net-snmp/README.SuSE

Our net-snmp package was audited by Thomas Biege of the SuSE Security team
prior to the release of CERT Advisory CA-2002-03.  Of course, this
is not a guarantee that future problems will not be found and does not
address flaws and insecurities inherent in software as powerful and
complex as an SNMP implementation.  Because of this we recommend that
SNMP access (161/udp,162/udp) be blocked at your firewall.

There are also some important changes that have been made in this release
of our package:
	o the daemon now sets a PID file in /var/run/ 

	o logging is now done directly to /var/log/net-snmp.log instead
  	of sending stderr/stdout through syslog.  If you don't want logging,
	remove the '-l /var/log/net-snmp.log' from /etc/init.d/snmpd.

	o the daemon is now started with the '-r'.  This option prevents
	snmpd from exiting if it doesn't have permission to read something.
	This only occurs if you start snmpd on a high port as a non-root
	root user.

	o If you need to run snmptrapd, we've provided an example init
	script in /usr/share/doc/packages/net-snmp/rc.snmptrapd.  SNMP
	traps should be avoided whenever possible because they are
	unreliable (you should poll with snmpget instead) and snmptrapd
	has been the source of many of the security problems with snmp
	so please don't run this unless you are sure of what you are doing.
	To install the script,
	  cp rc.snmptrapd /etc/init.d/snmptrapd
	  innserv /etc/init.d/snmptrapd
	  cd /usr/sbin && ln -s ../../etc/init.d/snmptrapd .
	and create a configuration file named /etc/snmptrapd.conf.  Then,
	start the daemon with
	  rcsnmptrapd start
	Logging is done to /var/log/net-snmptrapd.log.	

	o Master agentx support is enabled if you have modules in
	/usr/lib/net-snmp/--the domain socket is created as 
	/var/run/agentx/master.  You can change this to a network
	interface if needed (see snmpd(1)).  The snmpd init script
	automatically detects and starts any sub-agents in placed into
	/var/lib/net-snmp.

More documentation on the net-snmp package can be found in this directory
as well as the project's homepage: http://net-snmp.sourceforge.net/
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/net-snmp?expand=0&rev=1 2007-01-16 00:26:37 +01:00			`Our net-snmp package was audited by Thomas Biege of the SuSE Security team`
			`prior to the release of CERT Advisory CA-2002-03. Of course, this`
			`is not a guarantee that future problems will not be found and does not`
			`address flaws and insecurities inherent in software as powerful and`
			`complex as an SNMP implementation. Because of this we recommend that`
			`SNMP access (161/udp,162/udp) be blocked at your firewall.`

			`There are also some important changes that have been made in this release`
			`of our package:`
			`o the daemon now sets a PID file in /var/run/`

			`o logging is now done directly to /var/log/net-snmp.log instead`
			`of sending stderr/stdout through syslog. If you don't want logging,`
			`remove the '-l /var/log/net-snmp.log' from /etc/init.d/snmpd.`

			`o the daemon is now started with the '-r'. This option prevents`
			`snmpd from exiting if it doesn't have permission to read something.`
			`This only occurs if you start snmpd on a high port as a non-root`
			`root user.`

			`o If you need to run snmptrapd, we've provided an example init`
			`script in /usr/share/doc/packages/net-snmp/rc.snmptrapd. SNMP`
			`traps should be avoided whenever possible because they are`
			`unreliable (you should poll with snmpget instead) and snmptrapd`
			`has been the source of many of the security problems with snmp`
			`so please don't run this unless you are sure of what you are doing.`
			`To install the script,`
			`cp rc.snmptrapd /etc/init.d/snmptrapd`
			`innserv /etc/init.d/snmptrapd`
			`cd /usr/sbin && ln -s ../../etc/init.d/snmptrapd .`
			`and create a configuration file named /etc/snmptrapd.conf. Then,`
			`start the daemon with`
			`rcsnmptrapd start`
			`Logging is done to /var/log/net-snmptrapd.log.`

			`o Master agentx support is enabled if you have modules in`
			`/usr/lib/net-snmp/--the domain socket is created as`
			`/var/run/agentx/master. You can change this to a network`
			`interface if needed (see snmpd(1)). The snmpd init script`
			`automatically detects and starts any sub-agents in placed into`
			`/var/lib/net-snmp.`

			`More documentation on the net-snmp package can be found in this directory`
			`as well as the project's homepage: http://net-snmp.sourceforge.net/`