net-snmp

snmpd.conf

createUser myusername SHA "passwd1" AES "passwd2"
rouser  myusername  priv

https://linux.die.net/man/5/snmpd.examples

Reduce logging

SystemD

In /etc/systemd/system/multi-user.target.wants/snmpd.service

Replace any LSw or LO4 with LSc or LOc, like this:

ExecStart=/usr/sbin/snmpd -LOc -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f -p /run/snmpd.pid

From man snmpcmd, the priorities recognized are:

0 or ! for LOG_EMERG,
1 or a for LOG_ALERT,
2 or c for LOG_CRIT,
3 or e for LOG_ERR,
4 or w for LOG_WARNING,
5 or n for LOG_NOTICE,
6 or i for LOG_INFO, and
7 or d for LOG_DEBUG.

Then this (seems reload for snmpd isn’t enough):

sudo systemctl daemon-reload
sudo systemctl restart snmpd

Utilities

snmpwalk – retrieve a subtree of management values using SNMP GETNEXT requests

snmpwalk -v3 -l authPriv -u [User name] -a MD5 -A [User password] -x DES -X [DES password] [IP address of host] [OID of system information MIB]

snmpwalk -v3 -l authPriv -u myusername -a SHA -A "passwd1" -x AES -X "passwd2" 192.168.0.10 .

https://www.ionos.com/digitalguide/server/know-how/snmp-tutorial/

Misc

Restrictions to community strings and passwords

So these additional characters:

-.#@=:_

MD5 or SHA-x ?

sha

AES or DES ?

AES is more secure and better as compared to DES because of its effective and variable key size. Secondly, It allows us to choose either 128, 192 or 256 bit key which makes it exponentially stronger than 56 bit key. Moreover, it makes it harder to break the encryption.

info: https://datacyper.com/which-is-better-des-or-aes/