Maniphest T207328

es2017 and es2019 have an idrac ethernet interface in Linux
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	BBlack
	Oct 17 2018, 8:25 PM

Description

I was surveying some data on all the ethernet adapters in our fleet, and stumbled across these two oddball exceptions. Both es2017 and es2019 have a special ethernet device configured in Linux as device idrac with driver cdc_ether.

I think this comes from some kind of BIOS setting about "iDRAC Ethernet Passthrough to OS", which lets the OS use/see the management ethernet via some virtual USB network driver. It's probably not causing an issue yet, but it seems non-standard (these are the only two in the whole fleet) and might not be great security practice either in that it provides a pathway into the management network.

Event Timeline

BBlack created this task.Oct 17 2018, 8:25 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 17 2018, 8:25 PM

OK, you were right about the cause. I addressed the symptom, which was to go into iDRAC's web interface, and under Overview > iDRAC Settings > Network > OS to iDRAC Pass-through, and select Disabled.

This showed up in dmesg next:

[5517863.916720] usb 1-1.6.3: USB disconnect, device number 4
[5517863.916805] cdc_ether 1-1.6.3:1.0 idrac: unregister 'cdc_ether' usb-0000:00:1a.0-1.6.3, CDC Ethernet Device

…and then for good measure/consistency, I rmmod cdc_ether usbnet.

The underlying cause is that we don't really have consistent (= automated) iDRAC and BIOS settings across the fleet. This is on our longer-term roadmap, but no ETA yet...

es2017 and es2019 have an idrac ethernet interface in LinuxClosed, ResolvedPublicActions

Description

Event Timeline

es2017 and es2019 have an idrac ethernet interface in Linux
Closed, ResolvedPublic
Actions