Complete IPMI Tool BMC Configuration Guide with Automation Script
This comprehensive guide covers everything you need to know about configuring and managing servers using IPMI (Intelligent Platform Management Interface) and the ipmitool command-line utility. Includes a ready-to-use automation script for common BMC tasks.
Table of Contents
- Introduction
- Prerequisites
- Basic Concepts
- Connection Methods
- Network Configuration
- User Management
- Sensor Monitoring
- Power Management
- System Event Log (SEL)
- Serial Over LAN (SOL)
- Field Replaceable Units (FRU)
- Security Best Practices
- Troubleshooting
- Automation Script
Introduction
What is IPMI?
Intelligent Platform Management Interface (IPMI) is a standardized hardware management interface specification that enables administrators to manage and monitor servers remotely, independently of the operating system. It operates through a dedicated Baseboard Management Controller (BMC), which is an embedded microcontroller with its own processor, memory, and network interface.
What is a BMC?
The Baseboard Management Controller (BMC) is the heart of IPMI functionality. It's a specialized service processor that:
- Operates independently of the main CPU and OS
- Has its own dedicated network interface (can share with host or use dedicated port)
- Monitors system health sensors (temperature, voltage, fans)
- Controls system power states
- Provides remote console access (KVM over IP, Serial over LAN)
- Logs hardware events
- Remains operational even when the server is powered off (standby power)
What is ipmitool?
ipmitool is an open-source command-line utility for managing IPMI-enabled devices. It can configure BMC network settings, manage user accounts, read sensor data, control power states, access system event logs, and establish Serial Over LAN sessions.
Prerequisites
Software Installation
# Debian/Ubuntu
sudo apt-get update
sudo apt-get install ipmitool openipmi
# RHEL/CentOS/Rocky/AlmaLinux
sudo dnf install ipmitool OpenIPMI OpenIPMI-tools
# SUSE/openSUSE
sudo zypper install ipmitool
# Arch Linux
sudo pacman -S ipmitoolKernel Modules
For local access, load the required kernel modules:
# Load IPMI drivers
sudo modprobe ipmi_devintf
sudo modprobe ipmi_si
sudo modprobe ipmi_msghandler
# Verify modules are loaded
lsmod | grep ipmi
# Make persistent across reboots
echo -e "ipmi_devintf\nipmi_si\nipmi_msghandler" | sudo tee /etc/modules-load.d/ipmi.confVerify Local Access
# Check if IPMI device exists
ls -la /dev/ipmi*
# Test basic connectivity
sudo ipmitool mc infoBasic Concepts
IPMI Channels
IPMI uses channels for communication. Each channel represents a communication path:
| Channel | Typical Use |
|---|---|
| 0 | IPMB (Intelligent Platform Management Bus) |
| 1 | Primary LAN channel (most common for remote access) |
| 2 | Secondary LAN or Serial |
| 6-7 | Reserved for LAN |
| 14 | Current channel (SMbus) |
| 15 | System interface |
# Check channel info for channel 1 (typical LAN)
ipmitool channel info 1
# Loop through channels to find active ones
for i in {0..15}; do
echo "=== Channel $i ==="
ipmitool channel info $i 2>/dev/null
doneUser Privilege Levels
| Level | Value | Permissions |
|---|---|---|
| Callback | 1 | Lowest - callback access only |
| User | 2 | Read-only access to sensors, SEL |
| Operator | 3 | Read + limited configuration |
| Administrator | 4 | Full access to all IPMI features |
| OEM | 5 | Vendor-specific extended access |
| No Access | 15 | Account disabled |
Authentication Types
| Type | Description |
|---|---|
| NONE | No authentication (insecure!) |
| MD2 | MD2 hash authentication |
| MD5 | MD5 hash authentication |
| PASSWORD | Plain text (avoid!) |
| OEM | Vendor-specific |
Modern BMCs support IPMI 2.0 with RMCP+ (Recommended): Uses stronger encryption (AES, HMAC), supports integrity checking, and provides confidentiality.
