Disable snmpd Service

Docs > Datadog Security > OOTB Rules > Disable snmpd Service

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

The snmpd service can be disabled with the following command:

$ sudo systemctl mask --now snmpd.service

Rationale

Running SNMP software provides a network-based avenue of attack, and should be disabled if not needed.

Remediation

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - service_snmpd_disabled

- name: Disable snmpd Service - Collect systemd Services Present in the System
  ansible.builtin.command: systemctl -q list-unit-files --type service
  register: service_exists
  changed_when: false
  failed_when: service_exists.rc not in [0, 1]
  check_mode: false
  when: ( ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman",
    "container"] and "net-snmp" in ansible_facts.packages )
  tags:
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - service_snmpd_disabled

- name: Disable snmpd Service - Ensure snmpd.service is Masked
  ansible.builtin.systemd:
    name: snmpd.service
    state: stopped
    enabled: false
    masked: true
  when:
  - ( ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
    and "net-snmp" in ansible_facts.packages )
  - service_exists.stdout_lines is search("snmpd.service", multiline=True)
  tags:
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - service_snmpd_disabled

- name: Unit Socket Exists - snmpd.socket
  ansible.builtin.command: systemctl -q list-unit-files snmpd.socket
  register: socket_file_exists
  changed_when: false
  failed_when: socket_file_exists.rc not in [0, 1]
  check_mode: false
  when: ( ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman",
    "container"] and "net-snmp" in ansible_facts.packages )
  tags:
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - service_snmpd_disabled

- name: Disable snmpd Service - Disable Socket snmpd
  ansible.builtin.systemd:
    name: snmpd.socket
    enabled: false
    state: stopped
    masked: true
  when:
  - ( ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
    and "net-snmp" in ansible_facts.packages )
  - socket_file_exists.stdout_lines is search("snmpd.socket", multiline=True)
  tags:
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - service_snmpd_disabled