Date: Tue, 31 Oct 2006 12:28:24 +0100 (CET) From: Harti Brandt <hartmut.brandt@dlr.de> To: "Bjoern A. Zeeb" <bz@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc snmpd.config Message-ID: <20061031122403.G60872@knop-beagle.kn.op.dlr.de> In-Reply-To: <20061031110323.G2462@maildrop.int.zabbadoz.net> References: <200610311023.k9VANT8T061367@repoman.freebsd.org> <20061031110323.G2462@maildrop.int.zabbadoz.net>
index | next in thread | previous in thread | raw e-mail
On Tue, 31 Oct 2006, Bjoern A. Zeeb wrote: BAZ>On Tue, 31 Oct 2006, Hartmut Brandt wrote: BAZ> BAZ>> harti 2006-10-31 10:23:28 UTC BAZ>> BAZ>> FreeBSD src repository BAZ>> BAZ>> Modified files: BAZ>> etc snmpd.config BAZ>> Log: BAZ>> Bind to INADDR_ANY in the default configuration. This makes bsnmpd(1) BAZ>> automatically work on multi-homed hosts and without explicite BAZ>> specification BAZ>> of the hostname in the config file. BAZ>> BAZ>> Submitted by: jmg BAZ>> BAZ>> Revision Changes Path BAZ>> 1.7 +1 -3 src/etc/snmpd.config BAZ> BAZ>haeh - I think what we (jmg, glebius and me) had agreed on on IRC was BAZ>default bind should be on 'localhost' with a commented out sample BAZ>for 0/0. And the bogus$(host) should be dropped. Well, if you've agreed, then you should probably commit it. Locks ok for me too. BAZ>Binding to 0/0 by default just exposes bsnmpd to the world with a BAZ>default secret if blindly enabled which is not a too good idea(tm). Well, at least there is no write community set, so the amount of damage is limited. Also, normally SNMPv[12] should be firewalled. Of course, this does not help if you run SNMP on your firewall. In any case, go ahead and commit. hartihome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061031122403.G60872>