Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File permissions do not match the ones of the net-snmp #81

Closed
Tontonitch opened this issue Nov 7, 2016 · 7 comments
Closed

File permissions do not match the ones of the net-snmp #81

Tontonitch opened this issue Nov 7, 2016 · 7 comments
Assignees
@razorsedge

Comments

@Tontonitch
Copy link

Hi,

After configuring the snmp services via your puppet module, the permissions of the following files do not match the ones of the net-snmp software rpm.

[root@rhtestsrv1-d ~]# rpm -Va | grep '^.M'
SM5....T.  c /etc/snmp/snmpd.conf
SM5....T.  c /etc/snmp/snmptrapd.conf

The puppet module sets the perm to 644 instead of 600.

Could it be changed in a future release of the module?
So that I won't receive any alerts in reports from SCAP.

Best regards,
Yannick
@jflorian
Copy link

@Tontonitch I'm not a developer of puppet-snmp, but a fellow user. Good catch here given this file has credentials stored that should be kept secret and protected. It seems that the Red Hat family of OSes have the wrong default mode for these files, as you can see here.

Until this gets resolved correctly, I've got the following in my Hiera data:
snmp::service_config_perms: '0600'
Alternatively, you could use something like

class { 'snmp':
  <snip>
  service_config_perms => '0600',
  <snip>
}

Thanks for pointing this out!

@jflorian jflorian mentioned this issue Nov 12, 2016
Closed
@Tontonitch
Copy link
Author

Ok, thanks for your solution John!Best regards,Yannick

  De : John Florian <notifications@github.com>

À : razorsedge/puppet-snmp puppet-snmp@noreply.github.com
Cc : Yannick Charton tontonitch-pro@yahoo.fr; Mention mention@noreply.github.com
Envoyé le : Samedi 12 novembre 2016 17h52
Objet : Re: [razorsedge/puppet-snmp] File permissions do not match the ones of the net-snmp (#81)

@Tontonitch I'm not a developer of puppet-snmp, but a fellow user. Good catch here given this file has credentials stored that should be kept secret and protected. It seems that the Red Hat family of OSes have the wrong default mode for these files, as you can see here.Until this gets resolved correctly, I've got the following in my Hiera data:
snmp::service_config_perms: '0600'

Alternatively, you could use something likeclass { 'snmp':

service_config_perms => '0600',

}
Thanks for pointing this out!—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

@TomOnTime
Copy link

Please make this a parameter. We have certain machines that set the file perms to 0640 and the group to something non-standard. (Rationale: Certain processes need to read that file but we don't want those processes to run as root)

@jflorian
Copy link

It already is a parameter. See my comment above. Or I don't understand what you were asking for.

John Florian

@TomOnTime
Copy link

Its all good. Thanks!

@razorsedge
Copy link
Contributor

@Tontonitch What OS/OS version/SNMP version are you using?

@razorsedge razorsedge self-assigned this Nov 15, 2016
@Tontonitch
Copy link
Author

RedHat 7.3, Net-Snmp 5.7.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@razorsedge razorsedge

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Resolution for Issue 81
4 participants
@jflorian @Tontonitch @razorsedge @TomOnTime