Date: Tue, 31 Oct 2006 12:28:24 +0100 (CET) From: Harti Brandt <hartmut.brandt@dlr.de> To: "Bjoern A. Zeeb" <bz@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc snmpd.config Message-ID: <20061031122403.G60872@knop-beagle.kn.op.dlr.de> In-Reply-To: <20061031110323.G2462@maildrop.int.zabbadoz.net> References: <200610311023.k9VANT8T061367@repoman.freebsd.org> <20061031110323.G2462@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 31 Oct 2006, Bjoern A. Zeeb wrote: BAZ>On Tue, 31 Oct 2006, Hartmut Brandt wrote: BAZ> BAZ>> harti 2006-10-31 10:23:28 UTC BAZ>> BAZ>> FreeBSD src repository BAZ>> BAZ>> Modified files: BAZ>> etc snmpd.config BAZ>> Log: BAZ>> Bind to INADDR_ANY in the default configuration. This makes bsnmpd(1) BAZ>> automatically work on multi-homed hosts and without explicite BAZ>> specification BAZ>> of the hostname in the config file. BAZ>> BAZ>> Submitted by: jmg BAZ>> BAZ>> Revision Changes Path BAZ>> 1.7 +1 -3 src/etc/snmpd.config BAZ> BAZ>haeh - I think what we (jmg, glebius and me) had agreed on on IRC was BAZ>default bind should be on 'localhost' with a commented out sample BAZ>for 0/0. And the bogus$(host) should be dropped. Well, if you've agreed, then you should probably commit it. Locks ok for me too. BAZ>Binding to 0/0 by default just exposes bsnmpd to the world with a BAZ>default secret if blindly enabled which is not a too good idea(tm). Well, at least there is no write community set, so the amount of damage is limited. Also, normally SNMPv[12] should be firewalled. Of course, this does not help if you run SNMP on your firewall. In any case, go ahead and commit. harti
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061031122403.G60872>