[Pkg-net-snmp-devel] Bug#587460: snmpd should not bind to localhost by default
Jochen Friedrich
jochen at scram.de
Fri Aug 26 12:45:11 UTC 2011
Hi Marco,
> Are there any news?
>
> On Jun 28, Marco d'Itri<md at Linux.IT> wrote:
>
>> Package: snmpd
>>
>> On Jun 28, Jochen Friedrich<jochen at scram.de> wrote:
>>
>>>> What is the point? Who installs snmpd to only use it locally?
>>> snmpd might be installed by a dependency, e.g. by quagga.
>> I don't think so. quagga only suggests snmpd, so it cannot be installed
>> by mistake. The list of packages Recommending or Depending on snmpd is
>> very short and they look reasonable.
>> How did you come to conclude that more people install snmpd by mistake
>> than because they actually want to use it?
>> Daemons should be installed with the configuration which would be useful
>> for the largest number of users.
>>
>> --
>> ciao,
>> Marco
I aggree that the bind to 127.0.0.1 can finally disappear in
/etc/default/net-snmp as this bind is now done in the sample snmpd.conf
shipped by upstream.
However, I still believe that there shouldn't be any unconfigured snmpd
deamons reachable from outside. You need to specify at least a basic set
of ACLs or even better some user name and sign / encryption password for
access of SNMP MIBs.
Thanks,
Jochen
More information about the Pkg-net-snmp-devel
mailing list