There are two configuration files snmpd.conf of Net-SNMP: one is to start snmpd to load all the configurations, usually in the /etc/snmp directory (depending on the system environment parameters), and the other is persistent config, which is used to save the relevant configuration of v3 , usually in the /var/lib/net-snmp/ directory. This configuration file saves information such as usmUser and oldEngineID.
When snmpd restarts, all the information in the common configuration file is lost, the user needs to refresh a configuration file and load it when snmpd restarts;
However, the persistent configuration generally does not need to be edited and modified. When snmpd is restarted, the v3 user and engineID will remain unchanged.
When adding an snmp user, you can add a create user entry in the common configuration file, so that after startup, the relevant usmUser entry will be automatically generated in the persistent configuration file, and the authentication and encryption passwords are displayed in cipher text, so that Security configuration information leakage can be avoided.
In our development projects, we generally encounter the need to modify/add/remove/delete user accounts. The simple way is to turn off snmpd first, clear the usmUser entry in persistent, and then write the new configuration into the common configuration file. , and then start snmpd to load
The oldEngineID in the persistent configuration file is also the currently used engine id information, which is generated when snmpd is started for the first time. For the meaning of the specific bytes, refer to the relevant RFC: the first four bytes are the company IANA number, and the first bit is 1 , so it is generally 0x80 00 XX XX, the 5th byte indicates the generation method of the following bytes, 3 indicates the MAC address method, and net-snmp uses 128 by default to indicate a generation method through random numbers and time parameters.