GEN005300-ESXI5-000099 - SNMP communities, users, and passphrases must be changed from the default.

Information

Whether active or inactive, default communities, users, and passwords must be changed to maintain security. A service running with default authenticators allows acquisition of data about the system and the network to potentially compromise the integrity of the system or network(s).

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the Power/v CLI, run the (below example) command: >
# vicfg-snmp.pl --server <hostname|IP address> --username <username> --password <password> -E -c <community_name>

In the above example, -E enables the VMware SNMP agent, and -c sets communities to the provided name.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_Server_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Group-ID|V-39247, Rule-ID|SV-250587r798760_rule, STIG-ID|GEN005300-ESXI5-000099, STIG-Legacy|SV-51063, STIG-Legacy|V-39247, Vuln-ID|V-250587

Plugin: VMware

Control ID: 1269a70f39ab2e948883da8fe8e081684d6677cfe8f7950fb6891782aedac16c