SNMP write mode is enabled on ESX Server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15858	ESX0590	SV-16799r1_rule		Medium

Description
The Simple Network Management Protocol (SNMP) is an application-layer protocol used for exchanging management information between network devices. There are four types of SNMP commands that may be used to control and monitor managed devices. These include read, write, trap, and traversal operations. The read command is used to monitor devices, while the write command is used to configure devices and change device settings. The trap command is used to "trap" events from the device and report them back to the monitoring system. Traversal operations are used to determine the variables specific devices support. The ESX Server SNMP package is setup by default in a secure configuration. The configuration has a single community string with read-only access which is the default mode. This is denoted by the “ro” community configuration parameter in the configuration file for the master snmpd daemon, snmpd.conf. Furthermore, the UNIX SRR scripts check for proper snmpd.conf and MIB permissions, and snmpd.conf and MIB ownership. They also check to ensure that the default community strings have been changed, and if there is a dedicated SNMP server configured.

Description

The Simple Network Management Protocol (SNMP) is an application-layer protocol used for exchanging management information between network devices. There are four types of SNMP commands that may be used to control and monitor managed devices. These include read, write, trap, and traversal operations. The read command is used to monitor devices, while the write command is used to configure devices and change device settings. The trap command is used to "trap" events from the device and report them back to the monitoring system. Traversal operations are used to determine the variables specific devices support. The ESX Server SNMP package is setup by default in a secure configuration. The configuration has a single community string with read-only access which is the default mode. This is denoted by the “ro” community configuration parameter in the configuration file for the master snmpd daemon, snmpd.conf. Furthermore, the UNIX SRR scripts check for proper snmpd.conf and MIB permissions, and snmpd.conf and MIB ownership. They also check to ensure that the default community strings have been changed, and if there is a dedicated SNMP server configured.

STIG	Date
VMware ESX 3 Server	2016-05-13

Details

Check Text ( C-16215r1_chk )
Log into the ESX Server service console and perform the following. # grep rwcommunity /etc/snmp/snmpd.conf If the command returns a result, then this is a finding.

Fix Text (F-15818r1_fix)
Disable SNMP write mode.