SNMP default community strings and passphrases must be changed from vendor defaults.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-216220 | SOL-11.1-080160 | SV-216220r1190834_rule | CCI-000366 | high |
| Description | ||||
| Whether active or not, default SNMP passwords, users, and passphrases must be changed to maintain security. If the service is running with the default authenticators, then anyone can gather data about the system and the network and use the information to potentially compromise the integrity of the system or network(s). | ||||
| STIG | Date | |||
| Solaris 11 X86 Security Technical Implementation Guide | 2026-02-19 | |||
Details
Check Text (C-216220r1190834_chk)
Verify the Solaris 11 system does not use default SNMP community strings or passphrases.
The root role is required.
Find any occurrences of the snmpd.conf file delivered with Solaris packages:
# pkg search -l -Ho path snmpd.conf | awk '{ print "/"$1 }'
/etc/net-snmp/snmp/snmpd.conf
For each listed file, use the following command to review its contents:
# more [filename]
Review SNMP trap configurations for default community strings:
# grep trap /etc/net-snmp/snmp/snmpd.conf
Identify any community names, trap communities, or user password configurations set to default values.
Examples: public, private, trap, public@localhost, password
If any default values are present, this is a finding.
Fix Text (F-17456r1184361_fix)
The root role is required.
Stop the SNMP service:
# svcadm disable svc: /application/management/net-snmp:default
Open the /etc/snmp/snmpd.conf file and remove any lines containing default values.
# pfedit [/path/filename]
Create a new SNMPv3 user with strong authentication and privacy keys (if the service is required).
Restart the service (if the service is required).
# svcadm enable svc: /application/management/net-snmp:default
Ensure the permissions on the configuration files are restricted:
# chmod 600 /etc/snmp/snmp.conf