Re: snmp & security
From: Seth Arnold (sarnold@marcelothewonderpenguin.com)Date: 11/15/01
- Previous message: Michael H. Warfield: "Re: disable 'su' for normal users"
- In reply to: Steffen Dettmer: "Re: snmp & security"
- Next in thread: Thomas Knop: "Re: snmp & security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 15 Nov 2001 11:34:23 -0800 From: Seth Arnold <sarnold@marcelothewonderpenguin.com> To: focus-linux@securityfocus.com Subject: Re: snmp & security Message-ID: <20011115113423.V1108@wirex.com>
On Thu, Nov 15, 2001 at 11:43:34AM +0100, Steffen Dettmer wrote:
> With xqsss2 as community. But I never found if this is secure or
> not. Instead of ".1" you should specify as much of the MIB you
> can, in that case no other MIBs should be requestable.
It depends entirely upon your definition of 'secure'. :)
If all the data in the snmp system is readonly, and fine to be public
knowledge, this isn't so bad.
However, one still has those pesky bufferoverflows in snmp daemons. So,
be sure you don't mind people running arbitrary code as whatever user
runs your snmp daemons. Making sure there are no files writable to the
snmp daemon is a good first step. :)
Have fun
-- The Bill of Rights: 7 out of 10 rights haven't been sold yet! Contact your congressman for details how *you* can buy one today!
- application/pgp-signature attachment: stored
- Previous message: Michael H. Warfield: "Re: disable 'su' for normal users"
- In reply to: Steffen Dettmer: "Re: snmp & security"
- Next in thread: Thomas Knop: "Re: snmp & security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
