STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-216456r603267_rule
V-216456
SRG-OS-000480
SOL-11.1-080160
CAT I
10
The root role is required.
Change the default snmpd.conf community passwords. To change them, locate the snmpd.conf file and edit it.
# pfedit [filename]
Locate the line system-group-read-community which has a default password of public and make the password something more random (less guessable). Make the same changes for the lines that read system- group-write-community, read-community, write-community, trap, and trap-community. Read the information in the file carefully. The trap is defining who to send traps to, for instance, by default. It is not a password, but the name of a host.
The root role is required.
Check the SNMP configuration for default passwords.
Locate and examine the SNMP configuration.
Procedure:
Find any occurrences of the snmpd.conf file delivered with Solaris packages:
# pkg search -Ho path snmpd.conf | awk '{ print "/"$1 }'
# more [filename]
Identify any community names or user password configurations. If any community name or password is set to a default value, such as public, private, snmp-trap, or password, this is a finding.
V-216456
False
SOL-11.1-080160
The root role is required.
Check the SNMP configuration for default passwords.
Locate and examine the SNMP configuration.
Procedure:
Find any occurrences of the snmpd.conf file delivered with Solaris packages:
# pkg search -Ho path snmpd.conf | awk '{ print "/"$1 }'
# more [filename]
Identify any community names or user password configurations. If any community name or password is set to a default value, such as public, private, snmp-trap, or password, this is a finding.
M
4022