Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
SNMP must be configured properly.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-63275 | ESXI-06-000053 | SV-77765r1_rule | Medium |
| Description |
|---|
| If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can then use this information to plan an attack. |
| STIG | Date |
|---|---|
| VMware vSphere ESXi 6.0 Security Technical Implementation Guide | 2017-07-11 |
Details
| Check Text ( C-64009r1_chk ) |
|---|
| From a PowerCLI command prompt while connected to the ESXi host run the following command: Get-VMHostSnmp | Select * or From a console or ssh session run the follow command: esxcli system snmp get If SNMP is not in use and is enabled, this is a finding. If SNMP is enabled and "read only communities" is set to public, this is a finding. If SNMP is enabled and is not using v3 targets, this is a finding. Note: SNMP v3 targets can only be viewed and configured from the esxcli command. |
| Fix Text (F-69193r1_fix) |
|---|
| To disable SNMP run the following command from a PowerCLI command prompt while connected to the ESXi Host: Get-VMHostSnmp | Set-VMHostSnmp -Enabled $false or From a console or ssh session run the follow command: esxcli system snmp set -e no To configure SNMP for v3 targets use the "esxcli system snmp set" command set. |