HPE Community
Operating System - HP-UX
1819805 Members
3048 Online
109607 Solutions
New Discussion юеВ

SNMP Vulnerability

 
SOLVED
Go to solution
Bruce Baillie
Regular Advisor

тАО09-01-2004 04:11 AM

тАО09-01-2004 04:11 AM

SNMP Vulnerability

Our security scans show a SNMP vulnerability. I installed all HP-UX 11.00 patches recomended by the security advisories but the system still does not pass the scan. The recommended workaround is to disable SNMP. This is an NFS client and also needs FTP. What will happen if I disable SNMP?
Why can't we all get along?
0 Kudos
5 REPLIES 5
Jeff_Traigle
Honored Contributor

тАО09-01-2004 04:16 AM

тАО09-01-2004 04:16 AM

Re: SNMP Vulnerability

Nothing unless you're monitoring the system with a tool that uses it (Tivoli or ITO). No network services the system provides to clients depends on SNMP.
--
Jeff Traigle
0 Kudos
Sridhar Bhaskarla
Honored Contributor

тАО09-01-2004 04:20 AM

тАО09-01-2004 04:20 AM

Re: SNMP Vulnerability

Hi,

Unless you are using SNMP to manage your systems through any network management station like HP Openview/NNM/VPO etc., disabling SNMP will not have any affect on the systems.

If you are using SNMP, atleast you can set a community name so that others cannot query your system using the default community name. To set the community name, edit /etc/SnmpAgent.d/snmpd.conf and add

get-community-name:
set-community-name:

Restart SNMP from /sbin/init.d scripts
and make sure your management station knows these strings.

NFS and ftp are not affected by SNMP.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Geoff Wild
Honored Contributor

тАО09-01-2004 04:24 AM

тАО09-01-2004 04:24 AM

Re: SNMP Vulnerability

Or just secure up snmp

change the get-community-name from public to something else

man snmpd.conf for more info...



Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Sundar_7
Honored Contributor

тАО09-01-2004 04:28 AM

тАО09-01-2004 04:28 AM

Solution

Re: SNMP Vulnerability

Bruce,

Most probably you have the default SET/GET community name for the SNMP.

The default community name is public. That could be the reason why your security scan is complaing

Change the community name in /etc/SnmpAgent.d/snmpd.conf

If you disable SNMP, then often your network monitoring tools fail, like if you have Network Node Manager running in your enterprise to monitor the up/down status of the systems.

If you change the community name, again that is goign to break the Network monitoring tools.

So, analyze the consequences before disabling SNMP or changing the community name

Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Bruce Baillie
Regular Advisor

тАО09-01-2004 04:45 AM

тАО09-01-2004 04:45 AM

Re: SNMP Vulnerability

close
Why can't we all get along?
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.