Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

ucd snmp vacm's public community access auth probs?

From: ruka () MY-DEJANEWS COM (+ +)
Date: Tue, 6 Apr 1999 03:09:55 -0800

I have found a feature in the vacm ucd-snmp v3.52 and v3.6, when setting up snmp services under Linux RH 5.2.

By default, v3.5.2 always delivers the system mib subtree and v3.6 the entire mib tree. Both requests are made with the 
public community name. All the machines capable of connecting to your snmp port, will have access to that information.

Quite contrary to what the documentation says, you can't change this behaviour with the vacm configuration file 
(/etc/snmp/snmpd.conf).

You can try, but it's ignored. I have tried to change v3.5.2, since I needed the entire mib tree for monitoring the 
Linux machines with Netview, under the public community.

A quick and dirty fix for 3.5.2 is changing the source file snmplib/snmp_api.c.

Where you are reading DEFAULT_COMMUNITY "public", change the public string to something hard to guess (and make it 
long, too). After compiling and instaling the modified snmpd, you can configure the public community as you wish.

This quirk doesn't work anymore for v3.6. A workaround for restriting access could be ipchains rules under Linux.

Regards,
Rui

---
Rui Fernando Ferreira Ribeiro
IT Consultant
CASE




-----== Sent via Deja News, The Discussion Network ==-----
http://www.dejanews.com/  Easy access to 50,000+ discussion forums
Previous By Date Next
Previous By Thread Next

Current thread: