RE: sending V3 traps with trapsess
This is a discussion on RE: sending V3 traps with trapsess within the SNMP Users forums, part of the Networking and Network Related category; Dave, I am concerned that there is a security risk involved with adding such trapsess commands into the world readable /...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-10-2008
|
|||
|
|||
RE: sending V3 traps with trapsess
Dave,
I am concerned that there is a security risk involved with adding such trapsess commands into the world readable /etc/snmp/snmpd.conf file. Is there a way to suppress the printing of the passwords in this file or to include it in the /var/net-snmp location instead... or should we just make the /etc/snmp/snmpd.conf readable only by root? Thanks, Josh -----Original Message----- From: Josh Bers [mailto:jbers@bbn.com] Sent: Thursday, April 03, 2008 2:43 PM To: 'Dave Shield' Cc: 'net-snmp-users@lists.sourceforge.net' Subject: RE: sending V3 traps with trapsess Dave, OK, I will be upgrading shortly to net-snmp 5.3.1. Would you expect with that version that the following trapsess will use the authoritative engineID of the currently running snmpd process when sending traps to <target-manager>? trapsess -v 3 -u snmproot -a MD5 -A <rootAuthPass> -l authPriv -x DES -X <rootPrivPass> <target-manager> Josh -----Original Message----- From: net-snmp-users-bounces@lists.sourceforge.net [mailto:net-snmp-users-bounces@lists.sourceforge.net] On Behalf Of Dave Shield Sent: Wednesday, April 02, 2008 3:09 PM To: Josh Bers Cc: net-snmp-users@lists.sourceforge.net Subject: Re: sending V3 traps with trapsess On 02/04/2008, Josh Bers <jbers@bbn.com> wrote: > I am seeing strange behavior when configuring snmpd to send traps using > trapsess command in the snmpd.conf file. > > When I don't specify an engineID explicitly it attempts to do discovery even > though I am not asking for INFORMS! > I am using version 5.1.2. Does anyone know if this has been fixed > on later versions? I've just tried this with both the current development code, and the 5.2.x line. In both cases, the agent sends the trap immediately, with no engine probe. I don't have a 5.1.x version immediately accessible, but I seem to remember something being added a while back to delay the engine probe for an SNMPv3 session until it was actually needed. So I suspect that this problem has indeed been fixed in later releases. Please note that the 5.1.x line was closed down about two years ago. We would *strongly* recommend that you upgrade to a more recent version. Dave ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216...et/marketplace _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/...net-snmp-users ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757...un.com/javaone _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/...net-snmp-users 
|
Linear Mode
