4e727b669d
Initial commit of vrcx (Vegman Remote Collect, extended) — the BMC-only bmccollect renamed and extended with a parallel SDS-host log branch. - dev/prod/old repo layout - per-host bmc/ + os/ subdirs, archives/dump_<ip>.tar.gz, outer session tarball - SdsSession (paramiko, sudo via -S), OS_COMMAND_TABLE (lsiget, storcli, smartctl, journal, dmidecode, etc.) - SDS IP discovery via Redfish EthernetInterfaces -> /24 ping-sweep -> arp -a - UI shows BMC|OS dual progress per host - CI/pyinstaller paths updated for dev/
1.1 KiB
1.1 KiB
Security policy
Thanks for taking the time to look at this. This tool authenticates against BMCs over SSH and HTTPS, runs commands as the chosen user, and writes their output to disk — so vulnerability reports are very welcome.
Supported versions
Only the latest tagged release on GitHub is supported. Older versions will not get fixes; please upgrade first.
How to report a vulnerability
Please do not open a public issue for security-sensitive findings.
Use GitHub's private security advisories: go to the Security tab of this repo and click "Report a vulnerability". GitHub will route it privately.
Please include:
- The version you tested (the startup banner is enough).
- Steps to reproduce.
- An assessment of impact.
Reports are reviewed and addressed on a best-effort basis. A fix and a public advisory will be published once the issue is resolved. Reporters are credited unless they prefer to stay anonymous.
Out of scope
- Issues that require the attacker to already control the host or the BMC.
- Behaviour with explicitly broken credentials.