ESXi : config-snmp

Information

Ensure proper SNMP configuration.
If SNMP is not being used, it should remain disabled. If it is being used, the proper trap destination should be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can then use this information to plan an attack. Note: ESXi 5.1 and later supports SNMPv3 which provides stronger security than SNMPv1 or SNMPv2, including key authentication and encryption. Deciding what version of SNMP to use (v1, v2 or v3) is a site specific setting.

http://pubs.vmware.com/vsphere-65/topic/com.vmware.vsphere.monitoring.doc/GUID-8EF36D7D-59B6-4C74-B1AA-4A9D18AB6250.html

http://pubs.vmware.com/vsphere-65/topic/com.vmware.vsphere.security.doc/GUID-4309DE28-AFB6-4B2D-A8EA-A38D36A8C6E6.html

SNMP V3 configuration - http://pubs.vmware.com/vsphere-65/topic/com.vmware.vsphere.monitoring.doc/GUID-2E4B0F2A-11D8-4649-AC6C-99F89CE93026.html

Solution

# Update the host SNMP Configuration (single host connection required)
Get-VmHostSNMP | Set-VMHostSNMP -Enabled:$true -ReadOnlyCommunity 'secret'

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vmware-6-5-update-1-security-configuration-guide.xlsx

Item Details

Category: CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

References: 800-53|CM-7, 800-53|IA-5c.

Plugin: VMware

Control ID: 789f05611b4fd932350a34e2fb230ce1d1ba108f88c1e41597d5fdd264bff311