On Tue, Oct 31, 2006 at 12:28:24PM +0100, Harti Brandt wrote: > On Tue, 31 Oct 2006, Bjoern A. Zeeb wrote: > > BAZ>On Tue, 31 Oct 2006, Hartmut Brandt wrote: > BAZ> > BAZ>> harti 2006-10-31 10:23:28 UTC > BAZ>> > BAZ>> FreeBSD src repository > BAZ>> > BAZ>> Modified files: > BAZ>> etc snmpd.config > BAZ>> Log: > BAZ>> Bind to INADDR_ANY in the default configuration. This makes bsnmpd(1) > BAZ>> automatically work on multi-homed hosts and without explicite > BAZ>> specification > BAZ>> of the hostname in the config file. > BAZ>> > BAZ>> Submitted by: jmg > BAZ>> > BAZ>> Revision Changes Path > BAZ>> 1.7 +1 -3 src/etc/snmpd.config > BAZ> > BAZ>haeh - I think what we (jmg, glebius and me) had agreed on on IRC was > BAZ>default bind should be on 'localhost' with a commented out sample > BAZ>for 0/0. And the bogus$(host) should be dropped. > > Well, if you've agreed, then you should probably commit it. Locks ok for > me too. > > BAZ>Binding to 0/0 by default just exposes bsnmpd to the world with a > BAZ>default secret if blindly enabled which is not a too good idea(tm). > > Well, at least there is no write community set, so the amount of damage is > limited. Also, normally SNMPv[12] should be firewalled. Of course, this > does not help if you run SNMP on your firewall. > > In any case, go ahead and commit.
Did you two decide to leave this be, or is the change still pending on
something?
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
pgpUllizBnEL3.pgp
Description: PGP signature
