Ensure Default SNMP Password Is Not Used
An XCCDF Rule
Description
Edit /etc/snmp/snmpd.conf
, remove or change the default community strings of
public
and private
.
This profile configures new read-only community string to
and read-write community string to
.
Once the default community strings have been changed, restart the SNMP service:
$ sudo service snmpd restart
Rationale
Whether active or not, default simple network management protocol (SNMP) community strings must be changed to maintain security. If the service is running with the default authenticators, then anyone can gather data about the system and the network and use the information to potentially compromise the integrity of the system and network(s).
- ID
- xccdf_org.ssgproject.content_rule_snmpd_not_default_password
- Severity
- High
- References
- Updated