Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 4 Nov 2006 12:46:19 +0000
From:      Ceri Davies <ceri@submonkey.net>
To:        Harti Brandt <harti@freebsd.org>
Cc:        cvs-src@FreeBSD.org, "Bjoern A. Zeeb" <bz@FreeBSD.org>, cvs-all@FreeBSD.org, src-committers@FreeBSD.org
Subject:   Re: cvs commit: src/etc snmpd.config
Message-ID:  <20061104124619.GT36592@submonkey.net>
In-Reply-To: <20061031122403.G60872@knop-beagle.kn.op.dlr.de>
References:  <200610311023.k9VANT8T061367@repoman.freebsd.org> <20061031110323.G2462@maildrop.int.zabbadoz.net> <20061031122403.G60872@knop-beagle.kn.op.dlr.de>
next in thread | previous in thread | raw e-mail | index | archive | help 

--2IK6idz0sKKouFF6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 31, 2006 at 12:28:24PM +0100, Harti Brandt wrote:
> On Tue, 31 Oct 2006, Bjoern A. Zeeb wrote:
>=20
> BAZ>On Tue, 31 Oct 2006, Hartmut Brandt wrote:
> BAZ>
> BAZ>> harti       2006-10-31 10:23:28 UTC
> BAZ>>=20
> BAZ>>  FreeBSD src repository
> BAZ>>=20
> BAZ>>  Modified files:
> BAZ>>    etc                  snmpd.config
> BAZ>>  Log:
> BAZ>>  Bind to INADDR_ANY in the default configuration. This makes bsnmpd=
(1)
> BAZ>>  automatically work on multi-homed hosts and without explicite
> BAZ>> specification
> BAZ>>  of the hostname in the config file.
> BAZ>>=20
> BAZ>>  Submitted by:   jmg
> BAZ>>=20
> BAZ>>  Revision  Changes    Path
> BAZ>>  1.7       +1 -3      src/etc/snmpd.config
> BAZ>
> BAZ>haeh - I think what we (jmg, glebius and me) had agreed on on IRC was
> BAZ>default bind should be on 'localhost' with a commented out sample
> BAZ>for 0/0.  And the bogus$(host) should be dropped.
>=20
> Well, if you've agreed, then you should probably commit it. Locks ok for=
=20
> me too.
>=20
> BAZ>Binding to 0/0 by default just exposes bsnmpd to the world with a
> BAZ>default secret if blindly enabled which is not a too good idea(tm).
>=20
> Well, at least there is no write community set, so the amount of damage i=
s=20
> limited. Also, normally SNMPv[12] should be firewalled. Of course, this=
=20
> does not help if you run SNMP on your firewall.
>=20
> In any case, go ahead and commit.

Did you two decide to leave this be, or is the change still pending on
something?

Ceri
--=20
That must be wonderful!  I don't understand it at all.
                                                  -- Moliere

--2IK6idz0sKKouFF6
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFFTIubocfcwTS3JF8RAu8VAJ9Cc3c3+4oxdeuDxjycl1DflXirmQCeJOzi
yT5UgAmtpfE2RJzoIFp6sRs=
=uTv+
-----END PGP SIGNATURE-----

--2IK6idz0sKKouFF6--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061104124619.GT36592>