Connection Methods
Local Access
# Basic format (uses /dev/ipmi0 or /dev/ipmi/0)
sudo ipmitool <command>
# Specify interface explicitly
sudo ipmitool -I open <command>
# Examples
sudo ipmitool mc info # BMC information
sudo ipmitool sensor list # All sensors
sudo ipmitool chassis status # Chassis statusRemote Access via LAN (IPMI 1.5)
# Basic format
ipmitool -I lan -H <bmc_ip> -U <username> -P <password> <command>
# Using environment variable for password (more secure)
export IPMI_PASSWORD="your_password"
ipmitool -I lan -H 192.168.1.100 -U admin -E <command>
# Specify port (default: 623)
ipmitool -I lan -H 192.168.1.100 -p 623 -U admin -P password <command>Remote Access via LANPLUS (IPMI 2.0 - Recommended)
# LANPLUS provides encryption and stronger authentication
ipmitool -I lanplus -H <bmc_ip> -U <username> -P <password> <command>
# With specific cipher suite (use 17 for maximum security)
ipmitool -I lanplus -H 192.168.1.100 -U admin -P password -C 17 <command>Cipher Suite Reference
| Suite | Auth | Integrity | Confidentiality |
|---|---|---|---|
| 0 | None | None | None |
| 1 | HMAC-SHA1 | None | None |
| 2 | HMAC-SHA1 | HMAC-SHA1-96 | None |
| 3 | HMAC-SHA1 | HMAC-SHA1-96 | AES-CBC-128 |
| 17 | HMAC-SHA256 | HMAC-SHA256-128 | AES-CBC-128 |
Always use cipher suite 17 when available for maximum security.
Interface Summary
| Interface | Flag | Use Case |
|---|---|---|
| open | -I open | Local access via kernel driver |
| lan | -I lan | Remote IPMI 1.5 (no encryption) |
| lanplus | -I lanplus | Remote IPMI 2.0 (encrypted) |
| serial | -I serial | Direct serial connection |
| usb | -I usb | USB interface (some systems) |
Network Configuration
View Current LAN Settings
# Full LAN configuration for channel 1
ipmitool lan print 1Configure Static IP Address
# Set IP address source to static
ipmitool lan set 1 ipsrc static
# Set IP address
ipmitool lan set 1 ipaddr 192.168.1.100
# Set subnet mask
ipmitool lan set 1 netmask 255.255.255.0
# Set default gateway
ipmitool lan set 1 defgw ipaddr 192.168.1.1
# Optionally set backup gateway
ipmitool lan set 1 bakgw ipaddr 192.168.1.2Configure DHCP
# Enable DHCP
ipmitool lan set 1 ipsrc dhcp
# Verify change
ipmitool lan print 1 | grep -E "IP Address Source|IP Address"VLAN Configuration
# Enable VLAN with ID 100
ipmitool lan set 1 vlan id 100
# Set VLAN priority (0-7, default 0)
ipmitool lan set 1 vlan priority 3
# Disable VLAN
ipmitool lan set 1 vlan id offAccess Control
# Set access mode for channel 1
ipmitool lan set 1 access on
# Configure authentication types (per privilege level)
ipmitool lan set 1 auth admin md5
ipmitool lan set 1 auth operator md5
ipmitool lan set 1 auth user md5
# Enable cipher suite privileges (only allow strong cipher for admin)
ipmitool lan set 1 cipher_privs XXXXXXXXXXXXXXXaIPv6 Configuration
# Check IPv6 support
ipmitool lan6 print 1
# Enable IPv6
ipmitool lan6 set 1 enables static
# Set static IPv6 address
ipmitool lan6 set 1 static_addr 0 2001:db8::100/64
# Set IPv6 gateway
ipmitool lan6 set 1 gateway 0 2001:db8::1User Management
List Users
# List users on channel 1
ipmitool user list 1
# Output:
# ID Name Callin Link Auth IPMI Msg Channel Priv Limit
# 1 true false false NO ACCESS
# 2 admin true true true ADMINISTRATOR
# 3 operator true true true OPERATORCreate New User
# Set username for user ID 3
ipmitool user set name 3 newadmin
# Set password (will prompt for password)
ipmitool user set password 3
# Or set password directly (less secure - visible in process list)
ipmitool user set password 3 "SecureP@ssw0rd!"
