Re: [nv-l] NetView on a "Hardened" AIX Server

2002-08-23 15:47:11
Subject: Re: [nv-l] NetView on a "Hardened" AIX Server
From: James Shanks <jshanks AT us.ibm DOT com>
To: nv-l AT lists.tivoli DOT com
Date: Fri, 23 Aug 2002 15:47:11 -0400
I don't quite get it. 
 I have never tried running NetView without snmpd on his very own box, but 
if you do, don't count on getting anything from trapgend or mgragentd. You 
won't get any traps from your own box (trapgend) for sure.  And without 
mgragentd, you could not run a NetView client, nor  populate the NetView 
smartset or set the "isManager" field in the database. But regardless of 
the problems on the  NetView machine itself, if you turn off SNMP 
everywhere else, then how do you manage things?

NetView is an SNMP Manager.  You can isolate the box, and others in the 
network by not running SNMP, but then you cannot manage them effectively, 
because you have no other (default) way to get information about them. 
Without SNMP, netmon doesn't know a router from any other device.  Your 
topology would be nothing but a collection of unconnected single-interface 
nodes.  And it would always be wrong.  And you couldn't do new node 
discovery, and so on.

So yeah, tell your management to find you another tool, because their 
going to cripple NetView with this policy. 

That's where Tivoli came in originally, of course.  You could always 
install the The Tivoli Management Agent on all your managed boxes instead. 
 But perhaps you already are. I haven't ever tried to get real-time 
availability data from Inventory, but with creative use of it and TEC you 
could probably get something.   You'll just never get a map of course. 

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group

"Davis, Donald" <donald.davis AT firstcitizens DOT com>
08/23/2002 02:13 PM

        To:     "'nv-l AT lists.tivoli DOT com'" <nv-l AT lists.tivoli DOT com>
        Subject:        [nv-l] NetView on a "Hardened" AIX Server


Does anyone have any experience running NetView on a "Hardened" AIX (4.3) 
server. My Risk Management department wants to implement the guidelines 
doccumented by the University of Waterloo (Canada).
The recommendations are simple; "If you don't need it, dont' run it." 
However, there is a long list of services that they recommend not 
starting. Some give me great concerns with NetView. For example, they 
recommend stopping SNMP, ftp, inetd, named, portmap, nfsd, biod, exec, and 
Changing the default shell to /bin/false for daemon, bin, sys, adm and 
nobody. Remove compilers and interpreters. 
I am afraid I am going to turn my NetView server into a very expensive 
Don Davis 
This electronic mail and any files transmitted with it are confidential 
and are intended solely for the use of individual or entity to whom they 
are addressed. If you are not the intended recipient or the person 
responsible for delivering the electronic mail to the intended recipient, 
be advised that you have received this electronic mail in error and that 
any use, dissemination, forwarding, printing, or copying of this 
electronic mail is strictly prohibited. If you have received this 
electronic mail in error, please immediately notify the sender by return 


<Prev in Thread] Current Thread [Next in Thread>