|
 |
fe0dde |
From 7843a356be24c8b5c3cb148658d0420988dc3f9c Mon Sep 17 00:00:00 2001
|
|
|
fe0dde |
From: Gabriel Becker <ggasparb@redhat.com>
|
|
|
fe0dde |
Date: Thu, 8 Oct 2020 11:02:55 +0200
|
|
|
fe0dde |
Subject: [PATCH] Remove platform net-snmp from the group and use it in
|
|
|
fe0dde |
individual rules.
|
|
|
fe0dde |
|
|
|
fe0dde |
---
|
|
|
fe0dde |
linux_os/guide/services/snmp/snmp_configure_server/group.yml | 1 -
|
|
|
fe0dde |
.../snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml | 2 ++
|
|
|
fe0dde |
.../snmp_configure_server/snmpd_not_default_password/rule.yml | 2 ++
|
|
|
fe0dde |
.../snmp_configure_server/snmpd_use_newer_protocol/rule.yml | 2 ++
|
|
|
fe0dde |
4 files changed, 6 insertions(+), 1 deletion(-)
|
|
|
fe0dde |
|
|
|
fe0dde |
diff --git a/linux_os/guide/services/snmp/snmp_configure_server/group.yml b/linux_os/guide/services/snmp/snmp_configure_server/group.yml
|
|
|
fe0dde |
index 8052ade2f6..c5a3fd75a1 100644
|
|
|
fe0dde |
--- a/linux_os/guide/services/snmp/snmp_configure_server/group.yml
|
|
|
fe0dde |
+++ b/linux_os/guide/services/snmp/snmp_configure_server/group.yml
|
|
|
fe0dde |
@@ -18,4 +18,3 @@ description: |-
|
|
|
fe0dde |
ensure that permissions on the <tt>snmpd.conf</tt> configuration file (by default, in <tt>/etc/snmp</tt>) are 640 or more restrictive
|
|
|
fe0dde |
ensure that any MIB files' permissions are also 640 or more restrictive
|
|
|
fe0dde |
|
|
|
fe0dde |
-platform: net-snmp
|
|
|
fe0dde |
diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml
|
|
|
fe0dde |
index 6bf32ef62e..e50eaa9f4e 100644
|
|
|
fe0dde |
--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml
|
|
|
fe0dde |
+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml
|
|
|
fe0dde |
@@ -27,3 +27,5 @@ ocil: |-
|
|
|
fe0dde |
To ensure there are no read-write users, run the following command:
|
|
|
fe0dde |
$ sudo grep -v "^#" /etc/snmp/snmpd.conf| grep 'rwuser'
|
|
|
fe0dde |
There should be no output.
|
|
|
fe0dde |
+
|
|
|
fe0dde |
+platform: net-snmp
|
|
|
fe0dde |
diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml
|
|
|
fe0dde |
index 72d2495713..43c6c38b70 100644
|
|
|
fe0dde |
--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml
|
|
|
fe0dde |
+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml
|
|
|
fe0dde |
@@ -45,3 +45,5 @@ ocil: |-
|
|
|
fe0dde |
To ensure the default password is not set, run the following command:
|
|
|
fe0dde |
$ sudo grep -v "^#" /etc/snmp/snmpd.conf| grep -E 'public|private'
|
|
|
fe0dde |
There should be no output.
|
|
|
fe0dde |
+
|
|
|
fe0dde |
+platform: net-snmp
|
|
|
fe0dde |
diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml
|
|
|
fe0dde |
index d10939d2e9..e128d64390 100644
|
|
|
fe0dde |
--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml
|
|
|
fe0dde |
+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml
|
|
|
fe0dde |
@@ -30,3 +30,5 @@ ocil: |-
|
|
|
fe0dde |
To ensure only SNMPv3 or newer is used, run the following command:
|
|
|
fe0dde |
$ sudo grep 'rocommunity\|rwcommunity\|com2sec' /etc/snmp/snmpd.conf | grep -v "^#"
|
|
|
fe0dde |
There should be no output.
|
|
|
fe0dde |
+
|
|
|
fe0dde |
+platform: net-snmp
|