2.2.24 Ensure default SNMP community strings don't exist


SNMP community strings must be changed from the default values.


Whether active or not, default Simple Network Management Protocol (SNMP) community strings must be changed to maintain security. If the service is running with the default authenticators, anyone can gather data about the system and the network and use the information to potentially compromise the integrity of the system or network(s). It is highly recommended that SNMP version 3 user authentication and message encryption be used in place of the version 2 community strings.


If the /etc/snmp/snmpd.conf file exists, modify any lines that contain a community string value of public or private to another string value.
Example: vim /etc/snmp/snmpd.conf
Example of changing the public and private string value:

snmp-server community nEV8rM1ndthi$ RO


This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019

Vul ID: V-72313

Rule ID: SV-86937r2_rule

STIG ID: RHEL-07-040800

Severity: CAT I

See Also


Item Details


References: 800-53|IA-5c.

Plugin: Unix

Control ID: 2128008540c3606ef195f241fc8fea106ea496100baf42c84170994f13c4fcf7