Contribute on GitHub

Swiss Secure IPMI Firmware

Is IPMI a Sinking Ship?

  • Find IPMI Firmware insecure?
  • Find IPMI Firmware unreliable?
  • Afraid a virus takes out all your IPMI hosts?
  • Don't trust to hook up your IPMI to the Internet, but just have a single network port from the ISP and no special VLAN or other way to connect through it?
  • Don't trust everybody on the management VLAN?
  • Vendors not updating the vulnerable software on your IPMIs?

Then you might feel much happier with Swiss Secure IPMI Firmware (SS IPMI or ssipmi for easier typing/googling).

Goals of this project

  • Create an IPMI firmware construction kit: select list of packages and build a new firmware
  • Debian-based thus ensuring security updates
  • Provide firmware images for most common IPMI devices
  • Ability to set proper IPv4 and IPv6 firewall rules on the device
  • Proper Security Tracking and notification
  • Ability to run for instance OpenVPN on your IPMI device, allowing secure/crypted access
  • Manageability just like any other Linux host (eg with Puppet / Chef / etc)
  • Integration with Observium, Nagios, Icinga and other monitoring tools.