# Enable the user
ipmitool user enable 3
# Set privilege level (1=callback, 2=user, 3=operator, 4=admin)
ipmitool user priv 3 4 1 # User 3, Admin privilege, Channel 1
# Enable user for channel access
ipmitool channel setaccess 1 3 callin=on ipmi=on link=on privilege=4Modify Existing User
# Change password
ipmitool user set password 2
# Change privilege level
ipmitool user priv 2 3 1 # Change user 2 to operator on channel 1
# Rename user
ipmitool user set name 2 newnameDisable/Delete User
# Disable user
ipmitool user disable 3
# Remove channel access
ipmitool channel setaccess 1 3 callin=off ipmi=off link=off privilege=15
# Delete user (set name to empty)
ipmitool user set name 3 ""Sensor Monitoring
List All Sensors
# Full sensor list with readings
ipmitool sensor list
# Output format:
# Sensor Name | Value | Units | Status | LNR | LCR | LNC | UNC | UCR | UNR
# Inlet Temp | 24.000 | C | ok | na | na | na | 42 | 46 | na
# CPU1 Temp | 45.000 | C | ok | na | na | na | 85 | 90 | na
# FAN1 | 5400 | RPM | ok | 500 | 700 | na | na | na | na
# Threshold meanings:
# LNR = Lower Non-Recoverable
# LCR = Lower Critical
# LNC = Lower Non-Critical
# UNC = Upper Non-Critical
# UCR = Upper Critical
# UNR = Upper Non-RecoverableSensor Data Repository (SDR)
# Full SDR dump
ipmitool sdr list
# Specific types
ipmitool sdr type list # List sensor types
ipmitool sdr type Temperature # Only temperature sensors
ipmitool sdr type Fan # Only fan sensors
ipmitool sdr type Voltage # Only voltage sensors
ipmitool sdr type "Power Supply" # Power supply sensors
# Get specific sensor by name
ipmitool sdr get "CPU1 Temp"Set Sensor Thresholds
# Set thresholds (in order: lnr, lcr, lnc, unc, ucr, unr)
ipmitool sensor thresh "Inlet Temp" upper 40 45 50
# Set lower thresholds
ipmitool sensor thresh "FAN1" lower 400 600 800
# Full threshold set
ipmitool sensor thresh "CPU1 Temp" lower 5 10 15 upper 80 85 90Continuous Monitoring
# Watch sensors (refresh every 2 seconds)
watch -n 2 'ipmitool sensor list | grep -E "Temp|Fan|Power"'
# Export to CSV for analysis
ipmitool sensor list | awk -F'|' '{print $1","$2","$3","$4}' > sensors.csvPower Management
Check Power Status
# Chassis status (includes power state)
ipmitool chassis status
# Quick power check
ipmitool power statusPower Control
# Power on
ipmitool power on
# Graceful shutdown (ACPI signal - requires OS support)
ipmitool power soft
# Hard power off (immediate - like holding power button)
ipmitool power off
# Power cycle (off then on)
ipmitool power cycle
# Hard reset (like pressing reset button)
ipmitool power reset
# Diagnostic interrupt (NMI)
ipmitool power diagPower Restore Policy
# Check current policy
ipmitool chassis status | grep "Power Restore"
# Set policy
ipmitool chassis policy always-on # Always power on after AC restore
ipmitool chassis policy always-off # Stay off, wait for manual power on
ipmitool chassis policy previous # Return to state before power lossBoot Device Configuration
# Set next boot device (one-time)
ipmitool chassis bootdev pxe # Network boot (PXE)
ipmitool chassis bootdev disk # Hard drive
ipmitool chassis bootdev cdrom # CD/DVD drive
ipmitool chassis bootdev bios # Enter BIOS setup
# Persistent boot device
ipmitool chassis bootdev disk options=persistent
# EFI boot options
ipmitool chassis bootdev disk options=efibootSystem Event Log (SEL)
# View all SEL entries
ipmitool sel list
# Extended/verbose SEL
ipmitool sel elist
# SEL details
ipmitool sel info
# Clear all entries (CAUTION: non-recoverable)
ipmitool sel clear
# Save to file
ipmitool sel save sel_backup_$(date +%Y%m%d).txt
# Get/Set BMC time
ipmitool sel time get
ipmitool sel time set "$(date -u '+%m/%d/%Y %H:%M:%S')"Serial Over LAN (SOL)
Serial Over LAN (SOL) redirects the server's serial console output over the network, allowing remote BIOS configuration, bootloader access, emergency console access, and kernel debugging.
