From: Jonathan Williams (jonathw@shubertorg.com)
Date: Wed Apr 30 2003 - 15:11:39 EDT
We recently had a security audit done on our systems (ES40 ES45 running a
mixture of Tru64 5.1a and 5.1b). One of the items that came up as a problem was
that an SNMP agent responds to the community name "public". They suggest
setting the community strings to a non-default name.
Now I really don't know anything about SNMP, but I did a little digging and
found the config file /etc/snmpd.conf and took a look at it. Sure enough, there
was a line that read "community public 0.0.0.0 read" and this
was the only "community" line in the file. So on a test system I just commented
out this line, did a "/sbin/init.d/snmpd read", and did an SNMP request from
another system (snmp_request <system name> public get 1.3.6.1.2.1.1.1.0) and got
a "no reply" which I figure is a good thing (this same request done on another
system came up with lots of system info).
I was just wondering if it was OK to leave this line commented out? Or should I
change the name "public" to something else? I figure this has something to do
with email (but I could be wrong), and being we don't have any email programs
running on these systems, I figure I could just leave this commented out. I
know this is probably a "newb" question, but the bosses want any security holes
plugged ASAP. TIA
Jonathan Williams
Unix Systems Administrator
The Shubert Organization, Inc.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:17 EDT