SNMP
net-snmp
snmpd.conf
createUser myusername SHA "passwd1" AES "passwd2"
rouser myusername priv
https://linux.die.net/man/5/snmpd.examples
Reduce logging
SystemD
In /etc/systemd/system/multi-user.target.wants/snmpd.service
Replace any LSw or LO4 with LSc or LOc, like this:
ExecStart=/usr/sbin/snmpd -LOc -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f -p /run/snmpd.pid
From man snmpcmd
, the priorities recognized are:
0 or ! for LOG_EMERG,
1 or a for LOG_ALERT,
2 or c for LOG_CRIT,
3 or e for LOG_ERR,
4 or w for LOG_WARNING,
5 or n for LOG_NOTICE,
6 or i for LOG_INFO, and
7 or d for LOG_DEBUG.
Then this (seems reload for snmpd isn’t enough):
sudo systemctl daemon-reload
sudo systemctl restart snmpd
Utilities
snmpwalk – retrieve a subtree of management values using SNMP GETNEXT requests
snmpwalk -v3 -l authPriv -u [User name] -a MD5 -A [User password] -x DES -X [DES password] [IP address of host] [OID of system information MIB]
snmpwalk -v3 -l authPriv -u myusername -a SHA -A "passwd1" -x AES -X "passwd2" 192.168.0.10 .
https://www.ionos.com/digitalguide/server/know-how/snmp-tutorial/
Misc
Restrictions to community strings and passwords
So these additional characters:
-.#@=:_
MD5 or SHA-x ?
sha
AES or DES ?
AES is more secure and better as compared to DES because of its effective and variable key size. Secondly, It allows us to choose either 128, 192 or 256 bit key which makes it exponentially stronger than 56 bit key. Moreover, it makes it harder to break the encryption.
info: https://datacyper.com/which-is-better-des-or-aes/