Configure SOL
# Check SOL status
ipmitool sol info
# Enable SOL on channel 1
ipmitool sol set enabled true 1
# Set SOL privilege level
ipmitool sol set privilege-level admin 1
# Set baud rate (must match server's serial config)
ipmitool sol set volatile-bit-rate 115200 1
ipmitool sol set non-volatile-bit-rate 115200 1
# Enable SOL for user
ipmitool sol payload enable 1 2Activate SOL Session
# Start SOL session (remote)
ipmitool -I lanplus -H 192.168.1.100 -U admin -P password sol activate
# SOL session controls:
# ~. Terminate session
# ~^Z Suspend session
# ~B Send break
# ~? Help
# Deactivate SOL (if stuck)
ipmitool -I lanplus -H 192.168.1.100 -U admin -P password sol deactivateServer-Side GRUB Configuration
Edit /etc/default/grub:
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"Then regenerate GRUB:
grub2-mkconfig -o /boot/grub2/grub.cfg # RHEL/CentOS
update-grub # Debian/UbuntuField Replaceable Units (FRU)
FRU data contains hardware identification: serial numbers, part numbers, manufacturer information, product names, and asset tags.
# List all FRU devices
ipmitool fru print
# Read specific FRU ID
ipmitool fru print 0
# Raw FRU dump
ipmitool fru read 0 fru_backup.bin
# Set asset tag
ipmitool fru edit 0 field p 5 "ASSET-12345"Security Best Practices
1. Network Isolation
# BMC should be on isolated management network
ipmitool lan set 1 vlan id 100
# Use firewall rules - only allow from known admin subnets2. Strong Authentication
# Use IPMI 2.0 with strongest cipher
ipmitool -I lanplus -C 17 ...
# Disable weak authentication
ipmitool lan set 1 auth admin md5
ipmitool lan set 1 auth operator md5
ipmitool lan set 1 auth user md5
# Restrict cipher suites
ipmitool lan set 1 cipher_privs XXXXXXXXXXXXXXXXa3. User Management
# Disable unused user slots
for i in 3 4 5 6 7 8 9 10; do
ipmitool user disable $i
done
# Remove default accounts
ipmitool user set name 2 "localadmin"
ipmitool user set password 24. Regular Auditing
# Check SEL for unauthorized access attempts
ipmitool sel list | grep -i -E "auth|login|user|password"
# Monitor active sessions
ipmitool session info all
# Check BMC firmware version
ipmitool mc info | grep "Firmware Revision"Troubleshooting
Connection Issues
# Test basic connectivity
ping <bmc_ip>
# Check IPMI port (UDP 623)
nc -vzu <bmc_ip> 623
# Try different interface/cipher
ipmitool -I lanplus -C 3 -H <bmc_ip> -U admin -P password mc info
ipmitool -I lan -H <bmc_ip> -U admin -P password mc info
# Enable verbose output
ipmitool -I lanplus -H <bmc_ip> -U admin -P password -vvv mc infoBMC Reset
# Warm reset (software reset)
ipmitool mc reset warm
# Cold reset (hardware reset - more thorough)
ipmitool mc reset cold
# Wait 30-60 seconds for BMC to recoverCommon Error Messages
| Error | Cause | Solution |
|---|---|---|
| Could not open device | Missing IPMI driver | Load ipmi_si, ipmi_devintf modules |
| Unable to establish LAN session | Network/auth issue | Check IP, user, password, firewall |
| Insufficient privilege level | User lacks permissions | Increase user privilege level |
| RAKP 2 HMAC is invalid | Password mismatch | Verify password, try shorter password |
| Session limit exceeded | Too many active sessions | Close unused sessions |
| Command not supported | BMC doesn't support | Check BMC capabilities |
Quick Reference Card
# System Info
ipmitool mc info # BMC information
ipmitool fru print # Hardware inventory
# Network
ipmitool lan print 1 # View LAN config
ipmitool lan set 1 ipaddr X.X.X.X # Set IP
# Users
ipmitool user list 1 # List users
ipmitool user set password 2 # Change password
# Power
ipmitool power status # Check power
ipmitool power on|off|cycle|reset # Power control
ipmitool chassis bootdev pxe # Set boot device
# Monitoring
ipmitool sensor list # All sensors
ipmitool sel list # Event log
ipmitool sel clear # Clear events
# Console
ipmitool sol activate # Serial console
# Troubleshooting
ipmitool mc reset cold # Reset BMC
# Remote Command Template
ipmitool -I lanplus -H <BMC_IP> -U <USER> -P <PASS> -C 17 <command>BMC Configuration Automation Script
The following Bash script automates common BMC configuration tasks. Save it as bmc-config.sh and make it executable with chmod +x bmc-config.sh.
