ipmitool批量验证BMC密码且修改密码

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ipmitool批量验证BMC密码且修改密码相关的知识,希望对你有一定的参考价值。

需求:扫描出现有服务器的BMC管理帐号,修改唯一管理帐号

工具:ipmitool-1.8.11-20.el6.x86_64

系统:CentOS release 6.6 (Final)

1,通过yum搜索ipmitool安装源

[[email protected]]# yum search ipmitool
已加载插件:fastestmirror, security
Determining fastest mirrors
CentOS                                                                                 | 3.3 kB     00:00     
JD-APP                                                                                 | 3.3 kB     00:00     
epel                                                                                   | 4.3 kB     00:00     
updates                                                                                | 3.4 kB     00:00     
=========================================== N/S Matched: ipmitool ============================================
ipmitool.x86_64 : Utility for IPMI control

Name and summary matches only, use "search all" for everything.

2,通过yum安装ipmitool

[[email protected]]# yum install ipmitool
已加载插件:fastestmirror, security
设置安装进程
Loading mirror speeds from cached hostfile
解决依赖关系
--> 执行事务检查
---> Package ipmitool.x86_64 0:1.8.11-20.el6 will be 升级
---> Package ipmitool.x86_64 0:1.8.11-21.el6 will be an update
--> 完成依赖关系计算

依赖关系解决

==============================================================================================================
 软件包                   架构                   版本                           仓库                     大小
==============================================================================================================
正在升级:
 ipmitool                 x86_64                 1.8.11-21.el6                  updates                 463 k

事务概要
==============================================================================================================
Upgrade       1 Package(s)

总下载量:463 k
确定吗?[y/N]:y

3,将机器的BMC IP、用户名以及所有可能的密码输入trypwd_ip.csv文件中 通过,号隔离

IP,user,password1,password2,password3
10.22.88.12,jdroot,5t^Y7u*I,123456789,calvin
10.22.88.15,jdroot,5t^Y7u*I,123456789,calvin
10.22.88.11,jdroot,5t^Y7u*I,123456789,calvin
10.22.88.17,jdroot,5t^Y7u*I,123456789,calvin

4,编写测试密码脚本trypwd_outband.sh

#!/bin/bash
VERSION=0.0.2
MODIFY_DATE=20170514
echo "Tool Version:$VERSION($MODIFY_DATE)"
function printHelp()
{
    printVersion
    echo "Usage:./trypwd_outband.sh -i ipFile
      ipFile is bmc machine info file include ip username and wanted several password,
      which interseted by comma
      all machine password output to bmcpwd.csv 
"
}
function judgeIpActive()
{
    ping $1 -c 1 > /dev/null 2>&1
    if [ $? -ne 0 ]
    then
        echo "ip:$IP_ADDR not available"
        return 1
    fi
    echo "ip:$IP_ADDR is available"
    return 0
}
function checkpwd()
{
    sleep 20
    result=`ipmitool -H $IP_ADDR -U $USER_NAME -P $USER_PASSWD -I lanplus user list >/dev/null 2>&1`
    if [ $? -ne 0 ]
    then
        return 1
    fi
    return 0
}
case $1 in
            -h|--help)
            printHelp
            exit 0
                ;;
    esac
while getopts ":i:" opt
do
    case $opt in
        i)
            IP_FILE=$OPTARG
            echo "ip file is "$IP_FILE
            ;;
        *) 
            echo "argument error"
            exit 1;;
    esac
done
if [ ${#IP_FILE} -eq 0 ]
then
    echo "please assign ip file. detail info check -h"
    exit 0
fi
echo "Ip,User,PassWord-TryResult" > trypwd_result.csv
for LINE in `cat $IP_FILE`;
do
{
    if [[ $LINE =~ "IP,user," ]]
    then
        echo "skip first line"
        continue
    fi
    if [ ${#LINE} -lt 10 ]
    then
        continue
    fi
    row=1
    IP_ADDR=`echo $LINE | awk -F, {print $$row}`
    judgeIpActive $IP_ADDR
    if [ $? -ne 0 ]
    then
        echo "ip:$IP_ADDR not available">>trypwd_result.csv
        continue
    fi
    let row++
    USER_NAME=`echo $LINE | awk -F, {print $$row}`
    while true
    do
        let row++
        USER_PASSWD=""
        USER_PASSWD=`echo $LINE  | awk -F, {print $$row} | sed s/\r//g`
        if [ ${#USER_PASSWD} -gt 0 ]
        then
            array_Passwd[$row-3]=$USER_PASSWD
            checkpwd
            if [ $? -ne 0 ]
            then
                array_Result[$row-3]="fail"
                echo "$IP_ADDR,$USER_NAME,$USER_PASSWD,fail"
            else
                array_Result[$row-3]="success"
                echo "$IP_ADDR,$USER_NAME,$USER_PASSWD,success"
            fi
        else
            break
        fi
    done
    echo -n "$IP_ADDR,$USER_NAME," >> trypwd_result.csv
    count=${#array_Passwd[@]}
    for((i=1; $i<=$count; i++))
    do
        echo -n "${array_Passwd[$i-1]}-${array_Result[$i-1]};">>trypwd_result.csv
    done
    unset array_Passwd
    unset array_Result
    echo "">>trypwd_result.csv
}
done
wait
echo "all machine try password over"

