ipmitool批量验证BMC密码且修改密码
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ipmitool批量验证BMC密码且修改密码相关的知识,希望对你有一定的参考价值。
需求:扫描出现有服务器的BMC管理帐号,修改唯一管理帐号
工具:ipmitool-1.8.11-20.el6.x86_64
系统:CentOS release 6.6 (Final)
1,通过yum搜索ipmitool安装源
[[email protected]]# yum search ipmitool 已加载插件:fastestmirror, security Determining fastest mirrors CentOS | 3.3 kB 00:00 JD-APP | 3.3 kB 00:00 epel | 4.3 kB 00:00 updates | 3.4 kB 00:00 =========================================== N/S Matched: ipmitool ============================================ ipmitool.x86_64 : Utility for IPMI control Name and summary matches only, use "search all" for everything.
2,通过yum安装ipmitool
[[email protected]]# yum install ipmitool 已加载插件:fastestmirror, security 设置安装进程 Loading mirror speeds from cached hostfile 解决依赖关系 --> 执行事务检查 ---> Package ipmitool.x86_64 0:1.8.11-20.el6 will be 升级 ---> Package ipmitool.x86_64 0:1.8.11-21.el6 will be an update --> 完成依赖关系计算 依赖关系解决 ============================================================================================================== 软件包 架构 版本 仓库 大小 ============================================================================================================== 正在升级: ipmitool x86_64 1.8.11-21.el6 updates 463 k 事务概要 ============================================================================================================== Upgrade 1 Package(s) 总下载量:463 k 确定吗?[y/N]:y
3,将机器的BMC IP、用户名以及所有可能的密码输入trypwd_ip.csv文件中 通过,号隔离
IP,user,password1,password2,password3 10.22.88.12,jdroot,5t^Y7u*I,123456789,calvin 10.22.88.15,jdroot,5t^Y7u*I,123456789,calvin 10.22.88.11,jdroot,5t^Y7u*I,123456789,calvin 10.22.88.17,jdroot,5t^Y7u*I,123456789,calvin
4,编写测试密码脚本trypwd_outband.sh
#!/bin/bash VERSION=0.0.2 MODIFY_DATE=20170514 echo "Tool Version:$VERSION($MODIFY_DATE)" function printHelp() { printVersion echo "Usage:./trypwd_outband.sh -i ipFile ipFile is bmc machine info file include ip username and wanted several password, which interseted by comma all machine password output to bmcpwd.csv " } function judgeIpActive() { ping $1 -c 1 > /dev/null 2>&1 if [ $? -ne 0 ] then echo "ip:$IP_ADDR not available" return 1 fi echo "ip:$IP_ADDR is available" return 0 } function checkpwd() { sleep 20 result=`ipmitool -H $IP_ADDR -U $USER_NAME -P $USER_PASSWD -I lanplus user list >/dev/null 2>&1` if [ $? -ne 0 ] then return 1 fi return 0 } case $1 in -h|--help) printHelp exit 0 ;; esac while getopts ":i:" opt do case $opt in i) IP_FILE=$OPTARG echo "ip file is "$IP_FILE ;; *) echo "argument error" exit 1;; esac done if [ ${#IP_FILE} -eq 0 ] then echo "please assign ip file. detail info check -h" exit 0 fi echo "Ip,User,PassWord-TryResult" > trypwd_result.csv for LINE in `cat $IP_FILE`; do { if [[ $LINE =~ "IP,user," ]] then echo "skip first line" continue fi if [ ${#LINE} -lt 10 ] then continue fi row=1 IP_ADDR=`echo $LINE | awk -F, ‘{print $‘$row‘}‘` judgeIpActive $IP_ADDR if [ $? -ne 0 ] then echo "ip:$IP_ADDR not available">>trypwd_result.csv continue fi let row++ USER_NAME=`echo $LINE | awk -F, ‘{print $‘$row‘}‘` while true do let row++ USER_PASSWD="" USER_PASSWD=`echo $LINE | awk -F, ‘{print $‘$row‘}‘ | sed ‘s/\r//g‘` if [ ${#USER_PASSWD} -gt 0 ] then array_Passwd[$row-3]=$USER_PASSWD checkpwd if [ $? -ne 0 ] then array_Result[$row-3]="fail" echo "$IP_ADDR,$USER_NAME,$USER_PASSWD,fail" else array_Result[$row-3]="success" echo "$IP_ADDR,$USER_NAME,$USER_PASSWD,success" fi else break fi done echo -n "$IP_ADDR,$USER_NAME," >> trypwd_result.csv count=${#array_Passwd[@]} for((i=1; $i<=$count; i++)) do echo -n "${array_Passwd[$i-1]}-${array_Result[$i-1]};">>trypwd_result.csv done unset array_Passwd unset array_Result echo "">>trypwd_result.csv } done wait echo "all machine try password over"
4,将trypwd_ip.csv和trypwd_outband.sh文件拷贝到同一目录下,执行“chmod +x trypwd_outband.sh”给脚本添加可执行权限;
5,执行”./trypwd_outband –i trypwd_ip.csv”
