The UK Home Automation Archive

Archive Home
Group Home
Search Archive

Advanced Search


Latest message you have seen: RE: RE: [Bulk] UK_Selfbuild Audio round the house options?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OT]Adding MIBs to netSNMP

Heh I stumbled on the SNMP modules for PHP whilst reading the docos the
other day and may play with in the future.

Q is How secure do you want things ? Just tighten up the nobody account :

/sbin/nologin is a must : $HOME = /home/nobody (would change this from

try to ensure nobody has no access to critical files on your box.

If you own the webserver and the user nobody you should really have nothing
to worry about.... I have had instances where I had to hack apache to run
suid (root) dangerous shit again no problems with security because I
the scripts....

Finally and primarily ensure your PHP scripts dont give hackers a backdoor
eg foo.php?path=somepathonfilesystem (u know silly stuff like that).

better way / paranoia mode ? have a system script or daemon that does your
SNMP and php reads or talks to it.

Sometimes it good to be over secure sometimes not.... The amount of times I
have been locked out for being over secure is unreal... I once had to
off 2 SSH proxies to get into a box shesh.

Sweet dreams,

----- Original Message -----
From: "Dean Smith" <ukha@xxxxxxx>
To: "Ukha_D@Yahoogroups. Com" <ukha_d@xxxxxxx>
Sent: Sunday, November 23, 2003 4:47 PM
Subject: [ukha_d] [OT]Adding MIBs to netSNMP

> I know there are a few *nix Gurus around so wondering if anyone can
> I have some software which uses NetSNMP via some PHP pages running via
> apache and I have a custom MIB I am looking at. I can use the MIB to
> names for OIDs via the command line by either forcing the command line
> to use all my MIBs (-m ALL) or by adding it to $HOME/.snmp/snmp.conf.
> Now as far as I can tell a PHP script is executed by apache as user
> "nobody". On my install (a pretty default RedHat8 + Apache)
the home dir
> "nobody" is "/". So I added a "/.snmp"
dir and snmp.comf file, then set
> owner and group to "nobody". Now it works - the PHP script
is making use
> the new custom MIB ..... BUT
> is this safe ? is there a better way ?
> Thanks
> Dean
> ls -al .*
> .snmp:
> total 12
> drwxr-xr-x    2 nobody   nobody       4096 Nov 23 16:37 .
> drwxr-xr-x   20 root     root         4096 Nov 23 16:37 ..
> -rw-r--r--    1 nobody   nobody         10 Nov 23 16:37 snmp.conf
> UKHA 2004: 15th and 16th May 2004
> Post message: ukha_d@xxxxxxx
> Subscribe:  ukha_d-subscribe@xxxxxxx
> Unsubscribe:  ukha_d-unsubscribe@xxxxxxx
> List owner:  ukha_d-owner@xxxxxxx
> Your use of Yahoo! Groups is subject to

Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.