4.5.5.1 SNMP - disable private community string

Information

If snmpd is required within the environment, disable the private community string.

Rationale:

In AIX, two SNMP community names, private and system, are enabled with read/write privileges, but are allowed access only from localhost connections. As these SNMP names are the default, they must not be used. Any SNMP community name should be a combination of letters, numbers and special characters to enhance security.

Solution

Create a backup of /etc/snmpd.conf:

cp -p /etc/snmpd.conf /etc/snmpd.conf.pre_cis

Edit the file:

vi /etc/snmpd.conf

Comment out the private entry:

#community private 127.0.0.1 255.255.255.255 readWrite

Default Value:

Commented in

Additional Information:

Reversion:

Copy back the original /etc/snmpd.conf file:

cp -p /etc/snmpd.conf.pre_cis /etc/snmpd.conf

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5c.

Plugin: Unix

Control ID: 0cf4036f5628428e36e7ce0afb49f7c0db3215900fa76c4d6019e44da14d0c71