InformationSNMP community strings must be changed from the default values.
Whether active or not, default Simple Network Management Protocol (SNMP) community strings must be changed to maintain security. If the service is running with the default authenticators, anyone can gather data about the system and the network and use the information to potentially compromise the integrity of the system or network(s). It is highly recommended that SNMP version 3 user authentication and message encryption be used in place of the version 2 community strings.
SolutionIf the /etc/snmp/snmpd.conf file exists, modify any lines that contain a community string value of public or private to another string value.
Example: vim /etc/snmp/snmpd.conf
Example of changing the public and private string value:
snmp-server community nEV8rM1ndthi$ RO
This Benchmark recommendation maps to:
Red Hat Enterprise Linux 7 Security Technical Implementation Guide:
Version 2, Release: 3 Benchmark Date: 26 Apr 2019
Vul ID: V-72313
Rule ID: SV-86937r2_rule
STIG ID: RHEL-07-040800
Severity: CAT I