Dell Drac 5 User Guide
Here you can view all the pages of manual Dell Drac 5 User Guide. The Dell manuals for System are available online for free. You can easily download all the documents as PDF.
Page 221
Configuring Security Features221 NOTE: SSHv1 is not supported. Configuring Services NOTE: To modify these settings, you must have Configure DRAC 5 permission. Additionally, the remote RACADM command-line utility can only be enabled if the user is logged in as root. 1Expand the System tree and click Remote Access. 2Click the Configuration tab and then click Services. 3 Configure the following services as required: • Local Configuration (Table 12-7) • Web server (Table 12-8) • SSH (Table 12-9) Table...
Page 222
222Configuring Security Features • Telnet (Table 12-10) • Remote RACADM (Table 12-11) • SNMP agent (Table 12-12) • Automated System Recovery Agent (Table 12-13) Use the Automated Systems Recovery Agent to enable the Last Crash Screen functionality of the DRAC 5. NOTE: Server Administrator must be installed with its Auto Recovery feature activated by setting the Action to either: Reboot System, Power Off System, orPower Cycle System, for the Last Crash Screen to function in the DRAC 5. 4Click Apply...
Page 223
Configuring Security Features223 TimeoutThe time in seconds that a connection is allowed to remain idle. The session is cancelled when the timeout is reached. Changes to the timeout setting do not affect the current session. When you change the timeout setting, you must log out and log in again to make the new setting effective. Timeout range is 60 to 1920 seconds. HTTP Port NumberThe port used by the DRAC that listens for a server connection. The default setting is 80. HTTPS Port NumberThe port...
Page 224
224Configuring Security Features Active SessionsThe number of current sessions on the system, less than or equal to the Max Sessions. TimeoutThe Secure Shell idle timeout, in seconds. Range = 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default setting is 0. Po r t N u m b e rThe port used by the DRAC that listens for a server connection. The default setting is 23. Table 12-11. Remote RACADM Settings Setting Description EnabledEnables or disables remote RACADM. Checked=...
Page 225
Configuring Security Features225 Enabling Additional DRAC 5 Security Options To prevent unauthorized access to your remote system, the DRAC 5 provides the following features: • IP address filtering (IPRange) — Defines a specific range of IP addresses that can access the DRAC 5. • IP address blocking — Limits the number of failed login attempts from a specific IP address These features are disabled in the DRAC 5 default configuration. Use the following subcommand or the Web-based interface to enable...
Page 226
226Configuring Security Features The login proceeds if the following expression equals zero: cfgRacTuneIpRangeMask & ( ^ cfgRacTuneIpRangeAddr) where & is the bitwise AND of the quantities and ^ is the bitwise exclusive-OR. See DRAC 5 Property Database Group and Object Definitions on page 345 for a complete list of cfgRacTune properties. Enabling IP Filtering Below is an example command for IP filtering setup. See Using RACADM Remotely on page 78 for more information about RACADM and RACADM commands....
Page 227
Configuring Security Features227 To restrict the login to a single IP address (for example, 192.168.0.57), use the full mask, as shown below. racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.57 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255 To restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask,...
Page 228
228Configuring Security Features IP Blocking IP blocking dynamically determines when excessive login failures occur from a particular IP address and blocks (or prevents) the address from logging into the DRAC 5 for a preselected time span. The IP blocking parameter uses cfgRacTuning group features that include: • The number of allowable login failures • The timeframe in seconds when these failures must occur • The amount of time in seconds when the guilty IP address is prevented from establishing a...
Page 229
Configuring Security Features229 Enabling IP Blocking The following example prevents a client IP address from establishing a session for five minutes if that client has failed its five login attempts in a one-minute period of time. racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailCount 5 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailWindows 60 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkPenaltyTime 300 The following example...
Page 230
230Configuring Security Features Configuring the Network Security Settings Using the DRAC 5 GUI NOTE: You must have Configure DRAC 5 permission to perform the following steps. 1In the System tree, click Remote Access. 2Click the Configuration tab and then click Network. 3In the Network Configuration page, click Advanced Settings. 4In the Network Security page, configure the attribute values and then click Apply Changes. Table 12-17 describes the Network Security page settings. 5Click the appropriate...