tsystemsmms-secc_snmpd

Release 2.1.0

Repository Puppet Ruby Download

Keywords
snmp, net-snmp, monitoring
License
Apache-2.0
Install
puppet module install tsystemsmms-secc_snmpd --version 2.1.0

Documentation

SNMP Module

Build Status

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Deviations - Possible bypass of requirements
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

Overview

This module provides a partial coverage of the SoC conditions for SNMP under Linux.

Module Description

This module can install and configure SNMP on a Linux system.

Fullfilled Requirements

  • 3.45/1 SNMP must be used in version 3.
    • older version of SNMP do not support secure authentification mechanisms which correspond to today's state of technology
  • 3.45/2 The SNMP Server has to prevent the usage of a too small length of the HMAC
    • many current applications allow the SNMP client to set the length of the HMAC on their own - this represents a potential security vulnerability
  • 3.45/3 Predefined authentication characteristics have to be changed
    • third-party authentication features, such as passwords or cryptographic keys, can not be trusted.
  • 3.45/4 Accounts must be protected against unauthorized use by using at least one authentication feature (token, passwords, PIN's)
  • 3.45/5 When using passwords for authentication, they have to be at least 8 characters long and must include three of the following character types:
    • lowercase letters
    • uppercase letters
    • digits
    • special character
  • 3.45/6 Authentication and encryption must be enabled depending on the protection requirements of the data
  • 3.45/7 Protective information must not be included in files, issues and messages that are accessible to unauthorized users
  • 3.45/8 If customers are contractually granted SNMP access to components managed by the DTAG, it must bed ensured that they are read-only and no vulnerable data of the DTAG can be queried

Possible deviations

  • 3.45/1, 3.45/6 Can be bypassed with the parameter $v2_enabled = true
  • 3.45/5 Can be bypassed with the parameter$enforce_password_security = false

Notable

The requirement 3.45/2 can not be fulfilled configuratively. It refers to an old bug, which is resolved in the current versions (Net-SNMP versions 5.4.1.1, 5.3.2.1, 5.2.4.1, 5.1.4.1, 5.0.11.1 and UCD-SNMP 4.2.7.1).

Usage

  • By using this module, SNMP v1 and v2 will be deactivated and v3 activated using a password and a passphrase.
  • This module has dependencies to puppetlabs/stdlib and puppetlabs/concat

Reference

  • The requirements come from the technical safety requirements 3_45_SNMP.pdf of the PSA procedure

Limitations

  • This module was tested with CentOS6 and CentOS7

Development

  • Please document changes withing the module using git commits
  • Execution of tests: bundler install, bundler exec rake

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
0
Total releases
6
Latest release
First release
Stars
6
Forks
0
Watchers
12
Contributors
8
Repository size
115 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

2.1.0
2.0.2
2.0.1
2.0.0
1.2.0
1.1.0

Contributors

schurzi gunzl1ng3r Martin Neubert szEvEz Sebastian Gumprich michaelamattes rkno82 vmpr


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2019-10-30 20:39:59 UTC

Login to resync this project