SNMP question

From: Jonathan Williams (jonathw_at_shubertorg.com)
Date: 04/30/03

  • Next message: Jonathan Williams: "SUMMARY: SNMP question" 
    Date: Wed, 30 Apr 2003 15:11:39 -0400
To: tru64-unix-managers <tru64-unix-managers@ornl.gov>

    We recently had a security audit done on our systems (ES40 ES45 running a
    mixture of Tru64 5.1a and 5.1b). One of the items that came up as a problem was
    that an SNMP agent responds to the community name "public". They suggest
    setting the community strings to a non-default name.
    Now I really don't know anything about SNMP, but I did a little digging and
    found the config file /etc/snmpd.conf and took a look at it. Sure enough, there
    was a line that read "community public 0.0.0.0 read" and this
    was the only "community" line in the file. So on a test system I just commented
    out this line, did a "/sbin/init.d/snmpd read", and did an SNMP request from
    another system (snmp_request <system name> public get 1.3.6.1.2.1.1.1.0) and got
    a "no reply" which I figure is a good thing (this same request done on another
    system came up with lots of system info).
    I was just wondering if it was OK to leave this line commented out? Or should I
    change the name "public" to something else? I figure this has something to do
    with email (but I could be wrong), and being we don't have any email programs
    running on these systems, I figure I could just leave this commented out. I
    know this is probably a "newb" question, but the bosses want any security holes
    plugged ASAP. TIA

    Jonathan Williams
    Unix Systems Administrator
    The Shubert Organization, Inc.

  • Next message: Jonathan Williams: "SUMMARY: SNMP question"