{"id":797,"date":"2013-02-26T18:31:46","date_gmt":"2013-02-26T18:31:46","guid":{"rendered":"https:\/\/trouble.org\/?p=797"},"modified":"2013-02-26T18:37:57","modified_gmt":"2013-02-26T18:37:57","slug":"itar","status":"publish","type":"post","link":"https:\/\/trouble.org\/?p=797","title":{"rendered":"ITAR"},"content":{"rendered":"<p>Well, not really. \u00a0Actually <a title=\"I.tar.gz\" href=\"http:\/\/fish2.com\/ipmi\/tools\/I.tar.gz\">I.tar.gz.<\/a> \u00a0In the gzip&#8217;d tar there are 3 files; little IPMI\/BMC configuration file sucker, a suggested set of security recommendations that could be checked, and an even smaller program to parse the first program&#8217;s output.<\/p>\n<p>Because&#8230; well, no good reason, actually, one is in python3 and the other in python2. I guess I&#8217;m testing your readiness. The programs are pretty heavily commented, especially ipmifreely.py, so check that for more details on what&#8217;s going on.<\/p>\n<p><span style=\"color: #ff0000;\">YOU MUST<\/span> have <a title=\"FreeIPMI\" href=\"www.gnu.org\/software\/freeipmi\/\" target=\"_blank\">FreeIPMI<\/a> installed, which, as of this writing, kills off Mac and Windows chances at sucking down a cool JSON file from a server. And you really, really should have a recent version. \u00a0Don&#8217;t say I didn&#8217;t warn you. \u00a0But life goes on.<\/p>\n<p>Sample use:<\/p>\n<div class=\"codecolorer-container bash blackboard\" style=\"overflow:auto;white-space:nowrap;height:800px;\"><div class=\"bash codecolorer\"><span class=\"co0\"># this grabs the configuration stuff; here I'm using it on a Dell iDRAC with default user\/password<\/span><br \/>\n<span class=\"co0\"># the output is redirected to a file<\/span><br \/>\n$ .<span class=\"sy0\">\/<\/span>ipmifreely.py <span class=\"re5\">-v<\/span> <span class=\"re5\">-u<\/span> root <span class=\"re5\">-p<\/span> calvin 192.168.0.23 <span class=\"sy0\">&gt;<\/span> drac.json<br \/>\n<span class=\"co0\"># This takes the JSON file and looks for issues<\/span><br \/>\n$ .<span class=\"sy0\">\/<\/span>I-check.py drac.json<br \/>\nHost: 192.168.0.23<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Serial_Channel Volatile_Enable_Per_Message_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Serial_Channel Volatile_Enable_Pef_Alerting = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Serial_Channel Non_Volatile_Enable_User_Level_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Serial_Channel Non_Volatile_Enable_Per_Message_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Serial_Channel Non_Volatile_Enable_Pef_Alerting = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Serial_Channel Volatile_Enable_User_Level_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> User10 Serial_Enable_Link_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> User11 Serial_Enable_Link_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> User13 Serial_Enable_Link_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> User14 Serial_Enable_Link_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> User15 Serial_Enable_Link_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> User16 Serial_Enable_Link_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Lan_Channel Volatile_Enable_Per_Message_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Lan_Channel Volatile_Enable_Pef_Alerting = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Lan_Channel Non_Volatile_Enable_Per_Message_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Lan_Channel Non_Volatile_Enable_Pef_Alerting = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Lan_Conf_Security_Keys K_G = 0x0000000000000000000000000000000000000000<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> User1 Serial_Enable_Link_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> User12 Serial_Enable_Link_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> User9 Serial_Enable_Link_Auth = No<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Lan_Conf_Auth User_Enable_Auth_Type_MD2 = Yes<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Lan_Conf_Auth Admin_Enable_Auth_Type_MD2 = Yes<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Lan_Conf_Auth Callback_Enable_Auth_Type_MD2 = Yes<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Lan_Conf_Auth Operator_Enable_Auth_Type_MD2 = Yes<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_1 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_0 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_2 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_5 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_4 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_7 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_6 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_9 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_14 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_11 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_10 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>bmc-config<span class=\"br0\">&#93;<\/span> Rmcpplus_Conf_Privilege Maximum_Privilege_Cipher_Suite_Id_13 = Administrator<br \/>\n<span class=\"br0\">&#91;<\/span>pef-config<span class=\"br0\">&#93;<\/span> Community_String Community_String = public<br \/>\n<span class=\"br0\">&#91;<\/span>pef-config<span class=\"br0\">&#93;<\/span> PEF_Conf Enable_PEF_Event_Messages = No<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Well, not really. \u00a0Actually I.tar.gz. \u00a0In the gzip&#8217;d tar there are 3 files; little IPMI\/BMC configuration file sucker, a suggested set of security recommendations that could be checked, and an even smaller program to parse the first program&#8217;s output. Because&#8230; well, no good reason, actually, one is in python3 and the other in python2. I [&hellip;]<\/p>\n","protected":false},"author":44,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[211,31,61,81,137,154,172,4,6],"tags":[189,338,158,113,212,213,318],"class_list":["post-797","post","type-post","status-publish","format-standard","hentry","category-audit","category-code","category-darpa-2","category-data","category-fast-track-2","category-ipmi-2","category-python","category-security","category-tech","tag-all-that-stuff","tag-audit","tag-bmc","tag-ipmi","tag-python2","tag-python3","tag-security"],"_links":{"self":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=797"}],"version-history":[{"count":5,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/797\/revisions"}],"predecessor-version":[{"id":802,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/797\/revisions\/802"}],"wp:attachment":[{"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}