I don't quite get it.
I have never tried running NetView without snmpd on his very own box, but
if you do, don't count on getting anything from trapgend or mgragentd. You
won't get any traps from your own box (trapgend) for sure. And without
mgragentd, you could not run a NetView client, nor populate the NetView
smartset or set the "isManager" field in the database. But regardless of
the problems on the NetView machine itself, if you turn off SNMP
everywhere else, then how do you manage things?
NetView is an SNMP Manager. You can isolate the box, and others in the
network by not running SNMP, but then you cannot manage them effectively,
because you have no other (default) way to get information about them.
Without SNMP, netmon doesn't know a router from any other device. Your
topology would be nothing but a collection of unconnected single-interface
nodes. And it would always be wrong. And you couldn't do new node
discovery, and so on.
So yeah, tell your management to find you another tool, because their
going to cripple NetView with this policy.
That's where Tivoli came in originally, of course. You could always
install the The Tivoli Management Agent on all your managed boxes instead.
But perhaps you already are. I haven't ever tried to get real-time
availability data from Inventory, but with creative use of it and TEC you
could probably get something. You'll just never get a map of course.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group
"Davis, Donald" <donald.davis@firstcitizens.com>
08/23/2002 02:13 PM
To: "'nv-l@lists.tivoli.com'" <nv-l@lists.tivoli.com>
cc:
Subject: [nv-l] NetView on a "Hardened" AIX Server
Does anyone have any experience running NetView on a "Hardened" AIX (4.3)
server. My Risk Management department wants to implement the guidelines
doccumented by the University of Waterloo (Canada).
http://ist.uwaterloo.ca/security/howto/2001-01-15
The recommendations are simple; "If you don't need it, dont' run it."
However, there is a long list of services that they recommend not
starting. Some give me great concerns with NetView. For example, they
recommend stopping SNMP, ftp, inetd, named, portmap, nfsd, biod, exec, and
telnet.
Changing the default shell to /bin/false for daemon, bin, sys, adm and
nobody. Remove compilers and interpreters.
-----
I am afraid I am going to turn my NetView server into a very expensive
heater!
Thanks,
Don Davis
------------------------------------------------------------------------------
This electronic mail and any files transmitted with it are confidential
and are intended solely for the use of individual or entity to whom they
are addressed. If you are not the intended recipient or the person
responsible for delivering the electronic mail to the intended recipient,
be advised that you have received this electronic mail in error and that
any use, dissemination, forwarding, printing, or copying of this
electronic mail is strictly prohibited. If you have received this
electronic mail in error, please immediately notify the sender by return
mail.
==============================================================================
|