4,将trypwd_ip.csv和trypwd_outband.sh文件拷贝到同一目录下,执行“chmod +x trypwd_outband.sh”给脚本添加可执行权限;

5,执行”./trypwd_outband –i trypwd_ip.csv”

[[email protected]# ./trypwd_outband.sh -i trypwd_ip.csv 
Tool Version:0.0.2(20170514)
ip file is trypwd_ip.csv
skip first line
ip:10.22.88.12 is available
10.22.88.12,jdroot,5t^Y7u*I,success
10.22.88.12,jdroot,123456789,fail
10.22.88.12,jdroot,calvin,fail
ip:10.22.88.15 is available
10.22.88.15,jdroot,5t^Y7u*I,success
10.22.88.15,jdroot,123456789,fail
10.22.88.15,jdroot,calvin,fail
ip:10.22.88.11 is available
10.22.88.11,jdroot,5t^Y7u*I,success
10.22.88.11,jdroot,123456789,fail
10.22.88.11,jdroot,calvin,fail
ip:10.22.88.17 is available
10.22.88.17,jdroot,5t^Y7u*I,success
10.22.88.17,jdroot,123456789,fail
10.22.88.17,jdroot,calvin,fail
all machine try password over

6,脚本运行结束后,会输出trypwd_result.csv文件;

Ip,User,PassWord-TryResult
10.22.88.12,jdroot,5t^Y7u*I-success;123456789-fail;calvin-fail;
10.22.88.15,jdroot,5t^Y7u*I-success;123456789-fail;calvin-fail;
10.22.88.11,jdroot,5t^Y7u*I-success;123456789-fail;calvin-fail;
10.22.88.17,jdroot,5t^Y7u*I-success;123456789-fail;calvin-fail;

7,整理recoverpwd_ip.csv文件,第一列为IP,第二列为待修改用户ID的用户名,第三列为待更改密码;

10.22.88.12,jdroot,5t^Y7u*I
10.22.88.15,jdroot,5t^Y7u*I
10.22.88.11,jdroot,5t^Y7u*I
10.22.88.17,jdroot,5t^Y7u*I

8,编写recoverpwd_outband.sh执行修改 注:SIMPLE_PASSWD="原密码"

