Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must ensure proper SNMP configuration.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-OS-99999-ESXI5-000144 | SRG-OS-99999-ESXI5-000144 | SRG-OS-99999-ESXI5-000144_rule | Medium |
| Description |
|---|
| If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can then use this information to plan an attack. SNMP must be configured on each ESXi host using Power/v CLI. vSphere PowerCLI is a command line tool used to automate vSphere management. PowerCLI is distributed as a Windows PowerShell snapin, and includes 300+ PowerShell cmdlets and use documentation. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-SRG-OS-99999-ESXI5-000144_chk ) |
|---|
| From the Power/v CLI, run: "vicfg-snmp.pl --server If SNMP is not being used and "enabled" = 1, this is a finding. If the read-only community name is set to "public", this is a finding. If the read-write community name is set to private, this is a finding. |
| Fix Text (F-SRG-OS-99999-ESXI5-000144_fix) |
|---|
| If SNMP is not being used, configure "enabled" = 0. From the Power/v CLI, execute "vicfg-snmp.pl --server If SNMP is being used, ensure the community name is configured: From the vSphere CLI, type "vicfg-snmp.pl --server hostname --username To enable SNMP from the vSphere CLI, type. # vicfg-snmp.pl --server |