#!/bin/bash
# IPMI Tool BMC Configuration Script
# This script automates common BMC configuration tasks using ipmitool
# Requires: ipmitool, sudo access (for local operations)
set -euo pipefail # Exit on error, undefined vars, pipe failures
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Logging function
log() {
echo -e "${BLUE}[$(date '+%Y-%m-%d %H:%M:%S')]${NC} $1"
}
success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Configuration variables
BMC_HOST=""
BMC_USER="admin"
BMC_PASS=""
BMC_INTERFACE="lanplus"
BMC_CIPHER_SUITE="17" # Use strongest cipher by default
LOCAL_ACCESS=false
# Function to display usage
usage() {
cat << EOF
Usage: $0 [OPTIONS]
Automated BMC configuration using ipmitool
OPTIONS:
-h, --host HOST BMC IP address (required for remote access)
-u, --user USER BMC username (default: admin)
-p, --pass PASS BMC password (will prompt if not provided)
-i, --interface TYPE Interface: lan|lanplus|open (default: lanplus)
-c, --cipher SUITE Cipher suite (default: 17)
--local Use local access (requires sudo)
--configure-network Configure network settings
--configure-users Configure users
--configure-security Apply security hardening
--monitor-sensors Monitor sensors continuously
--view-status View BMC status
--help Display this help message
EXAMPLES:
$0 --local --configure-network
$0 -h 192.168.1.100 -u admin -p password --configure-users
$0 -h 192.168.1.100 --view-status
EOF
}
# Parse command line arguments
while [[ $# -gt 0 ]]; do
case $1 in
-h|--host)
BMC_HOST="$2"
shift 2
;;
-u|--user)
BMC_USER="$2"
shift 2
;;
-p|--pass)
BMC_PASS="$2"
shift 2
;;
-i|--interface)
BMC_INTERFACE="$2"
shift 2
;;
-c|--cipher)
BMC_CIPHER_SUITE="$2"
shift 2
;;
--local)
LOCAL_ACCESS=true
shift
;;
--configure-network)
CONFIGURE_NETWORK=true
shift
;;
--configure-users)
CONFIGURE_USERS=true
shift
;;
--configure-security)
CONFIGURE_SECURITY=true
shift
;;
--monitor-sensors)
MONITOR_SENSORS=true
shift
;;
--view-status)
VIEW_STATUS=true
shift
;;
--help)
usage
exit 0
;;
*)
error "Unknown option: $1"
usage
exit 1
;;
esac
done
# Validate required parameters
if [ "$LOCAL_ACCESS" = false ] && [ -z "$BMC_HOST" ]; then
error "BMC host is required for remote access or --local flag must be used"
exit 1
fi
# Prompt for password if not provided
if [ "$LOCAL_ACCESS" = false ] && [ -z "$BMC_PASS" ]; then
read -s -p "Enter BMC password: " BMC_PASS
echo
fi
# Construct ipmitool command prefix
if [ "$LOCAL_ACCESS" = true ]; then
IPMITOOL_CMD="sudo ipmitool"
else
IPMITOOL_CMD="ipmitool -I $BMC_INTERFACE -H $BMC_HOST -U $BMC_USER -P '$BMC_PASS'"
if [ "$BMC_INTERFACE" = "lanplus" ]; then
IPMITOOL_CMD="$IPMITOOL_CMD -C $BMC_CIPHER_SUITE"
fi
fi
# Function to test BMC connectivity
test_connectivity() {
log "Testing BMC connectivity..."
