Disable SNMP hardening check #1651

Merged
merged 1 commit into from Jan 5, 2017

Projects

None yet

3 participants

@major
Contributor
major commented Jan 4, 2017 edited

This patch disables the V-38660 hardening check for SNMP and updates
the comments in the deploy.sh script to reflect the changes.

V-38660 checks to see if any SNMPv1/v2 configurations exist. If they
exist, the playbook halts. This is highly disruptive for production
deployments.

Connects rcbops/rpc-openstack#1616

@major major self-assigned this Jan 4, 2017
scripts/deploy.sh
- # V-38660 is skipped for compatibility with Ubuntu Xenial
+ # NOTE(mhayden): V-38642 must be skipped when using an apt repository with
+ # unsigned/untrusted packages. V-38660 checks for SNMP configs with SNMPv1/2
+ # enabled and it must be skipped all of the time.
@hughsaunders
hughsaunders Jan 4, 2017 Member

if it should be skipped all the time, shouldn't it be removed?

@major
major Jan 4, 2017 Contributor

@hughsaunders What should be removed? The only reason we skip it here is that we have SNMPv1/2 configs on RPC hosts. We shouldn't do that, but that's a separate problem to fix. ;)

@d34dh0r53
d34dh0r53 Jan 4, 2017 Contributor

@major, I think the comment just needs to be reworded

scripts/deploy.sh
- # V-38660 is skipped for compatibility with Ubuntu Xenial
+ # NOTE(mhayden): V-38642 must be skipped when using an apt repository with
+ # unsigned/untrusted packages. V-38660 checks for SNMP configs with SNMPv1/2
+ # enabled and it must be skipped all of the time.
@d34dh0r53
d34dh0r53 Jan 4, 2017 Contributor

@major, I think the comment just needs to be reworded

@major
Contributor
major commented Jan 4, 2017

I'll update the patch to make the comment more explicit.

@major major Disable SNMP hardening check
This patch disables the V-38660 hardening check for SNMP and updates
the comments in the `deploy.sh` script to reflect the changes.

V-38660 checks to see if any SNMPv1/v2 configurations exist. If they
exist, the playbook halts. This is highly disruptive for production
deployments.

Connects: rcbops/rpc-openstack#1616
b2c16d6
@d34dh0r53
d34dh0r53 approved these changes Jan 4, 2017 edited View changes

Mucho bettero 👍

@hughsaunders
Member

LGTM 👍

@hughsaunders hughsaunders merged commit fcae61f into master Jan 5, 2017

4 checks passed

ceph Build finished.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
swift Build finished.
Details
@major major deleted the mhayden-1616 branch Jan 5, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment