Puppet Class: security_baseline::rules::common::sec_snmpd

Defined in:
manifests/rules/common/sec_snmpd.pp

Summary

Ensure SNMP Server is not enabled (Scored)

Overview

The Simple Network Management Protocol (SNMP) server is used to listen for SNMP commands from an SNMP management system, execute the commands or collect the information and then send results back to the requesting system.

Rationale: The SNMP server can communicate using SNMP v1, which transmits data in the clear and does not require authentication to execute commands. Unless absolutely necessary, it is recommended that the SNMP service not be used. If SNMP is required the server should be configured to disallow SNMP v1.

Examples:

class security_baseline::rules::common::sec_snmpd {
    enforce => true,
    message => 'Test',
    log_level => 'info'
}

Parameters:

  • enforce (Boolean) (defaults to: true)

    Enforce the rule or just test and log

  • message (String) (defaults to: '')

    Message to print into the log

  • log_level (String) (defaults to: '')

    The log_level for the above message



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'manifests/rules/common/sec_snmpd.pp', line 31

class security_baseline::rules::common::sec_snmpd (
  Boolean $enforce = true,
  String $message = '',
  String $log_level = ''
) {
  if($enforce) {

    ensure_resource('service', ['snmpd'], {
      ensure => 'stopped',
      enable => false
    })

  } else {

    if($facts['security_baseline']['services_enabled']['srv_snmpd'] == 'enabled') {
      echo { 'snmpd':
        message  => $message,
        loglevel => $log_level,
        withpath => false,
      }
    }
  }
}