Check: OL6-00-000340
Oracle Linux 6 STIG:
OL6-00-000340
(in versions v2 r7 through v1 r9)
Title
The snmpd service must use only SNMP protocol version 3 or newer. (Cat II impact)
Discussion
Earlier versions of SNMP are considered insecure, as they potentially allow unauthorized access to detailed system management information.
Check Content
To ensure only SNMPv3 or newer is used, run the following command: # grep 'v1\|v2c\|com2sec' /etc/snmp/snmpd.conf | grep -v '^#' There should be no output. If there is output, this is a finding.
Fix Text
Edit "/etc/snmp/snmpd.conf", removing any references to "v1", "v2c", or "com2sec". Upon doing that, restart the SNMP service: # service snmpd restart
Additional Identifiers
Rule ID: SV-209042r793763_rule
Vulnerability ID: V-209042
Group Title: SRG-OS-000480
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
CM-6 |
Configuration Settings |