Ensure SNMP Read Write is disabled

An XCCDF Rule

Details
Profiles
Prose

Description

Edit /etc/snmp/snmpd.conf, remove any rwuser entries. Once the read write users have been removed, restart the SNMP service:

$ sudo service snmpd restart

Rationale

Certain SNMP settings can permit users to execute system behaviors from user writes to the community strings. This may permit a compromised account to execute commands on a remote system.

ID: xccdf_org.ssgproject.content_rule_snmpd_no_rwusers
Severity: Medium
Updated: about 1 year ago

# Remediation is applicable only in certain platforms
if rpm --quiet -q net-snmp; then

if grep -s "rwuser" /etc/snmp/snmpd.conf | grep -qv "^#"; then
	sed -i "/^\s*#/b;/rwuser/ s/^/#/" /etc/snmp/snmpd.conf
fi
else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Ensure SNMP Read Write is disabled

Description

Rationale

Remediation - Shell Script