more information on the
- man
- snmpd.conf AGENT BEHAVIOR section for more information on the
- man
- snmpd.conf AGENT BEHAVIOR section for more information on the
- man
A hash of users to create for usm access. Also see README for details* snmpd.conf SNMPv3 with the User-based Security Model (USM) section
- man
Parameters
The following parameters are available in the simp_snmpd
class.
ensure
Data type: Enum['present','absent']
present (default) will install files and packages absent make sure they are not installed.
Default value: 'present'
manage_client
Data type: Boolean
tell puppet snmp to manage client. install the net-simp-utils. These are command line utilities.
Default value: false
package_ensure
Data type: String
If set to "latest" snmp will try to update to the latest version of the package available, otherwise it will just check it is installed
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
version
Data type: Integer
The version of snmp protocol to use. At this time the simp_snmpd profile only manages v3, to configure older versions use the snmp module directly.
Default value: 3
snmp_basedir
Data type: StdLib::AbsolutePath
Base directory for snmp configuration files
Default value: '/etc/snmp'
logfile
Data type: StdLib::AbsolutePath
Full path to local log file for snmpd
Default value: '/var/log/snmpd.log'
service_config
Data type: StdLib::AbsolutePath
Location of the snmpd daemon configuration file
Default value: "${simp_snmpd::snmp_basedir}/snmpd.conf"
simp_snmpd_dir
Data type: StdLib::AbsolutePath
Directory of *.conf files which include snmpd directives. Files in this directory are managed by puppet.
Default value: "${simp_snmpd::snmp_basedir}/simp_snmpd.d"
include_userdir
Data type: Boolean
If set to true the user_snmpd_dir will be created and an include directive for it put in the service_config file. This will allow users to override values in the service config file or add values that are not included by the interface.
Default value: false
user_snmpd_dir
Data type: StdLib::AbsolutePath
Directory where users can include *.conf files with snmpd configuration items that will be included. This directory is not managed by simp. Users can put additional configurations files in this directory. This directory is only included if include_userdir is set to true.
Default value: "${simp_snmpd::snmp_basedir}/snmpd.d"
snmpd_service_ensure
Data type: Enum['stopped', 'running']
Set the snmpd daemon service to stopped or running
Default value: 'running'
snmpd_service_startatboot
Data type: Boolean
Start the snmpd service at boot
Default value: true
trap_service_ensure
Data type: Enum['stopped', 'running']
Set the snmptrap daemon service to stopped or running
Default value: 'stopped'
trap_service_startatboot
Data type: Boolean
Start the snmptrap service at boot
Default value: false
trap_service_config
Data type: StdLib::AbsolutePath
Location of the trap configuration file
Default value: "${simp_snmpd::snmp_basedir}/snmptrapd.conf"
user_trapd_dir
Data type: StdLib::AbsolutePath
Directory where users can place snmptrap configuration files. This profile does not configure snmptrap but buts down a configuration file that tells the snmptrap daemon to look in this directory for configuration files. This directory is only created if trap_service_ensure is set to running.
Default value: "${simp_snmpd::snmp_basedir}/snmptrapd.d"
snmptrapd_options
Data type: Optional[String]
Options to pass to the trap daemon on start up.
Default value: undef
snmpd_options
Data type: String
The options passed to the snmpd daemon at start up. The default sends info through critical to local6.
agentaddress
Data type: Array[String]
Default value: ['udp:127.0.0.1:161']
do_not_log_tcpwrappers
Data type: Enum['yes','no']
Default value: 'no'
maxgetbulkrepeats
Data type: Integer
Sets the maximum number of responses allowed for a single variable in a getbulk request
Default value: 100
maxgetbulkresponses
Data type: Integer
Sets the maximum number of responses allowed for a getbulk request.
