HPE Community
Operating System - HP-UX
1832645 Members
2999 Online
110043 Solutions
New Discussion

weak snmp string

 
SOLVED
Go to solution
Mark Harshman_1
Regular Advisor

‎10-02-2007 01:28 AM

‎10-02-2007 01:28 AM

weak snmp string

i have a security issue for weak SNMP security. is there a patch that can fix this?
Weak SNMP Community String ’public’ Found
Weak SNMP Community String ’snmpd’ Found

running HPUX 11.11

thanks
Never underestimate the power of stupid people in large groups
0 Kudos
Reply
4 REPLIES 4
Torsten.
Acclaimed Contributor

‎10-02-2007 01:31 AM

‎10-02-2007 01:31 AM

Re: weak snmp string

Where did you find this string?

On the OS or the MP/GSP?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Mark Harshman_1
Regular Advisor

‎10-02-2007 01:36 AM

‎10-02-2007 01:36 AM

Re: weak snmp string

i am not sure. the warning comes from our security group that scans servers for issues, then tells us they need to be fixed. as you might expect they don't provide alot of info.
Never underestimate the power of stupid people in large groups
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎10-02-2007 01:44 AM

‎10-02-2007 01:44 AM

Re: weak snmp string

You should ask them for the IP address at least and resolve this address.

Older GSP/MP firmware versions used to have "public" set by default. The value was not changable. With newer versions you can change or disable.

For the OS this value is set in

/etc/snmpd.conf
...
get-community-name: public

Change it and restart the daemon.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎10-02-2007 01:47 AM

‎10-02-2007 01:47 AM

Solution

Re: weak snmp string

Just update /etc/snmpd.conf

Change get-community-name: public

to whatever you like - say secret

Then you have to stop/start snmpd

For 11.11, just re-run the daemon:

Stop SNMP

/sbin/init.d/SnmpTrpDst stop
/sbin/init.d/SnmpMib2 stop
/sbin/init.d/SnmpHpunix stop
/sbin/init.d/SnmpMaster stop


Start SNMP

/sbin/init.d/SnmpMaster start
/sbin/init.d/SnmpHpunix start
/sbin/init.d/SnmpMib2 start
/sbin/init.d/SnmpTrpDst start




Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.