CSAPP_SNMPAGENT_PUBLIC_COMMUNITY
- Description:
- Checks to see if the SNMP agent has been configured with a community name of public.
- Reason for check:
- The community name of public is a well-known name and should not be used with community-based
security because of security considerations. The community name can be defined by one of the
following methods:
- Specify the -c start parameter.
- Configure a PW.SRC configuration file.
- Configure the COMMUNITY or SNMP_COMMUNITY statements in the SNMPD.CONF configuration file.
If you use SNMPTRAP.DEST to configure trap information, the agent uses the hardcoded community name of public in the outbound traps. To configure specific community names for trap destinations, you must convert your SNMPTRAP.DEST information to a SNMPD.CONF configuration file format.
- z/OS® releases the check applies to:
- z/OS V2R1 and later, with the PTFs for APARs PI51640 and OA50122 applied.
- User override of IBM values:
- The following sample shows the defaults for customizable
values for this check. Use this sample to make permanent check
customizations in an HZSPRMxx parmlib member used at
IBM Health Checker for z/OS startup. If you just want a one-time
only update to the check defaults, omit the first line (ADDREPLACE POLICY)
and use the UPDATE statement on a MODIFY hzsproc command.
Note that using non-POLICY UPDATEs in HZSPRMxx can
lead to unexpected results and is therefore not recommended.
ADDREPLACE POLICY[(policyname)] [STATEMENT(name)] UPDATE CHECK(IBMCS,CSAPP_SNMPAGENT_PUBLIC_COMMUNITY) DATE('date_of_the_change') REASON('Your reason for making the update.') ACTIVE SEVERITY(MEDIUM) INTERVAL(ONETIME)
- Debug support:
- No
- Verbose support:
- No
- Parameters accepted:
- No
- Reference:
- For more information on configuring community names, see the following sections in
z/OS Communications Server: IP Configuration Reference:
- OSNMPD parameters
- PW.SRC statement syntax
- COMMUNITY entry
- SNMP_COMMUNITY entry
- Migrating the PW.SRC file and SNMPTRAP.DEST file to the SNMPD.CONF file
- Messages:
- This check issues the following exception messages:
- ISTH034E
- SECLABEL recommended for multilevel security users:
- SYSLOW - see z/OS Planning for Multilevel Security and the Common Criteria for information on using SECLABELs.