Default value: 100
leave_pidfile
Data type: Enum['yes','no']
Leave the pid file when snmpd exits
Default value: 'no'
service_config_perms
Data type: Stdlib::Filemode
permissions on the configuration files
Default value: '0600'
service_config_dir_perms
Data type: Stdlib::Filemode
permissions on the configuration directories
Default value: '0750'
service_config_dir_owner
Data type: String
owner of configuration files/dirs
Default value: 'root'
service_config_dir_group
Data type: String
group of configuration files/dirs
Default value: 'root'
manage_snmpd_user
Data type: Boolean
Set to true if you want puppet to create the user for config files
Default value: false
manage_snmpd_group
Data type: Boolean
Set to true if you want puppet to create the group for config files
Default value: false
snmpd_uid
Data type: Optional[Integer]
The uid used when creating the service_config_dir_owner
Default value: undef
snmpd_gid
Data type: Optional[Integer]
The gid used when creating the service_config_dir_group
Default value: undef
rsync_server
Data type: Simplib::Host
The rsync server from which to pull the files.
Default value: simplib::lookup('simp_options::rsync::server', { 'default_value' => '127.0.0.1' })
rsync_source
Data type: String
The source of the content to be rsync' as defined in the rsyncd.conf file on the rsync server.
Default value: "snmp_${::environment}_${facts['os']['name']}"
rsync_timeout
Data type: Integer
The timeout when connecting to the rsync server.
Default value: simplib::lookup('simp_options::rsync::timeout', { 'default_value' => 2 })
rsync_dlmod
Data type: Boolean
Whether to enable rsync to copy dlmod modules to the dlmod directory
Default value: false
rsync_dlmod_dir
Data type: Optional[StdLib::AbsolutePath]
The full path for the directory to use for dlmod rsync.
Default value: '/usr/lib64/snmp'
dlmods
Data type: Optional[Array[String]]
List of modules to load into snmpd from the rsync_dlmod directory
Default value: undef
rsync_mibs
Data type: Boolean
Whether to enable rsync for MIBS
Default value: false
rsync_mibs_dir
Data type: Optional[StdLib::AbsolutePath]
The full path for the directory to rsync mibs too. It does not remove what is already there.
Default value: '/usr/share/snmp'
v3_users_hash
Data type: Hash
v3_users_hash
hash of users to create for USM.
view_hash
Data type: Hash
Hash of views to create for VACM
group_hash
Data type: Hash
Hash of groups to create for VACM
access_hash
Data type: Hash
Hash of access entrys to create for VACM.
defauthtype
Data type: Enum['SHA','MD5']
The default authentication type used for clients.
Default value: 'SHA'
defprivtype
Data type: Enum['DES', 'AES']
The default privacy type used for encrypting communication when using usm.
Default value: 'AES'
defsecuritymodel
Data type: Simp_snmpd::Secmodel
currently simp_snmpd only supports the usm security model.
Default value: 'usm'
defsecuritylevel
Data type: Simp_snmpd::Seclevel
The default security level used by the client
Default value: 'authPriv'
defvacmlevel
Data type: Simp_snmpd::Vacmlevel
The default security level for the VACM access directives.
Default value: 'priv'
system_info
Data type: Boolean
Deprecated (puppet-snmp does not allow you to not set these).
Default value: true
location
Data type: String
sets sysLocation in snmp
Default value: 'Unknown'
sysname
Data type: String
sets sysName in snmp
Default value: $facts['fqdn']
contact
Data type: String
sets sysContact in snmp
Default value: "root@${facts['fqdn']}"
services
Data type: Integer
sets sysServices in snmp
Default value: 72
fips
Data type: Boolean
If FIPS should be enabled or not. FIPS mode does not allow MD5 or DES macs/ciphers.
Default value: simplib::lookup('simp_options::fips', { 'default_value' => false })
firewall
Data type: Boolean
Whether include modules that will use agentaddress array to open ports in iptables.
Default value: simplib::lookup('simp_options::firewall', { 'default_value' => false })
trusted_nets
Data type: Simplib::Netlist
Networks that will be allowed to access the snmp ports opened by the firewall.
Default value: simplib::lookup('simp_options::trusted_nets', { 'default_value' => ['127.0.0.1'] })
syslog
Data type: Boolean
Default value: simplib::lookup('simp_options::syslog', { 'default_value' => false })
logrotate
Data type: Boolean
If these variables are set then rules will be added to rsyslog to log snmp messages to /var/log/snmpd.log and set up log rotation.
