ESXi : config-snmp - 'snmp.receiver.X.enabled

Information

Ensure proper SNMP configuration.
If SNMP is not being used, it should remain disabled. If it is being used, the proper trap destination should be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can then use this information to plan an attack. Note: ESXi 5.1 and later supports SNMPv3 which provides stronger security than SNMPv1 or SNMPv2, including key authentication and encryption.

http://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.monitoring.doc/GUID-8EF36D7D-59B6-4C74-B1AA-4A9D18AB6250.html
http://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.security.doc/GUID-4309DE28-AFB6-4B2D-A8EA-A38D36A8C6E6.html
SNMP V3 configuration - http://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.monitoring.doc/GUID-2E4B0F2A-11D8-4649-AC6C-99F89CE93026.html

Solution

# Update the host SNMP Configuration (single host connection required) -
Get-VmHostSNMP | Set-VMHostSNMP -Enabled:$true -ReadOnlyCommunity 'secret'

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vSphere_6_0_Hardening_Guide_GA_15_Jun_2015.xls

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7

Plugin: VMware

Control ID: 1f4e629683338430347aff7cbb1b8b82fb6bd55523fcd18c45608bdc75ccbf20