ITAR

 audit, code, DARPA, data, fast track, ipmi, python, security, tech
Feb 262013
 

Well, not really.  Actually I.tar.gz.  In the gzip’d tar there are 3 files; little IPMI/BMC configuration file sucker, a suggested set of security recommendations that could be checked, and an even smaller program to parse the first program’s output.

Because… well, no good reason, actually, one is in python3 and the other in python2. I guess I’m testing your readiness. The programs are pretty heavily commented, especially ipmifreely.py, so check that for more details on what’s going on.

YOU MUST have FreeIPMI installed, which, as of this writing, kills off Mac and Windows chances at sucking down a cool JSON file from a server. And you really, really should have a recent version.  Don’t say I didn’t warn you.  But life goes on.

Sample use:

# this grabs the configuration stuff; here I'm using it on a Dell iDRAC with default user/password
# the output is redirected to a file
$ ./ipmifreely.py -v -u root -p calvin 192.168.0.23 > drac.json
# This takes the JSON file and looks for issues
$ ./I-check.py drac.json
Host: 192.168.0.23
[bmc-config] Serial_Channel Volatile_Enable_Per_Message_Auth = No
[bmc-config] Serial_Channel Volatile_Enable_Pef_Alerting = No
[bmc-config] Serial_Channel Non_Volatile_Enable_User_Level_Auth = No
[bmc-config] Serial_Channel Non_Volatile_Enable_Per_Message_Auth = No
[bmc-config] Serial_Channel Non_Volatile_Enable_Pef_Alerting = No
[bmc-config] Serial_Channel Volatile_Enable_User_Level_Auth = No
[bmc-config] User10 Serial_Enable_Link_Auth = No
[bmc-config] User11 Serial_Enable_Link_Auth = No
[bmc-config] User13 Serial_Enable_Link_Auth = No
[bmc-config] User14 Serial_Enable_Link_Auth = No
[bmc-config] User15 Serial_Enable_Link_Auth = No
[bmc-config] User16 Serial_Enable_Link_Auth = No
[bmc-config] Lan_Channel Volatile_Enable_Per_Message_Auth = No
[bmc-config] Lan_Channel Volatile_Enable_Pef_Alerting = No
[bmc-config] Lan_Channel Non_Volatile_Enable_Per_Message_Auth = No
[bmc-config] Lan_Channel Non_Volatile_Enable_Pef_Alerting = No
[bmc-config] Lan_Conf_Security_Keys K_G = 0x0000000000000000000000000000000000000000
[bmc-config] User1 Serial_Enable_Link_Auth = No
[bmc-config] User12 Serial_Enable_Link_Auth = No
[bmc-config] User9 Serial_Enable_Link_Auth = No
[bmc-config] Lan_Conf_Auth User_Enable_Auth_Type_MD2 = Yes
[bmc-config] Lan_Conf_Auth Admin_Enable_Auth_Type_MD2 = Yes
[bmc-config] Lan_Conf_Auth Callback_Enable_Auth_Type_MD2 = Yes
[bmc-config] Lan_Conf_Auth Operator_Enable_Auth_Type_MD2 = Yes
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_1 = Administrator
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_0 = Administrator
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_2 = Administrator
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_5 = Administrator
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_4 = Administrator
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_7 = Administrator
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_6 = Administrator
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_9 = Administrator
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_14 = Administrator
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_11 = Administrator
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_10 = Administrator
[bmc-config] Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_13 = Administrator
[pef-config] Community_String Community_String = public
[pef-config] PEF_Conf Enable_PEF_Event_Messages = No

Sorry, the comment form is closed at this time.