On Mon, 4 Mar 2013 15:56:36 +0100 Ilya Bakulin <ilya_baku...@genua.de> wrote: > Hi list, > We have a small issue with snmpd daemon in OpenBSD. > If people use SNMPv2c, they should explicitly set "read-write" community name > to some [probably random-generated] string, because otherwise everybody is > able to alter values of some SNMP nodes (the default value for read-write > community is "private", which is not very secure, probably). > > Attached is the patch that adds new configuration file parameter, > "nowrite", with values "yes" and "no", that disallows any write > attempts to any SNMP node regardless of specified read-write community string. > > $ snmpset -c private -v2c 127.0.0.1 system.sysContact.0 s SOME_CRAP > Error in packet. > Reason: (readOnly) The two parties used do not have access to use the > specified SNMP PDU. > Failed object: SNMPv2-MIB::sysContact.0 > > Hope you will find it useful. > > // Ilya > >
Just a little bike-shedding: - The term "readonly" seems more common to me than "nowrite". - All members of struct snmpd have a 'sc_' prefix. You should stick to that style. Gerhard