I'll take a shot at this.

1. For an authoritative reply however, one should probably direct CIS
   questions to CIS.
2. However, any reasonable security posture would have you disable all
   unused services.  This is simply SOP to reduce the attack surface.
3. As for net-snmp specifically, it's always a good idea to check the
   Certs.  But depending on the document you are referencing, that is
   likely just the SNMP package installed on your system by default.
4. And finally, SNMP v1 and v2c are insecure and can potentially
   (depending on configuration) expose sensitive internal information
   to unknown, unauthorized, and unauthenticated actors.
5. If you must use SNMP on a hardened system, use (configure) SNMP v3.


On 19-Apr-2021 3:47 PM, Mike Eggleston wrote:
Why does CIS hardening say to remove the net-snmp package from Linux?

Mike


_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Reply via email to