[Bug 74896] Forced bind to 127.0.0.1 is "hardcoded' into /etc/default/snmpd instead of option in /etc/snmp/snmpd.conf

Thu, 07 Dec 2006 15:56:34 -0800 

Public bug reported:

Binary package hint: snmpd

I have been struggling to get remote snmp reads from several of my machines. 
/etc/snmp/snmpd.conf was set up correctly. snmpwalk from localhost did work, a 
snmpwalk from a remote host however didn't work.

After lots of debugging, trying etc. I found out that snmpd binds itself to 
127.0.0.1 . Accorder to EVERY faq and manual that I read, the default behaviour 
of snmpd is to listen on every interface.
However, specifying in /etc/snmp/snmpd.conf to force the agent to listen on 
every socket doesn't work. It crashed the server.

It appears that the 127.0.0.1 is "hardcoded" into /etc/default/snmpd. This 
script/settings file is used by the /etc/init.d/snmpd init script. 
The following line is responsible for the 127.0.0.1 bind.
"SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I
-smux -p /var/run/snmpd.pid 127.0.0.1'"

After removing the 127.0.0.1 I could finally query the remote machine.

Dave Shield, one of the developers of net-snmp, confirmed that this way
of starting snmpd indeed binds it to 127.0.0.1

He also confirmed that this is something that probably the Ubuntu Devs changed:
"It's an defensible configuration, but it's not one that many distributions 
use. It's certainly not something that we ship ourselves. "

If it is really necessary to restrict remote snmp acces, I strongly suggest to 
do this by changing the default configuration of snmpd in /etc/snmp/snmpd.conf 
by adding:
 "agentaddress 127.0.0.1"
This results in the same behaviour as adding the 127.0.0.1 to /etc/default/snmpd
 This way, users will see that the default option is to bind to 127.0.0.1 and 
can change this easily.

It is very illogical and not user-friendly to expect the user to find
out that there is a /etc/defaults/snmpd file that is causing the
problem.

Since this is a very easy and also elegant way to solve the problem, I
really hope this change can be made. It would solve a lot of
frustrations for people trying to get snmpd to work.

Summary of proposed changes:

=> /etc/default/snmpd
change "SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I
-smux -p /var/run/snmpd.pid 127.0.0.1'"
to "SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I
-smux -p /var/run/snmpd.pid'"

=> /etc/snmp/snmpd.conf
add "agentaddress 127.0.0.1"

** Affects: net-snmp (Ubuntu)
     Importance: Undecided
         Status: Unconfirmed

-- 
Forced bind to 127.0.0.1 is "hardcoded' into /etc/default/snmpd instead of 
option in /etc/snmp/snmpd.conf
https://launchpad.net/bugs/74896

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to