The only issue here is where would you store it? If you pass it in on the command line all a user needs to do is 'ps -H aux --cols=300' to get the password (or check out the mrtg pid in /etc/proc). You could store the snmp password in a crypted file, and have a simple batch program that decrypts the file grabs the string then replaces the string for the proper password in the config, runs mrtg, deletes the config. That is a mess. and you have to have the decryption key in plain text.
Snmp is also not secure(v 1 at least). In my mind it ranks up there with telnet. Just make sure you have your community strings set to something other than public/private and that your file permissions are correct. If you are truly paranoid never use the set string. Change it to something insane or just blanker disable sets. with public strings the worst that can happen is some one can try to DOS you with tons of SNMP requests (or heavens forbid see your traffic stats) but your systems should be set up good enough to not allow SNMP from outside ip's otherwise you have even bigger problems. Hope this is not just a bunch of confusing double speak. David > -----Original Message----- > From: Logg, Connie A. [mailto:[EMAIL PROTECTED] > Subject: [rrd-users] Another MRTG security issis > <snip> > One of my concerns has always been the apparent need to have > the snmp community read string in the configuration file. > > Is there a way around this? > > Connie Logg > > Connie Logg - Network Analyst - 650-926-2879 </snip> -- Unsubscribe mailto:[EMAIL PROTECTED] Help mailto:[EMAIL PROTECTED] Archive http://www.ee.ethz.ch/~slist/rrd-users WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
