>From e81d3f070eb2e5e8ef44d36f59780ec82155debc Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Wed, 20 Mar 2013 20:00:03 -0400 Subject: [PATCH] ticket 273 - snmp version 3 protocol check content MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
The Check Content section mentions “If there is output, this is a finding” but there are many lines that are commented out by default that the current grep would match. Updated grep to ignore commented lines https://fedorahosted.org/scap-security-guide/ticket/273 --- RHEL6/input/services/snmp.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/RHEL6/input/services/snmp.xml b/RHEL6/input/services/snmp.xml index 594f99a..eff0eb8 100644 --- a/RHEL6/input/services/snmp.xml +++ b/RHEL6/input/services/snmp.xml @@ -78,7 +78,7 @@ Upon doing that, restart the SNMP service: </description> <ocil clause="there is output"> To ensure only SNMPv3 or newer is used, run the following command: -<pre># grep 'v1\|v2c\|com2sec' /etc/snmp/snmpd.conf</pre> +<pre># grep 'v1\|v2c\|com2sec' /etc/snmp/snmpd.conf | grep -v "^#"</pre> There should be no output. </ocil> <rationale> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
