ESXI-06-000053 - SNMP must be configured properly.

Information

If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can then use this information to plan an attack.

Solution

To disable SNMP run the following command from a PowerCLI command prompt while connected to the ESXi Host:

Get-VMHostSnmp | Set-VMHostSnmp -Enabled $false

or

From a console or ssh session run the follow command:

esxcli system snmp set -e no

To configure SNMP for v3 targets use the 'esxcli system snmp set' command set.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Group-ID|V-63275, Rule-ID|SV-77765r1_rule, STIG-ID|ESXI-06-000053, Vuln-ID|V-63275

Plugin: VMware

Control ID: 8ae543032b26208ca0baceece863a04bd949b32c069f81a77459747e4818165d