https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859066#M566319 Hi,<BR /><BR />Unless you are using SNMP to manage your systems through any network management station like HP Openview/NNM/VPO etc., disabling SNMP will not have any affect on the systems.<BR /><BR />If you are using SNMP, atleast you can set a community name so that others cannot query your system using the default community name. To set the community name, edit /etc/SnmpAgent.d/snmpd.conf and add<BR /><BR />get-community-name: <SOME_STRING> <BR />set-community-name: <SOME_STRING><BR /><BR />Restart SNMP from /sbin/init.d scripts<BR />and make sure your management station knows these strings.<BR /><BR />NFS and ftp are not affected by SNMP.<BR /><BR />-Sri</SOME_STRING></SOME_STRING> Wed, 01 Sep 2004 11:20:09 GMT Sridhar Bhaskarla 2004-09-01T11:20:09Z https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859064#M566317 Our security scans show a SNMP vulnerability. I installed all HP-UX 11.00 patches recomended by the security advisories but the system still does not pass the scan. The recommended workaround is to disable SNMP. This is an NFS client and also needs FTP. What will happen if I disable SNMP? Wed, 01 Sep 2004 11:11:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859064#M566317 Bruce Baillie 2004-09-01T11:11:54Z https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859065#M566318 Nothing unless you're monitoring the system with a tool that uses it (Tivoli or ITO). No network services the system provides to clients depends on SNMP. Wed, 01 Sep 2004 11:16:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859065#M566318 Jeff_Traigle 2004-09-01T11:16:21Z https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859066#M566319 Hi,<BR /><BR />Unless you are using SNMP to manage your systems through any network management station like HP Openview/NNM/VPO etc., disabling SNMP will not have any affect on the systems.<BR /><BR />If you are using SNMP, atleast you can set a community name so that others cannot query your system using the default community name. To set the community name, edit /etc/SnmpAgent.d/snmpd.conf and add<BR /><BR />get-community-name: <SOME_STRING> <BR />set-community-name: <SOME_STRING><BR /><BR />Restart SNMP from /sbin/init.d scripts<BR />and make sure your management station knows these strings.<BR /><BR />NFS and ftp are not affected by SNMP.<BR /><BR />-Sri</SOME_STRING></SOME_STRING> Wed, 01 Sep 2004 11:20:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859066#M566319 Sridhar Bhaskarla 2004-09-01T11:20:09Z https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859067#M566320 Or just secure up snmp<BR /><BR />change the get-community-name from public to something else<BR /><BR />man snmpd.conf for more info...<BR /><BR /><BR /><BR />Rgds...Geoff Wed, 01 Sep 2004 11:24:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859067#M566320 Geoff Wild 2004-09-01T11:24:04Z https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859068#M566321 Bruce,<BR /><BR /> Most probably you have the default SET/GET community name for the SNMP.<BR /><BR /> The default community name is public. That could be the reason why your security scan is complaing<BR /><BR /> Change the community name in /etc/SnmpAgent.d/snmpd.conf<BR /><BR /> If you disable SNMP, then often your network monitoring tools fail, like if you have Network Node Manager running in your enterprise to monitor the up/down status of the systems.<BR /><BR /> If you change the community name, again that is goign to break the Network monitoring tools. <BR /><BR /> So, analyze the consequences before disabling SNMP or changing the community name<BR /><BR />Sundar. Wed, 01 Sep 2004 11:28:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859068#M566321 Sundar_7 2004-09-01T11:28:56Z https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859069#M566322 close Wed, 01 Sep 2004 11:45:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/snmp-vulnerability/m-p/4859069#M566322 Bruce Baillie 2004-09-01T11:45:59Z