{"description": "Edit <tt>/etc/snmp/snmpd.conf</tt>, removing any references to <tt>rocommunity</tt>, <tt>rwcommunity</tt>, or <tt>com2sec</tt>.\nUpon doing that, restart the SNMP service:\n<pre>$ sudo systemctl restart snmpd</pre>", "rationale": "Earlier versions of SNMP are considered insecure, as they potentially allow\nunauthorized access to detailed system management information.", "severity": "medium", "references": {"ism": ["1311"]}, "control_references": {"ism": ["1311"]}, "components": [], "identifiers": {}, "ocil_clause": "there is output", "ocil": "To ensure only SNMPv3 or newer is used, run the following command:\n<pre>$ sudo grep 'rocommunity\\|rwcommunity\\|com2sec' /etc/snmp/snmpd.conf | grep -v \"^#\"</pre>\nThere should be no output.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[net-snmp]", "platforms": ["package[net-snmp]"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["package_net-snmp"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Configure SNMP Service to Use Only SNMPv3 or Newer", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml", "template": null}