search

HewlettPackard / PowerShell-ProLiant-SDK

PowerShell sample scripts for managing HPE servers
https://www.hpe.com/servers/powershell
90 stars 42 forks source link

enable/disable-HPEiLOSecurityDashboardSetting in HPEiLOCmdlets 4.0.0.0 missing SNMPv1 #85

Closed klaspihl closed 1 year ago

klaspihl commented 1 year ago

Issue

Version 4.0.0.0 of HPEiLOCmdlets lacking function to handle "Information - Security Dashboard" settings on 'SNMPv1'

Commandlets

Logs

Module version

PS C:\scripts> Get-Module HPEiLOCmdlets

ModuleType Version    Name
---------- -------    ----
Binary     4.0.0.0    HPEiLOCmdlets

Server model and firmware

PS C:\scripts> $connectioniLO.TargetInfo

ProductName        : ProLiant DL360 Gen10
ServerFamily       : ProLiant
ServerGeneration   : Gen10
ServerModel        : DL360
iLOGeneration      : iLO5
iLOFirmwareVersion : 2,78
SystemROM          : U32 v2.66 (05/17/2022)
ProcessorName      : Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz

Current settings / available in Web GUI

PS C:\scripts> (Get-HPEiLOSecurityDashboardInfo -Connection $connectioniLO ).SecurityParameters | Select-Object Name,State,Ignore

Name                           State    Ignore
----                           -----    ------
Security Override Switch       Off        True
IPMI/DCMI Over LAN             Disabled   True
Minimum Password Length        Ok         True
Require Login for iLO RBSU     Disabled   True
Authentication Failure Logging Enabled    True
Secure Boot                    Disabled   True
Password Complexity            Disabled   True
Require Host Authentication    Disabled   True
Default SSL Certificate In Use False      True
Last Firmware Scan Result      Ok         True
SNMPv1                         Enabled   False

Possible parameters to commandlet.

PS C:\scripts> get-help enable-HPEiLOSecurityDashboardSetting -Parameter ignore* | Select-Object Name

name
----
IgnoreSecurityOverrideSwitch
IgnoreSecureBoot
IgnorePasswordComplexity
IgnoreIPMIDCMIOverLAN
IgnoreMinimumPasswordLength
IgnoreRequireLoginforiLORBSU
IgnoreAuthenticationFailureLogging
IgnoreLastFirmwareScanResult
IgnoreRequireHostAuthentication
IgnoreDefaultSSLInUse
hp-powershell commented 1 year ago

Hi

Thanks for writing to us . Below cmdlet is used for the purpose described above .

Disable SNMPv1 Alerts and Requests

Set-HPEiLOSNMPAlertSetting -Connection $iLO_Connection -SNMPv1Trap Disabled -SNMPv1Enabled Disabled

Thanks & Regards, Powershell Team

klaspihl commented 1 year ago

Hi

Thanks for writing to us . Below cmdlet is used for the purpose described above .

Disable SNMPv1 Alerts and Requests

Set-HPEiLOSNMPAlertSetting -Connection $iLO_Connection -SNMPv1Trap Disabled -SNMPv1Enabled Disabled

Thanks & Regards, Powershell Team

@hp-powershell Your suggested solution disables the SNMPv1 deamon in “Management – SNMP Settings”

SNMP v1/v2 is needed for the monitoring of server health. The issue is that the “Security Dashboard” is red complaining that “Overall Security Status : Risk” because SNMPv1 is enabled.

The issue is how to ignore SNMPv1 security parameter like the other parameters in the security dashboard.