Default value: simplib::lookup('simp_options::logrotate', { 'default_value' => false })
tcpwrappers
Data type: Boolean
Whether or not the system is using tcpwrappers to control access.
Default value: simplib::lookup('simp_options::tcpwrappers', { 'default_value' => false })
simp_snmpd::config
Configure the SNMPD service
simp_snmpd::config::agent
Set up sensible agent defaults
simp_snmpd::config::firewall
For anything in the $listenagent
array, it will determine if ports on the
firewall need to be opened.
- Ignores any entries for
ipx
orpvc
at this time- Firewall rules will have to be set up manually if these transport services are being used.
simp_snmpd::config::logging
Ensures that appropriate logging rules are defined
simp_snmpd::config::tcpwrappers
simp_snmpd::config::tcpwrappers
It ensures that tcpwrappers rules are defined.
simp_snmpd::install
- Set defaults in snmp.conf
- Disable v2 setup
simp_snmpd::install::snmpduser
Create systems users for running snmpd daemon and owning the snmpd files
simp_snmpd::install::vacmusers
Create v3 users from user hash
Parameters
The following parameters are available in the simp_snmpd::install::vacmusers
class.
daemon
Data type: Enum['snmpd','snmptrapd']
The daemon that the users is meant to access.
Default value: 'snmpd'
simp_snmpd::rsync
Set up MIBs in rsync
Functions
simp_snmpd::accesslist
Type: Ruby 4.x API
parse the access hash and return strings that for access entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.
simp_snmpd::accesslist(Hash $access_hash, String $defaultmodel, String $defaultlevel)
parse the access hash and return strings that for access entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.
Returns: Any
An array of strings that define VACM access lines for use in snmpd.conf files.
access_hash
Data type: Hash
The list of accesses to create.
defaultmodel
Data type: String
The default Security model to use if that entry is not defined in the hash entry
defaultlevel
Data type: String
The default Security level to use if that entry is not defined in the hash entry
simp_snmpd::firewall_list
Type: Ruby 4.x API
function to return a list of protocol and ports to open in iptables for snmpd to work.
simp_snmpd::firewall_list(Array $agent_array)
function to return a list of protocol and ports to open in iptables for snmpd to work.
Returns: Any
A list of protocols and ports that must be opened.
agent_array
Data type: Array
The array of agent addresses that the snmpd will listen on.
simp_snmpd::grouplist
Type: Ruby 4.x API
parse the group hash and return strings for group entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.
simp_snmpd::grouplist(Hash $group_hash, String $defaultmodel)
parse the group hash and return strings for group entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.
Returns: Any
An array of strings that define groups for use for access in snmpd.conf files.
group_hash
Data type: Hash
The list of groups to create.
defaultmodel
Data type: String
The default Security model to use if that entry is not defined in the hash entry
simp_snmpd::viewlist
Type: Ruby 4.x API
parse the view hash and return strings that for view entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.
simp_snmpd::viewlist(Hash $view_hash)
parse the view hash and return strings that for view entries for the snmpd.conf file @see The SIMP user guide HOW TO: Configure SNMPD describes the hashes in detail.
Returns: Any
An array of strings that define VACM view lines for use in snmpd.conf files.
view_hash
Data type: Hash
The list of views to create.
Data types
Simp_snmpd::Seclevel
The default authentication level for the client to use in snmp.conf
Alias of Enum['noAuthNoPriv', 'authNoPriv', 'authPriv']
Simp_snmpd::Secmodel
type Simp_snmpd::Secmodel = Enum['usm','v1','v2c','tsm','ksm'] Right now usm is the only type suppoerted by this module. If you want to use another type, use the puppet/snmp module directly
Alias of Enum['usm']
Simp_snmpd::Vacmlevel
The default type to use in VACM access directives
Alias of Enum['noauth', 'auth', 'priv']
- Thu Jun 17 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 1.1.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Wed Feb 03 2021 Liz Nemsick lnemsick.simp@gmail.com - 1.0.1
- Expanded simp/rsyslog dependendency range to < 9.0.0.
