Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of OpenEmbedded
Services
SNMP Server
Configure SNMP Server if Necessary
Configure SNMP Server if Necessary
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Configure SNMP Server if Necessary
If it is necessary to run the snmpd agent on the system, some best practices should be followed to minimize the security risk from the installation. The multiple security models implemented by SNMP cannot be fully covered here so only the following general configuration advice can be offered:
use only SNMP version 3 security models and enable the use of authentication and encryption
write access to the MIB (Management Information Base) should be allowed only if necessary
all access to the MIB should be restricted following a principle of least privilege
network access should be limited to the maximum extent possible including restricting to expected network addresses both in the configuration files and in the system firewall rules
ensure SNMP agents send traps only to, and accept SNMP queries only from, authorized management stations
ensure that permissions on the
snmpd.conf
configuration file (by default, in
/etc/snmp
) are 640 or more restrictive
ensure that any MIB files' permissions are also 640 or more restrictive
SNMP read-only community string
Specify the SNMP community string used for read-only access.
SNMP read-write community string
Specify the SNMP community string used for read-write access.