#!/bin/bash
VERSION=0.0.1
MODIFY_DATE=20170512
SIMPLE_PASSWD="admin"
echo "Tool Version:$VERSION($MODIFY_DATE)"
function printHelp()
{
    printVersion
    echo "Usage:./recoverpwd_outband.sh -i ipFile
      ipFile is bmc machine info file include ip username and wanted password,
      which interseted by comma
      all machine log is recoverpwd_resule.txt which record change result
      this scripts purpose is recover simple password admin to password user
      wanted one which record in ipFile
"
}
function getuid()
{
    USER_ID=""
    USER_ID=`ipmitool -H $IP_ADDR -U $USER_NAME -P $SIMPLE_PASSWD -I lanplus user list | grep " $USER_NAME " | awk {print $1}`
    if [ -z $USER_ID ]
    then
        return 1
    fi
    return 0
}
function changepwd()
{
    result=`ipmitool -H $IP_ADDR -U $USER_NAME -P $SIMPLE_PASSWD -I lanplus user set password $USER_ID $USER_PASSWD`
    if [ $? -ne 0 ]
    then
        return 1
    fi
    return 0
}
function checkpwd()
{    
    result=`ipmitool -H $IP_ADDR -U $USER_NAME -P $USER_PASSWD -I lanplus user list`
    if [ $? -ne 0 ]
    then
        return 1
    fi
    return 0
}
case $1 in
            -h|--help)
            printHelp
            exit 0
                ;;
    esac
while getopts ":i:" opt
do
    case $opt in
        i)
            IP_FILE=$OPTARG
            echo "ip file is "$IP_FILE
            ;;
        *) 
            echo "argument error"
            exit 1;;
    esac
done
if [ ${#IP_FILE} -eq 0 ]
then
    echo "please assign ip file. detail info check -h"
    exit 0
fi
for LINE in `cat $IP_FILE`;
do
{
    if [ ${#LINE} -lt 10 ]
    then
        exit 0;
    fi
    IP_ADDR=`echo $LINE | awk -F, {print $1}`
    USER_NAME=`echo $LINE | awk -F, {print $2}`
    USER_PASSWD=`echo $LINE  | awk -F, {print $3} | sed s/\r//g`
    echo $IP_ADDR
    echo $USER_NAME
    echo $USER_PASSWD
    echo "$IP_ADDR is revocering ${USER_NAME}‘s password..."
    getuid
    if [ $? -ne 0 ]
    then
        echo "$IP_ADDR: get uid error, recover password fail" >> recoverpwd_result.txt
        echo "$IP_ADDR: get uid error, recover password fail"
        exit 0
    fi
    changepwd
    if [ $? -ne 0 ]
    then
        echo "$IP_ADDR: change password error, recover password fail" >> recoverpwd_result.txt
        echo "$IP_ADDR: change password error, recover password fail"
        exit 0
    fi
    checkpwd
    if [ $? -ne 0 ]
    then
        echo "$IP_ADDR: check password error, recover password fail" >> recoverpwd_result.txt
        echo "$IP_ADDR: check password error, recover password fail"
        exit 0
    fi
    echo "$IP_ADDR recover password success" >> recoverpwd_result.txt
    echo "$IP_ADDR recover password success"
}&
done
wait
echo "all machine recover password over"

9,将ip.csv和recoverpwd_outband.sh文件拷贝到同一目录下, 执行“chmod +x recoverpwd_outband.sh”,给脚本添加可执行权限;

10,执行”./recoverpwd_outband –i ip.csv”;

[[email protected]# ./reoverpwd_outband.sh -i ip.csv 
Tool Version:0.0.1(20170512)
ip file is ip.csv
10.22.88.11
jdroot
5t^Y7u*I
10.22.88.11 is revocering jdroots password...
10.22.88.15
jdroot
5t^Y7u*I
10.22.88.15 is revocering jdroots password...
10.22.88.17
jdroot
5t^Y7u*I
10.22.88.17 is revocering jdroots password...
10.22.88.12
jdroot
5t^Y7u*I
10.22.88.12 is revocering jdroots password...
10.22.88.17 recover password success
10.22.88.15 recover password success
10.22.88.11 recover password success
10.22.88.12 recover password success
all machine recover password over

11,脚本运行结束后会生成recoverpwd_result.txt文件,显示成功情况;

10.22.88.17 recover password success
10.22.88.15 recover password success
10.22.88.11 recover password success
10.22.88.12 recover password success

 

以上是关于ipmitool批量验证BMC密码且修改密码的主要内容,如果未能解决你的问题,请参考以下文章

linux系统通过ipmitool配置服务器带外

带外管理小工具--IPMITOOL常用操作指令

linux系统下添加BMC帐号密码

2通过ipmitool工具修改IPMI的WEB密码

IPMI 配置BMC用户设置

IPMI 配置BMC用户设置