Lines Matching +full:webui +full:- +full:vue

3 This describes network services provided by OpenBMC-based systems, some threats
13   https://github.com/openbmc/docs/blob/master/security/how-to-report-a-security-vulnerability.md
18 - Confidentiality: If an attacker can get data from the BMC, they may be able to
21 - Integrity: If an attacker can modify BMC settings or data, they may be able to
23 - Availability: If an agent can overwhelm the BMC's resources, either by
32 - The BMC is presumed to have a network adapter. The security considerations of
35 - Network traffic then flows through the kernel, detailed below.
36 - Finally, connections flow to various OpenBMC services.
52 the `https://github.com/openbmc/meta-aspeed` repository under
53 `recipes-kernel/linux/linux-aspeed_git.bb`.
55 Per [CVE 1999-0524][], responding to certain ICMP packets can give an attacker
59 [cve 1999-0524]: https://nvd.nist.gov/vuln/detail/CVE-1999-0524
71 - Phosphor REST APIs
72 - Redfish REST API SessionService
73 - Network IPMI
74 - SSH secure shell
76 OpenBMC's [phosphor-user-manager][] provides the underlying authentication and
78 of OpenBMC services use phosphor-user-manager.
80 [phosphor-user-manager]:
81   https://github.com/openbmc/docs/blob/master/architecture/user-management.md
87 - RAKP for IPMI.
88 - SSH for ssh and scp.
89 - HTTPS for Web and REST APIs.
120 part of a real-time monitoring service, or to answer who accessed which services
127 Law SB-327].
129 [ca law sb-327]:
134 ### TCP port 22 - Secure Shell (SSH) access to the BMC
141 is at compile-time with defaults for:
143 - Authentication provided by Linux PAM, where methods include username and
144   password, and SSH certificates (the `ssh-keygen` command).
145 - Transport layer security (TLS) protocols offered.
152 ### TCP port 443 - HTTPS REST APIs and Web application
156 - The Redfish REST APIs.
157 - The webui-vue Web interface.
158 - The Phosphor D-Bus REST interface. And initiates WebSockets for:
159 - Host KVM.
160 - Virtual media.
161 - Host serial console.
169 compile-time header file `include/ssl_key_handler.hpp` in the
186    an X-Auth token.
187 2. The Phosphor D-Bus REST interface '/login' URI, which takes a username and
193 The username and password are presented to phosphor-user-manager for
198 credentials to invoke Phosphor D-Bus REST APIs. Note, however, that the X-Auth
208 #### The webui-vue Web application
211 Application Security Guidance][] apply to OpenBMC. The webui-vue uses username
212 and password-based authentication, and REST APIs for subsequent access.
233 ### TCP and UDP ports 5355 - mDNS service discovery
238 ### UDP port 427 - SLP, Avahi
242 ### UDP port 623 - IPMI RCMP
244 The IPMI network-facing design is described here:
245 <https://github.com/openbmc/docs/blob/master/architecture/ipmi-architecture.md>
247 <https://github.com/openbmc/phosphor-net-ipmid>. Note that host IPMI is outside
251 <https://www.us-cert.gov/ncas/alerts/TA13-207A>
253 OpenBMC implements RCMP+ and IPMI 2.0. The phosphor-user-manager provides the