OpenBMC: BMC network security audit tool

The OpenBMC project has a new security tool!

Purpose: Provide shell scripts to expose security aspects of an operational OpenBMC system from the point of view of an agent on the BMC’s management network trying to get access. The intended use is to provide information needed to audit the BMC’s interfaces, not to perform a security test. For example, the script detects if the BMC rejects TLS 1.1 and accepts TLS 1.2. The primary value the scripts provide is a starting point for what to look at, how to get the information, and where to learn more.

See the last 2 lines of current script, they are looking for some help.

Script: https://lists.ozlabs.org/pipermail/openbmc/2020-April/021186.html

More info: https://github.com/openbmc/openbmc

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s