- Sat Dec 19 2020 Chris Tessmer chris.tessmer@onyxpoint.com - 1.0.1
- Removed EL6 support
- Fri Oct 30 2020 Jeanne Greulich jeanne.greulich@onyxpoint.com - 1.0.0-0
- This module was updated to use puppet-snmp v5.1.2 and work on EL8 with simp 6.5.
- The user configuration directories for snmpd are not included by default. To include and create these directories set simp_snmpd::include_userdir to true.
- Parameters to allow the user to change the owner, group and permissions of the snmp configuration directories and files have been added.
- The default security level for VACM access directives was changed to simp_snmpd::defvacmlevel from simp_snmpd::defsecuritylevel. simp_snmpd::defsecuritylevel was used to set both the client and VACM levels but this did not work correctly because the client uses different values. Use simp_snmpd::defvacmlevel to change the default security level of the VACM access statements. (The default has not changed, it is still 'priv'.)
- Added in the permission options for the configuration files and directory so users could change them.
- simp_snmpd::services was changed from a String to and Integer to be compatible with the new module.
- The permissions on the mib and dlmod dirs are set using basic group settings instead of acls.
- The default options for the snmpd daemon for el6 were updated to include setting the pid file. Without this restarting the daemon in el6 failed.
- Thu Jul 23 2020 Jeanne Greulich jeanne.greulich@onyxpoint.com - 0.2.1-0
- update the upper bound of simplib for SIMP 6.5 release
- Fri Aug 02 2019 Robert Vincent pillarsdotnet@gmail.com - 0.2.0-0
- Drop Puppet 4 support
- Add Puppet 6 support
- Add puppetlabs-stdlib 6 support
- Tue Feb 12 2019 Liz Nemsick lnemsick.simp@gmail.com - 0.1.2-0
- Use simplib::passgen() in lieu of passgen(), a deprecated simplib Puppet 3 function.
- Expanded the upper limit of the stdlib Puppet module version
- Updated a URL in the README.md
- Update miniminum version of snmp module to 4.1.0. This project is now maintained by Vox Pupuli and has changed from razorsedge-snmp to puppet-snmp.
- Wed Nov 21 2018 Adam Yohrling adam.yohrling@onyxpoint.com - 0.1.1-0
- Add Oracle Linux Support
- Fri Nov 02 2018 Liz Nemsick lnemsick.simp@gmail.com - 0.1.0-0
- Update badges in README.md
- Fri Oct 26 2018 Jeanne Greulich jeanne.greulich@onyxpoint.com - 0.1.0-0
- Changed name back to razorsedge because we have not updated the puppet-snmp module yet
- Wed Oct 24 2018 Jeanne Greulich jeanne.greulich@onyxpoint.com - 0.1.0-0
- Update to puppet 5
- Moved common parameters to init to help ease of use.
- Mon Sep 10 2018 Liz Nemsick lnemsick.simp@gmail.com - 0.1.0-0
- Update Hiera 4 to Hiera 5
- Thu Jun 14 2018 Nick Miller nick.miller@onyxpoint.com - 0.0.3-0
- Update fixtures and other assets
- Mon Sep 18 2017 Liz Nemsick lnemsick.simp@gmail.com - 0.0.2-0
- Remove link in acceptance test to allow module to be published to PuppetForge
- Tue Sep 05 2017 Jeanne Greulich jeanne.greulich@onyxpoint.com - 0.0.1-0
- First cut of the SIMP SNMPD profile module
Dependencies
- simp/simplib (>= 4.5.0 < 5.0.0)
- puppet/snmp (>= 5.1.0 < 6.0.0)
- puppetlabs/stdlib (>= 6.6.0 < 8.0.0)
simp_snmp - Profile module for SNMP Per Section 105 of the Copyright Act of 1976, these works are not entitled to domestic copyright protection under US Federal law. The US Government retains the right to pursue copyright protections outside of the United States. The United States Government has unlimited rights in this software and all derivatives thereof, pursuant to the contracts under which it was developed and the License under which it falls. --- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.