Simple Network Management Protocol (SNMP) must be configured properly on the ESXi host.

An XCCDF Rule

Description

<VulnDiscussion>If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can use this information to plan an attack.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256414r886023_rule
Severity: Medium
References: CCI-000366
Updated: 9 months ago

To disable SNMP from an ESXi shell, run the following command:

# esxcli system snmp set -e no

or
From a PowerCLI command prompt while connected to the ESXi Host:

Get-VMHostSnmp | Set-VMHostSnmp -Enabled $false

To configure SNMP for v3 targets, use the "esxcli system snmp set" command set locally on the host or remotely via PowerCLI.

Simple Network Management Protocol (SNMP) must be configured properly on the ESXi host.

Description

Remediation - Manual Procedure