SNMP must be changed from default settings and must be configured on the storage system to provide alerts of critical events that impact system security.
An XCCDF Rule
Description
<VulnDiscussion>Whether active or not, default SNMP passwords, users, and passphrases must be changed to maintain security. If the service is running with the default authenticators, anyone can gather data about the system and the network(s) and use the information to potentially compromise the integrity of the system or network(s). The product must be configured to alert administrators when events occur that may impact system operation or security. The alerting mechanism must support secured options and configurations that can be audited. Satisfies: SRG-OS-000046-GPOS-00022, SRG-OS-000480-GPOS-00227, SRG-OS-000344-GPOS-00135</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-237820r647869_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
To configure SNMPv3 alert notifications, use this sequence of operations to create and enable an SNMPv3 user, and create associated keys for authentication and privacy:
First, create the "3parsnmpuser" on the host with the following command:
cli% createuser 3parsnmpuser all browse