UCF STIG Viewer Logo

The SNMP service must require the use of a FIPS 140-2 approved cryptographic hash algorithm as part of its authentication and integrity methods.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22448 GEN005306 SV-37693r1_rule DCNR-1 Medium
Description
The SNMP service must use SHA-1 or a FIPS 140-2 approved successor for authentication and integrity.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2017-03-01

Details

Check Text ( C-36890r1_chk )
Verify the SNMP daemon uses SHA for SNMPv3 users.

Procedure:
Examine the default install location /etc/snmp/snmpd.conf
or:
# find / -name snmpd.conf

# grep -v '^#' | grep -i createuser | grep -vi SHA
If any line is present this is a finding.
Fix Text (F-31971r1_fix)
Edit /etc/snmp/snmpd.conf and add the SHA keyword for any create user statement without one.
Restart the SNMP service.
# service snmpd restart