From owner-cvs-all@FreeBSD.ORG Sat Nov 4 12:46:20 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D597316A599; Sat, 4 Nov 2006 12:46:20 +0000 (UTC) (envelope-from ceri@submonkey.net) Received: from shrike.submonkey.net (cpc2-cdif2-0-0-cust107.cdif.cable.ntl.com [81.104.168.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21A6743D60; Sat, 4 Nov 2006 12:46:20 +0000 (GMT) (envelope-from ceri@submonkey.net) Received: from ceri by shrike.submonkey.net with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GgKuh-000CGF-Az; Sat, 04 Nov 2006 12:46:19 +0000 Date: Sat, 4 Nov 2006 12:46:19 +0000 From: Ceri Davies To: Harti Brandt Message-ID: <20061104124619.GT36592@submonkey.net> Mail-Followup-To: Ceri Davies , Harti Brandt , "Bjoern A. Zeeb" , src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org References: <200610311023.k9VANT8T061367@repoman.freebsd.org> <20061031110323.G2462@maildrop.int.zabbadoz.net> <20061031122403.G60872@knop-beagle.kn.op.dlr.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2IK6idz0sKKouFF6" Content-Disposition: inline In-Reply-To: <20061031122403.G60872@knop-beagle.kn.op.dlr.de> X-PGP: finger ceri@FreeBSD.org User-Agent: Mutt/1.5.13 (2006-08-11) Sender: Ceri Davies Cc: cvs-src@FreeBSD.org, "Bjoern A. Zeeb" , cvs-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: cvs commit: src/etc snmpd.config X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Nov 2006 12:46:21 -0000 --2IK6idz0sKKouFF6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 31, 2006 at 12:28:24PM +0100, Harti Brandt wrote: > On Tue, 31 Oct 2006, Bjoern A. Zeeb wrote: >=20 > BAZ>On Tue, 31 Oct 2006, Hartmut Brandt wrote: > BAZ> > BAZ>> harti 2006-10-31 10:23:28 UTC > BAZ>>=20 > BAZ>> FreeBSD src repository > BAZ>>=20 > BAZ>> Modified files: > BAZ>> etc snmpd.config > BAZ>> Log: > BAZ>> Bind to INADDR_ANY in the default configuration. This makes bsnmpd= (1) > BAZ>> automatically work on multi-homed hosts and without explicite > BAZ>> specification > BAZ>> of the hostname in the config file. > BAZ>>=20 > BAZ>> Submitted by: jmg > BAZ>>=20 > BAZ>> Revision Changes Path > BAZ>> 1.7 +1 -3 src/etc/snmpd.config > BAZ> > BAZ>haeh - I think what we (jmg, glebius and me) had agreed on on IRC was > BAZ>default bind should be on 'localhost' with a commented out sample > BAZ>for 0/0. And the bogus$(host) should be dropped. >=20 > Well, if you've agreed, then you should probably commit it. Locks ok for= =20 > me too. >=20 > BAZ>Binding to 0/0 by default just exposes bsnmpd to the world with a > BAZ>default secret if blindly enabled which is not a too good idea(tm). >=20 > Well, at least there is no write community set, so the amount of damage i= s=20 > limited. Also, normally SNMPv[12] should be firewalled. Of course, this= =20 > does not help if you run SNMP on your firewall. >=20 > In any case, go ahead and commit. Did you two decide to leave this be, or is the change still pending on something? Ceri --=20 That must be wonderful! I don't understand it at all. -- Moliere --2IK6idz0sKKouFF6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFTIubocfcwTS3JF8RAu8VAJ9Cc3c3+4oxdeuDxjycl1DflXirmQCeJOzi yT5UgAmtpfE2RJzoIFp6sRs= =uTv+ -----END PGP SIGNATURE----- --2IK6idz0sKKouFF6--