2.2.13 Ensure net-snmp is not installed

Information

Simple Network Management Protocol (SNMP) is a widely used protocol for monitoring the health and welfare of network equipment, computer equipment and devices like UPSs.

Net-SNMP is a suite of applications used to implement SNMPv1 (RFC 1157), SNMPv2 (RFCs 1901-1908), and SNMPv3 (RFCs 3411-3418) using both IPv4 and IPv6.

Support for SNMPv2 classic (a.k.a. 'SNMPv2 historic' - RFCs 1441-1452) was dropped with the 4.0 release of the UCD-snmp package.

The Simple Network Management Protocol (SNMP) server is used to listen for SNMP commands from an SNMP management system, execute the commands or collect the information and then send results back to the requesting system.

Rationale:

The SNMP server can communicate using SNMPv1, which transmits data in the clear and does not require authentication to execute commands. SNMPv3 replaces the simple/clear text password sharing used in SNMPv2 with more securely encoded parameters. If the the SNMP service is not required, the net-snmp package should be removed to reduce the attack surface of the system.

Note: If SNMP is required:

The server should be configured for SNMP v3 only. User Authentication and Message Encryption should be configured.

If SNMP v2 is absolutely necessary, modify the community strings' values.

Solution

Run the following command to remove net-snmpd:

# yum remove net-snmp

See Also

https://workbench.cisecurity.org/files/3148

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., 800-53|CM-11, CSCv7|2.6, CSCv7|9.2

Plugin: Unix

Control ID: 9887db42bb1bc304b74e397b4f2874be42b1272b41d5d9cbfc1af4184ec946b9