From 1857635cafc590028411a1064028aa74484ac779 Mon Sep 17 00:00:00 2001
From: Heretic <137451+Heretic312@users.noreply.github.com>
Date: Wed, 16 Jul 2025 11:27:34 -0500
Subject: [PATCH] Add snmp-audit.sh

---
 linux/snmp_audit.sh | 56 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 linux/snmp_audit.sh

diff --git a/linux/snmp_audit.sh b/linux/snmp_audit.sh
new file mode 100644
index 0000000..e3fa60c
--- /dev/null
+++ b/linux/snmp_audit.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+# Author: Victor Bishop (Heretic) | https://github.com/Heretic312/devsecops-wrappers.git
+# Date: 5/2/2025
+# Simple script to check for insecure SNMP v1/v2c/v3 configs
+
+CONFIG="/etc/snmp/snmpd.conf"
+echo "
+
+▄▖▖ ▖▖  ▖▄▖  ▄▖   ▌▘▗ 
+▚ ▛▖▌▛▖▞▌▙▌  ▌▌▌▌▛▌▌▜▘
+▄▌▌▝▌▌▝ ▌▌   ▛▌▙▌▙▌▌▐▖
+                      
+
+"
+
+# Check if snmpd is installed
+if ! command -v snmpd &>/dev/null; then
+  echo "SNMP daemon (snmpd) is not installed."
+  exit 1
+fi
+
+# Check if snmpd service is running
+echo -n "Checking snmpd service status: "
+if systemctl is-active --quiet snmpd; then
+  echo "Running"
+else
+  echo "Not running"
+fi
+
+# Look for insecure SNMP v1/v2c community strings
+echo "Scanning $CONFIG for insecure SNMPv1/v2c settings..."
+if grep -E "^\s*(rocommunity|rwcommunity)" "$CONFIG"; then
+  echo "Oh Shit! Insecure SNMP v1/v2c settings found!"
+else
+  echo "No SNMP v1/v2c community strings detected."
+fi
+
+# Check for SNMPv3 users
+echo "Checking for SNMPv3 user definitions..."
+if grep -q "^createUser" "$CONFIG"; then
+  echo "SNMPv3 users configured."
+else
+  echo "No SNMPv3 users found."
+fi
+
+# Check which interfaces snmpd is listening on
+echo "Checking SNMP listening interfaces..."
+LISTEN=$(ss -tulpn | grep snmpd)
+if echo "$LISTEN" | grep -q "0.0.0.0"; then
+  echo "SNMP is listening on all interfaces (0.0.0.0). Consider binding to localhost or trusted IPs."
+else
+  echo "SNMP is not listening on all interfaces."
+fi
+
+# Done
+echo "SNMP audit complete."