if $IPMITOOL_CMD mc info >/dev/null 2>&1; then
success "BMC connectivity established"
return 0
else
error "Failed to connect to BMC"
return 1
fi
}
# Function to view BMC status
view_bmc_status() {
log "Fetching BMC status..."
echo "=== BMC Information ==="
$IPMITOOL_CMD mc info
echo -e "\n=== Chassis Status ==="
$IPMITOOL_CMD chassis status
echo -e "\n=== FRU Information ==="
$IPMITOOL_CMD fru print
echo -e "\n=== SEL Information ==="
$IPMITOOL_CMD sel info
}
# Function to configure network settings
configure_network() {
log "Configuring network settings..."
echo "Current network configuration:"
$IPMITOOL_CMD lan print 1
read -p "Configure static IP? (y/n): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
read -p "Enter IP address: " IP_ADDR
read -p "Enter subnet mask: " SUBNET_MASK
read -p "Enter default gateway: " GATEWAY
log "Setting static IP configuration..."
$IPMITOOL_CMD lan set 1 ipsrc static
$IPMITOOL_CMD lan set 1 ipaddr "$IP_ADDR"
$IPMITOOL_CMD lan set 1 netmask "$SUBNET_MASK"
$IPMITOOL_CMD lan set 1 defgw ipaddr "$GATEWAY"
success "Network configuration updated"
echo "New network configuration:"
$IPMITOOL_CMD lan print 1
fi
read -p "Configure VLAN? (y/n): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
read -p "Enter VLAN ID (or 'off' to disable): " VLAN_ID
if [ "$VLAN_ID" != "off" ]; then
$IPMITOOL_CMD lan set 1 vlan id "$VLAN_ID"
success "VLAN ID set to $VLAN_ID"
else
$IPMITOOL_CMD lan set 1 vlan id off
success "VLAN disabled"
fi
fi
}
# Function to manage users
configure_users() {
log "Managing users..."
echo "Current users:"
$IPMITOOL_CMD user list 1
read -p "Create new user? (y/n): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
NEXT_ID=3
while $IPMITOOL_CMD user list 1 | grep -q "^$NEXT_ID "; do
((NEXT_ID++))
if [ $NEXT_ID -gt 15 ]; then
error "No available user slots"
return 1
fi
done
read -p "Enter username: " USERNAME
read -p "Enter privilege level (1=Callback, 2=User, 3=Operator, 4=Admin): " PRIV_LEVEL
if ! [[ "$PRIV_LEVEL" =~ ^[1-4]$ ]]; then
error "Invalid privilege level. Must be 1-4"
return 1
fi
log "Creating user $USERNAME with ID $NEXT_ID..."
$IPMITOOL_CMD user set name $NEXT_ID "$USERNAME"
$IPMITOOL_CMD user set password $NEXT_ID
$IPMITOOL_CMD user enable $NEXT_ID
$IPMITOOL_CMD user priv $NEXT_ID $PRIV_LEVEL 1
$IPMITOOL_CMD channel setaccess 1 $NEXT_ID callin=on ipmi=on link=on privilege=$PRIV_LEVEL
success "User $USERNAME created with ID $NEXT_ID"
fi
}
# Function to apply security hardening
configure_security() {
log "Applying security hardening..."
log "Configuring strong authentication..."
$IPMITOOL_CMD lan set 1 auth admin md5
$IPMITOOL_CMD lan set 1 auth operator md5
$IPMITOOL_CMD lan set 1 auth user md5
log "Restricting cipher suites..."