[[email protected]# ./trypwd_outband.sh -i trypwd_ip.csv Tool Version:0.0.2(20170514) ip file is trypwd_ip.csv skip first line ip:10.22.88.12 is available 10.22.88.12,jdroot,5t^Y7u*I,success 10.22.88.12,jdroot,123456789,fail 10.22.88.12,jdroot,calvin,fail ip:10.22.88.15 is available 10.22.88.15,jdroot,5t^Y7u*I,success 10.22.88.15,jdroot,123456789,fail 10.22.88.15,jdroot,calvin,fail ip:10.22.88.11 is available 10.22.88.11,jdroot,5t^Y7u*I,success 10.22.88.11,jdroot,123456789,fail 10.22.88.11,jdroot,calvin,fail ip:10.22.88.17 is available 10.22.88.17,jdroot,5t^Y7u*I,success 10.22.88.17,jdroot,123456789,fail 10.22.88.17,jdroot,calvin,fail all machine try password over
6,脚本运行结束后,会输出trypwd_result.csv文件;
Ip,User,PassWord-TryResult 10.22.88.12,jdroot,5t^Y7u*I-success;123456789-fail;calvin-fail; 10.22.88.15,jdroot,5t^Y7u*I-success;123456789-fail;calvin-fail; 10.22.88.11,jdroot,5t^Y7u*I-success;123456789-fail;calvin-fail; 10.22.88.17,jdroot,5t^Y7u*I-success;123456789-fail;calvin-fail;
7,整理recoverpwd_ip.csv文件,第一列为IP,第二列为待修改用户ID的用户名,第三列为待更改密码;
10.22.88.12,jdroot,5t^Y7u*I 10.22.88.15,jdroot,5t^Y7u*I 10.22.88.11,jdroot,5t^Y7u*I 10.22.88.17,jdroot,5t^Y7u*I
8,编写recoverpwd_outband.sh执行修改 注:SIMPLE_PASSWD="原密码"
#!/bin/bash VERSION=0.0.1 MODIFY_DATE=20170512 SIMPLE_PASSWD="admin" echo "Tool Version:$VERSION($MODIFY_DATE)" function printHelp() { printVersion echo "Usage:./recoverpwd_outband.sh -i ipFile ipFile is bmc machine info file include ip username and wanted password, which interseted by comma all machine log is recoverpwd_resule.txt which record change result this scripts purpose is recover simple password ‘admin‘ to password user wanted one which record in ipFile " } function getuid() { USER_ID="" USER_ID=`ipmitool -H $IP_ADDR -U $USER_NAME -P $SIMPLE_PASSWD -I lanplus user list | grep " $USER_NAME " | awk ‘{print $1}‘` if [ -z $USER_ID ] then return 1 fi return 0 } function changepwd() { result=`ipmitool -H $IP_ADDR -U $USER_NAME -P $SIMPLE_PASSWD -I lanplus user set password $USER_ID $USER_PASSWD` if [ $? -ne 0 ] then return 1 fi return 0 } function checkpwd() { result=`ipmitool -H $IP_ADDR -U $USER_NAME -P $USER_PASSWD -I lanplus user list` if [ $? -ne 0 ] then return 1 fi return 0 } case $1 in -h|--help) printHelp exit 0 ;; esac while getopts ":i:" opt do case $opt in i) IP_FILE=$OPTARG echo "ip file is "$IP_FILE ;; *) echo "argument error" exit 1;; esac done if [ ${#IP_FILE} -eq 0 ] then echo "please assign ip file. detail info check -h" exit 0 fi for LINE in `cat $IP_FILE`; do { if [ ${#LINE} -lt 10 ] then exit 0; fi IP_ADDR=`echo $LINE | awk -F, ‘{print $1}‘` USER_NAME=`echo $LINE | awk -F, ‘{print $2}‘` USER_PASSWD=`echo $LINE | awk -F, ‘{print $3}‘ | sed ‘s/\r//g‘` echo $IP_ADDR echo $USER_NAME echo $USER_PASSWD echo "$IP_ADDR is revocering ${USER_NAME}‘s password..." getuid if [ $? -ne 0 ] then echo "$IP_ADDR: get uid error, recover password fail" >> recoverpwd_result.txt echo "$IP_ADDR: get uid error, recover password fail" exit 0 fi changepwd if [ $? -ne 0 ] then echo "$IP_ADDR: change password error, recover password fail" >> recoverpwd_result.txt echo "$IP_ADDR: change password error, recover password fail" exit 0 fi checkpwd if [ $? -ne 0 ] then echo "$IP_ADDR: check password error, recover password fail" >> recoverpwd_result.txt echo "$IP_ADDR: check password error, recover password fail" exit 0 fi echo "$IP_ADDR recover password success" >> recoverpwd_result.txt echo "$IP_ADDR recover password success" }& done wait echo "all machine recover password over"
9,将ip.csv和recoverpwd_outband.sh文件拷贝到同一目录下, 执行“chmod +x recoverpwd_outband.sh”,给脚本添加可执行权限;
10,执行”./recoverpwd_outband –i ip.csv”;
[[email protected]# ./reoverpwd_outband.sh -i ip.csv Tool Version:0.0.1(20170512) ip file is ip.csv 10.22.88.11 jdroot 5t^Y7u*I 10.22.88.11 is revocering jdroot‘s password... 10.22.88.15 jdroot 5t^Y7u*I 10.22.88.15 is revocering jdroot‘s password... 10.22.88.17 jdroot 5t^Y7u*I 10.22.88.17 is revocering jdroot‘s password... 10.22.88.12 jdroot 5t^Y7u*I 10.22.88.12 is revocering jdroot‘s password... 10.22.88.17 recover password success 10.22.88.15 recover password success 10.22.88.11 recover password success 10.22.88.12 recover password success all machine recover password over
11,脚本运行结束后会生成recoverpwd_result.txt文件,显示成功情况;
10.22.88.17 recover password success 10.22.88.15 recover password success 10.22.88.11 recover password success 10.22.88.12 recover password success
以上是关于ipmitool批量验证BMC密码且修改密码的主要内容,如果未能解决你的问题,请参考以下文章