Increased IPMI security by deleting the ADMIN and Anonymous accounts?

Status
Not open for further replies.
guermantes

guermantes

Patron
Joined
Sep 27, 2017
Messages
213
Question as in title. I have already changed the passwords for ADMIN and Anonymous to the maximum 20 character jibberish. Would I do better deleting the accounts altogether and setup another administrator user with a different name? Or might there be a backlash down the line for doing so?

I know it is very advisable to block IPMI access from outside my LAN, but I have not got around to do that yet, so the above would be a measure in the meantime.

EDIT: I am asking because I read this and they did not propose deleting the Anonymous account (just setting it to No Access and changing password).
 
Last edited:
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
guermantes said:
I know it is very advisable to block IPMI access from outside my LAN, but I have not got around to do that yet, so the above would be a measure in the meantime.
Click to expand...
I guess deleting the ADMIN and Anonymous accounts would be better than nothing, but why is your IPMI accessible from the Internet? And what else is? Your FreeNAS box should be behind a firewall.
 
guermantes

guermantes

Patron
Joined
Sep 27, 2017
Messages
213
@danb35 Actually I don't think it is, I have installed using default settings and have no intention of opening things to the internet. Though, this is my first venture in NAS territory (have no hard drives yet, just the OS running...getting acquainted), so I don't really feel competent yet verifying if installing left something open or not. At the moment everything sits behind my router firewall and I have not port-forwarded anything, so my gut feeling is that it isn't open to the internet. I will want to verify this in the future though.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
guermantes said:
At the moment everything sits behind my router firewall and I have not port-forwarded anything, so my gut feeling is that it isn't open to the internet.
Click to expand...
Your gut is most likely right.
 
droeders

droeders

Contributor
Joined
Mar 21, 2016
Messages
179
guermantes said:
Question as in title. I have already changed the passwords for ADMIN and Anonymous to the maximum 20 character jibberish. Would I do better deleting the accounts altogether and setup another administrator user with a different name? Or might there be a backlash down the line for doing so?
Click to expand...

I tried to delete the IPMI ADMIN account on one of my SM boards and it wouldn't allow it. Not sure which one I tried it on, but it's either an X9, X11, or Xeon-D board.
 
Status
Not open for further replies.

Similar threads

J
  • Locked
FreeNAS 8.2.0-BETA2 released
Replies
11
Views
11K
William Grzybowski
William Grzybowski
J
  • Locked
FreeNAS 8.2.0-BETA3 is now available
2
Replies
27
Views
19K
Gnome
G
J
  • Locked
FreeNAS 8.2.0-RC1
2
Replies
21
Views
12K
nogi
nogi
Daisuke
Bluefin Recommended Settings and Optimizations
2 3 4 5
Replies
94
Views
49K
Mark_the_Red
M
jyavenard
  • Locked
New build: benchmarks and reviews...
2
Replies
27
Views
9K
Johhhn
Johhhn
Top