Limiting in-band OS access to Supermicro BMC (AST2500) possible?

security ipmi supermicro bmc

Short answer: I am not aware of a BMC setting telling it "disable all in-band access", but I really doubt it exists or it can be useful at all

Long answer: While your question is interesting, please note that if someone gained root privileges your server is irrecoverably compromised, so you can not trust it anymore. After all, root is able to not only reset the BMC password, but to also reflash it, rewrite the mainboard BIOS/UEFI and updating the firmware of other add-on cards (ie: RAID controllers).

All of that can be accomplished by standard low-level interfaces (I2C, DMI, IPMI, etc.) which the linux kernel natively supports. Removing the corresponding modules/code will not work, as a bad actor having root privileges can install and reboot a patched kernel.

Related

ansible registering variable outputs undefined variable
How do I redirect a URL with special (%C2%A0) characters in Nginx
"just in time" filesystem using inotifywait and mkfifo
vshpere wget: bad address 'releases.ubuntu.com'
How to emulate mouse right-click in Microsoft Remote Desktop?
How do I get different colors for directories, etc. in iTerm2?
PuTTY Equivalent for Mac
Using Bluetooth speaker and headphone jack simultaneously
My external monitor doesn't work at full resolution with my MacBook
How do you prepare or secure your Mac for the possibility of being stolen?
How to delete all photos from the iOS 7 camera roll WITHOUT importing them?
What does the "i" in Apple product names mean?