Rules Related To 'net-snmp'

Component overview

Relevant packages:

Relevant groups:

Changelog:

No changes recorded.

Relevant rules:

Rule details

Uninstall net-snmp Package

package_net-snmp_removed

Description

The snmp package provides the snmpd service. The snmp package can be removed with the following command:

$ apt-get remove snmp

Rationale

If there is no need to run SNMP server software, removing the package provides a safeguard against its activation.

Disable snmpd Service

service_snmpd_disabled

Description

The snmpd service can be disabled with the following command:

$ sudo systemctl mask --now snmpd.service

Rationale

Running SNMP software provides a network-based avenue of attack, and should be disabled if not needed.

Ensure SNMP Read Write is disabled

snmpd_no_rwusers

Description

Edit /etc/snmp/snmpd.conf, remove any rwuser entries. Once the read write users have been removed, restart the SNMP service:

$ sudo systemctl restart snmpd

Rationale

Certain SNMP settings can permit users to execute system behaviors from user writes to the community strings. This may permit a compromised account to execute commands on a remote system.

Ensure Default SNMP Password Is Not Used

snmpd_not_default_password

Description

Edit /etc/snmp/snmpd.conf, remove or change the default community strings of public and private. This profile configures new read-only community string to $var_snmpd_ro_string and read-write community string to $var_snmpd_rw_string. Once the default community strings have been changed, restart the SNMP service:

$ sudo systemctl restart snmpd

Rationale

Whether active or not, default simple network management protocol (SNMP) community strings must be changed to maintain security. If the service is running with the default authenticators, then anyone can gather data about the system and the network and use the information to potentially compromise the integrity of the system and network(s).

Configure SNMP Service to Use Only SNMPv3 or Newer

snmpd_use_newer_protocol

Description

Edit /etc/snmp/snmpd.conf, removing any references to rocommunity, rwcommunity, or com2sec. Upon doing that, restart the SNMP service:

$ sudo systemctl restart snmpd

Rationale

Earlier versions of SNMP are considered insecure, as they potentially allow unauthorized access to detailed system management information.