Hi,
To make Tru64 UNIX more secure out of the box, we are looking at a
change in SNMP default configuration for a future release. But we wanted
to gather some opinions, and to be sure the planned change wouldn't
drastically impact anyone's environment.
The proposed change:
The SNMP daemons will be configurable via an /etc/rc.config parameter.
For a new installation, we would ship with SNMP disabled by default.
(SNMP_CONF="no")
Enabling the SNMP daemons would require explicit action on the system
admin's part (changing SNMP_CONF to "yes")
The /etc/snmpd.conf file would still ship with read access enabled for
the public community.
For an update installation, the goal is to leave the system's SNMP
configuration unaltered. If the daemons were started, they would still
be started. /etc/snmpd.conf would not be touched.
Does this present a problem for anyone?
And does anyone depend upon having the public community enabled for read
by default?
Please respond to denise.dumas_at_compaq.com
Thanks,
Denise Dumas
Tru64 UNIX Security team
Received on Tue Jul 17 2001 - 15:17:52 NZST