Method used to shield the vulnerability that a message "Password of the SNMP service can be written" is displayed in the storage system when the NSFOCUS scanning tool is used

3

You can shield the vulnerability that a message "Password of the SNMP service can be written" is displayed in the storage system when the NSFOCUS scanning tool is used as follows:
The message is displayed because the storage system uses the default read/write communities when enabling the SNMP service.
The SNMP read/write communities, similar to passwords, can be used to read device information on the server that only provides read communities. For servers that provide write communities, the SNMP read/write communities can not only read device information but also write information to devices.
The SNMP read communities of a storage system is storage_public by default and the write communities is storage_private by default. If the default communities are used when the SNMP is enabled, all software can access and manage the storage system without authentication and there are security risks. Therefore, you are advised to modify the default communities after the SNMP service is enabled, to improve system security.
You can shield the vulnerability that "Password of the SNMP service can be written" as follows:
1. Log in to the storage system by using the CLI as a super administrator.
2. Run the chgcommunityname command to change the SNMP write and read communities.
Note:
Some earlier versions of storage system models cannot support the community command. If the system shows that the community command does not exist when you run this command, upgrade the storage system.
You can run the chgcommunityname command as follows:
Format: chgcommunityname -r readCommunity -w writeCommunity
Guidance: After the command is entered, a message is displayed indicating that the SNMP service is to be restarted. Enter y to confirm the restart. The new communities take effect after the SNMP service is restarted.
3. Run the showcommunityname command to check the modified result.
4. Restart the NSFOCUS scanning tool to scan for vulnerabilities.

Other related questions:
A message indicating that the system is busy is displayed when the information collection tool fails to be used
This message displays because some devices do not support operations by multi-users. If a device is being used by more than one user, the information collection fails and this message is displayed.

Solution when the message "access denied" is displayed if the PuTTY is used to log in to the storage system
You can perform the following operations when you use the PuTTY to log in to the storage system but a message "access denied" is displayed: 1. Fault location and rectification a. Wrong user name password. Refer to password retrieval instructions. b. Incorrect PuTTY configuration. 2. Solution Configure PuTTY correctly. a. Open the PuTTY tool. In the navigation bar on the left of the login page, select Connection > SSH. b. Set Preferred SSH protocol version to 2.

Method used to scan for mapped LUNs in the VMware ESX operating system
In the VMware ESX operating system, you scan for mapped LUNs as follows: Use the vSphere Client to log in to the VMware ESX host. In vSphere Client, click the Configuration tab. Select Storage in the Hardware area. In the View area of the right function pane, click Datastores. In the lower function pane, click Add Storage. The Add Storage dialog box is displayed. Scan for LUNs as prompted in the Add Storage dialog box.

Method used to troubleshoot the failure of scanning for LUNs
Method used to troubleshoot the failure of scanning for LUNs: 1. Ensure that the network connection is correct. 2. On iSCSI networks, ensure that networks are normal and ping packets are not lost. 3. On Fibre Channel networks, ensure that the rate of ports on the host and array complies with the negotiated one. 4. Check whether configurations on the host and array are correct, including the mapping and initiator configurations. 5. On iSCSI networks, if the version of the host initiator is early, update the initiator software. 6. Check whether the array enters the DFT mode. 7. After the AIX host connects to Fibre Channel cables, to scan for LUNs successfully, you need to restart the host. 8. In SUSE 10 and SUSE 10 SP1, to scan for LUNs successfully, you need to update the iSCSI initiator. 9. If you encounter any other faults, contact technical support engineers.

Method used to install the inspection tool
For details about how to install the inspection tool, see the OceanStor Toolkit Inspection Tool Operation Guide. To download the guide, log in to the To iKnow To Live Chat
Scroll to top