$IPMITOOL_CMD lan set 1 cipher_privs XXXXXXXXXXXXXXXa
log "Configuring ARP settings..."
$IPMITOOL_CMD lan set 1 arp respond on
$IPMITOOL_CMD lan set 1 arp generate on
$IPMITOOL_CMD lan set 1 arp interval 2
read -p "Disable SOL (Serial Over LAN)? (y/n): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
$IPMITOOL_CMD sol set enabled false 1
success "SOL disabled"
fi
log "Checking SEL for security events..."
$IPMITOOL_CMD sel list | grep -i -E "auth|login|user|password" || echo "No authentication-related events found"
success "Security hardening applied"
}
# Function to monitor sensors
monitor_sensors() {
log "Starting sensor monitoring..."
TEMP_FILE=$(mktemp)
log "Initial sensor readings:"
$IPMITOOL_CMD sensor list | grep -E "Temp|Fan|Power|Voltage"
log "Monitoring sensors continuously (Press Ctrl+C to stop)..."
trap 'rm -f $TEMP_FILE; echo -e "\nMonitoring stopped.";' INT TERM EXIT
while true; do
$IPMITOOL_CMD sensor list > "$TEMP_FILE"
CRITICAL_COUNT=$(grep -c -v "ok\|Disabled\|na" "$TEMP_FILE" || true)
if [ "$CRITICAL_COUNT" -gt 0 ]; then
warning "Found $CRITICAL_COUNT sensor(s) with non-ok status:"
grep -v "ok\|Disabled\|na" "$TEMP_FILE"
echo "[$(date '+%Y-%m-%d %H:%M:%S')] CRITICAL SENSOR ALERT" >> /tmp/bmc_sensor_alerts.log
fi
echo -e "\n[$(date '+%Y-%m-%d %H:%M:%S')] Sensor Status:"
grep -E "Temp|Fan|Power|Voltage" "$TEMP_FILE" | grep -v "ok\|Disabled\|na" || echo "All monitored sensors OK"
sleep 30
done
}
# Main execution
main() {
log "Starting BMC configuration script..."
if [ "$LOCAL_ACCESS" = false ]; then
if ! test_connectivity; then
exit 1
fi
else
log "Using local access mode"
fi
if [ "${VIEW_STATUS:-}" = true ]; then
view_bmc_status
fi
if [ "${CONFIGURE_NETWORK:-}" = true ]; then
configure_network
fi
if [ "${CONFIGURE_USERS:-}" = true ]; then
configure_users
fi
if [ "${CONFIGURE_SECURITY:-}" = true ]; then
configure_security
fi
if [ "${MONITOR_SENSORS:-}" = true ]; then
monitor_sensors
fi
if [ -z "${CONFIGURE_NETWORK:-}${CONFIGURE_USERS:-}${CONFIGURE_SECURITY:-}${MONITOR_SENSORS:-}${VIEW_STATUS:-}" ]; then
log "No specific action requested. Showing menu:"
echo "1. View BMC Status"
echo "2. Configure Network"
echo "3. Configure Users"
echo "4. Apply Security Hardening"
echo "5. Monitor Sensors"
echo "6. Exit"
read -p "Select an option (1-6): " OPTION
case $OPTION in
1) view_bmc_status ;;
2) configure_network ;;
3) configure_users ;;
4) configure_security ;;
5) monitor_sensors ;;
6) exit 0 ;;
*) error "Invalid option" ;;
esac
fi
success "BMC configuration script completed"
}
main "$@"Script Usage Examples
# Local access - view status
./bmc-config.sh --local --view-status
# Remote access - configure network
./bmc-config.sh -h 192.168.1.100 -u admin -p password --configure-network
# Remote access - apply security hardening
./bmc-config.sh -h 192.168.1.100 -u admin --configure-security
# Monitor sensors continuously
./bmc-config.sh -h 192.168.1.100 -u admin -p password --monitor-sensorsFurther Reading
- IPMI Specification: Intel IPMI 2.0 Specification
- ipmitool Manual:
man ipmitool - Vendor Documentation: Dell iDRAC, HPE iLO, Supermicro IPMI, Lenovo XClarity Controller
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
