There is a concern over the lack of encryption of the account/password in the snmptrapd.conf file. Currently, the details in the snmptrapd.conf file are not encrypted. The concern is that the lack of encryption may expose the company for some audits Reference: http://net-snmp.sourceforge.net/wiki/index.php/TUT:Configuring_snmptrapd_to_receive_SNMPv3_notifications Configuring a SNMPv3 INFORM User Since the application receiving the INFORM is authoritative, that means it's the snmptrapd application's EngineID that will be used to help uniquely identify the user. You can create a new SNMPv3 user in you snmptrapd application which is tied to your snmptrapd engine simply by creating a line like the following in your /var/net-snmp/snmptrapd.conf file: createUser myuser SHA "my authentication pass" AES "my encryption pass" In the above line, the following things need to be set: myuser; the USM username that is going to be sending the trap.SHAthe authentication type (SHA or MD5, with SHA being better)"my authentication pass"The authentication pass-phrase to use to generate the secret authentication key. Enclose it in quotation marks if it contains spaces.AESthe encryption type to use (AES or DES, with AES being better)"my encryption pass"The encryption pass-phrase to use to generate the secret encyrption key. Enclose it in quotation marks if it contains spaces. If you leave it off, it will be set to the same pass-phrase as the authentication pass-phrase. This would ensure that the password gets encrypted in the snmptrapd.conf file Idea https://communities.bmc.com/ideas/19154 has been submitted to review for possible incorporation into a future release. |