This is ridiculously stupid.<p>First, your ipmi interface shouldn't be on the internet.<p>Second, of course these will identify as Linux - you wouldn't run Windows in your ipmi server.<p>Third, encrypt your bootloader with a passphrase?! Good luck with that, and dealing with each software and hardware issue getting you out of bed.<p>Here's a better idea - put your ipmi interface behind a hardware VPN on its own blank and sleep soundly.<p>This is awful advice from an awful website.
Useless article - you could replace "IPMI" by "SSH".<p>Also, password-protecting GRUB won't do much. An attacker can just boot to a small rescue ISO (you can change the boot order via IPMI even if there's a BIOS password - if your IPMI is owned, you lost).
I am super confused here. Is there a particular vendors brand of IPMI that is compromised or being targeted? What does this have to do with Linux?<p>My SuperMicro server has IPMI. My Linux does not, unless you count SSH, which wouldn't make any dang sense.
Some cloud providers got this right; some didn't exactly...<p>Had a few Hetzner baremetal dell servers with iDrac/IPMI exposed to the world. It did have a good password.<p>Softlayer/IBM makes me login to a VPN to get into IPMI<p>(at least for me)<p>Exposing IPMI on the internet is stupid easy; just as it is stupid. It's the lazyness of hey I need to be able to get into the KVM console and i'm working at home today...<p>For example.
IPMI implementations seems to be a mess in general<p>Mathew Garret did an excellent presentation on the security horrors he faced with IPMI : <a href="https://www.youtube.com/watch?v=GZeUntdObCA" rel="nofollow">https://www.youtube.com/watch?v=GZeUntdObCA</a><p>Does anyone know if RedFish implementations have a better track record ?
Can't find any details on this, the details provided don't paint a clear picture. Best I can guess is they are referring to implementations that support virtual kvm access: Gain control of ipmi user, issue power cycle command, use virtual kvm to take control of system on reboot.