From d4f5668004fbca92108ae0a345d4223fe6aefeed Mon Sep 17 00:00:00 2001 From: harti Date: Tue, 10 Jan 2006 11:49:26 +0000 Subject: Vendor fix: make the default read and write communities NULL. This basically disables any access unless other strings are set in the config file. Note, that there is no way to set the communities back to NULL once they're set to something not NULL. --- contrib/bsnmp/snmpd/main.c | 4 ++-- contrib/bsnmp/snmpd/snmpd.config | 16 +++++++++++++++- 2 files changed, 17 insertions(+), 3 deletions(-) (limited to 'contrib/bsnmp') diff --git a/contrib/bsnmp/snmpd/main.c b/contrib/bsnmp/snmpd/main.c index 37ae33e..02ae93e 100644 --- a/contrib/bsnmp/snmpd/main.c +++ b/contrib/bsnmp/snmpd/main.c @@ -1462,8 +1462,8 @@ main(int argc, char *argv[]) /* * Get standard communities */ - (void)comm_define(1, "SNMP read", NULL, "public"); - (void)comm_define(2, "SNMP write", NULL, "public"); + (void)comm_define(1, "SNMP read", NULL, NULL); + (void)comm_define(2, "SNMP write", NULL, NULL); community = COMM_INITIALIZE; trap_reqid = reqid_allocate(512, NULL); diff --git a/contrib/bsnmp/snmpd/snmpd.config b/contrib/bsnmp/snmpd/snmpd.config index 8de767c..4b018e8 100644 --- a/contrib/bsnmp/snmpd/snmpd.config +++ b/contrib/bsnmp/snmpd/snmpd.config @@ -42,6 +42,8 @@ traphost := noc.bar.com trapport := 162 read := "public" +# Uncomment the line below that sets the community string +# to enable write access. write := "geheim" trap := "mytrap" @@ -52,8 +54,20 @@ trap := "mytrap" begemotSnmpdDebugDumpPdus = 2 begemotSnmpdDebugSyslogPri = 7 +# +# Set the read and write communities. +# +# The default value of the community strings is NULL (note, that this is +# different from the empty string). This disables both read and write access. +# To enable read access only the read community string must be set. Setting +# the write community string enables both read and write access with that +# string. +# +# Be sure to understand the security implications of SNMPv2 - the community +# strings are readable on the wire! +# begemotSnmpdCommunityString.0.1 = $(read) -begemotSnmpdCommunityString.0.2 = $(write) +# begemotSnmpdCommunityString.0.2 = $(write) begemotSnmpdCommunityDisable = 1 # open standard SNMP ports -- cgit v1.1