From owner-cvs-src@FreeBSD.ORG  Tue Oct 31 11:28:36 2006
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9EC0816A4A7;
	Tue, 31 Oct 2006 11:28:36 +0000 (UTC)
	(envelope-from Hartmut.Brandt@dlr.de)
Received: from smtp-1.dlr.de (smtp-1.dlr.de [195.37.61.185])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1FDE943D7F;
	Tue, 31 Oct 2006 11:28:24 +0000 (GMT)
	(envelope-from Hartmut.Brandt@dlr.de)
Received: from knop-beagle.kn.op.dlr.de ([129.247.173.6]) by smtp-1.dlr.de
	over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); 
	Tue, 31 Oct 2006 12:28:22 +0100
Date: Tue, 31 Oct 2006 12:28:24 +0100 (CET)
From: Harti Brandt <hartmut.brandt@dlr.de>
X-X-Sender: brandt_h@knop-beagle.kn.op.dlr.de
To: "Bjoern A. Zeeb" <bz@FreeBSD.org>
In-Reply-To: <20061031110323.G2462@maildrop.int.zabbadoz.net>
Message-ID: <20061031122403.G60872@knop-beagle.kn.op.dlr.de>
References: <200610311023.k9VANT8T061367@repoman.freebsd.org>
	<20061031110323.G2462@maildrop.int.zabbadoz.net>
X-OpenPGP-Key: harti@freebsd.org
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-OriginalArrivalTime: 31 Oct 2006 11:28:22.0998 (UTC)
	FILETIME=[AC94D760:01C6FCDF]
Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/etc snmpd.config
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Harti Brandt <harti@freebsd.org>
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2006 11:28:36 -0000

On Tue, 31 Oct 2006, Bjoern A. Zeeb wrote:

BAZ>On Tue, 31 Oct 2006, Hartmut Brandt wrote:
BAZ>
BAZ>> harti       2006-10-31 10:23:28 UTC
BAZ>> 
BAZ>>  FreeBSD src repository
BAZ>> 
BAZ>>  Modified files:
BAZ>>    etc                  snmpd.config
BAZ>>  Log:
BAZ>>  Bind to INADDR_ANY in the default configuration. This makes bsnmpd(1)
BAZ>>  automatically work on multi-homed hosts and without explicite
BAZ>> specification
BAZ>>  of the hostname in the config file.
BAZ>> 
BAZ>>  Submitted by:   jmg
BAZ>> 
BAZ>>  Revision  Changes    Path
BAZ>>  1.7       +1 -3      src/etc/snmpd.config
BAZ>
BAZ>haeh - I think what we (jmg, glebius and me) had agreed on on IRC was
BAZ>default bind should be on 'localhost' with a commented out sample
BAZ>for 0/0.  And the bogus$(host) should be dropped.

Well, if you've agreed, then you should probably commit it. Locks ok for 
me too.

BAZ>Binding to 0/0 by default just exposes bsnmpd to the world with a
BAZ>default secret if blindly enabled which is not a too good idea(tm).

Well, at least there is no write community set, so the amount of damage is 
limited. Also, normally SNMPv[12] should be firewalled. Of course, this 
does not help if you run SNMP on your firewall.

In any case, go ahead and commit.

harti