nv-l
[Top] [All Lists]

Re: [nv-l] NetView on a "Hardened" AIX Server

To: nv-l@lists.tivoli.com
Subject: Re: [nv-l] NetView on a "Hardened" AIX Server
From: James Shanks <jshanks@us.ibm.com>
Date: Fri, 23 Aug 2002 15:47:11 -0400
I don't quite get it. 
 I have never tried running NetView without snmpd on his very own box, but 
if you do, don't count on getting anything from trapgend or mgragentd. You 
won't get any traps from your own box (trapgend) for sure.  And without 
mgragentd, you could not run a NetView client, nor  populate the NetView 
smartset or set the "isManager" field in the database. But regardless of 
the problems on the  NetView machine itself, if you turn off SNMP 
everywhere else, then how do you manage things?

NetView is an SNMP Manager.  You can isolate the box, and others in the 
network by not running SNMP, but then you cannot manage them effectively, 
because you have no other (default) way to get information about them. 
Without SNMP, netmon doesn't know a router from any other device.  Your 
topology would be nothing but a collection of unconnected single-interface 
nodes.  And it would always be wrong.  And you couldn't do new node 
discovery, and so on.

So yeah, tell your management to find you another tool, because their 
going to cripple NetView with this policy. 

That's where Tivoli came in originally, of course.  You could always 
install the The Tivoli Management Agent on all your managed boxes instead. 
 But perhaps you already are. I haven't ever tried to get real-time 
availability data from Inventory, but with creative use of it and TEC you 
could probably get something.   You'll just never get a map of course. 

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group




"Davis, Donald" <donald.davis@firstcitizens.com>
08/23/2002 02:13 PM

 
        To:     "'nv-l@lists.tivoli.com'" <nv-l@lists.tivoli.com>
        cc: 
        Subject:        [nv-l] NetView on a "Hardened" AIX Server

 

Does anyone have any experience running NetView on a "Hardened" AIX (4.3) 
server. My Risk Management department wants to implement the guidelines 
doccumented by the University of Waterloo (Canada).
http://ist.uwaterloo.ca/security/howto/2001-01-15 
The recommendations are simple; "If you don't need it, dont' run it." 
However, there is a long list of services that they recommend not 
starting. Some give me great concerns with NetView. For example, they 
recommend stopping SNMP, ftp, inetd, named, portmap, nfsd, biod, exec, and 
telnet.
Changing the default shell to /bin/false for daemon, bin, sys, adm and 
nobody. Remove compilers and interpreters. 
----- 
I am afraid I am going to turn my NetView server into a very expensive 
heater! 
Thanks, 
Don Davis 
------------------------------------------------------------------------------
This electronic mail and any files transmitted with it are confidential 
and are intended solely for the use of individual or entity to whom they 
are addressed. If you are not the intended recipient or the person 
responsible for delivering the electronic mail to the intended recipient, 
be advised that you have received this electronic mail in error and that 
any use, dissemination, forwarding, printing, or copying of this 
electronic mail is strictly prohibited. If you have received this 
electronic mail in error, please immediately notify the sender by return 
mail.

==============================================================================



<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web