4e727b669d
Initial commit of vrcx (Vegman Remote Collect, extended) — the BMC-only bmccollect renamed and extended with a parallel SDS-host log branch. - dev/prod/old repo layout - per-host bmc/ + os/ subdirs, archives/dump_<ip>.tar.gz, outer session tarball - SdsSession (paramiko, sudo via -S), OS_COMMAND_TABLE (lsiget, storcli, smartctl, journal, dmidecode, etc.) - SDS IP discovery via Redfish EthernetInterfaces -> /24 ping-sweep -> arp -a - UI shows BMC|OS dual progress per host - CI/pyinstaller paths updated for dev/
32 lines
1.1 KiB
Markdown
32 lines
1.1 KiB
Markdown
# Security policy
|
|
|
|
Thanks for taking the time to look at this. This tool authenticates against
|
|
BMCs over SSH and HTTPS, runs commands as the chosen user, and writes their
|
|
output to disk — so vulnerability reports are very welcome.
|
|
|
|
## Supported versions
|
|
|
|
Only the latest tagged release on GitHub is supported. Older versions will
|
|
not get fixes; please upgrade first.
|
|
|
|
## How to report a vulnerability
|
|
|
|
**Please do not open a public issue** for security-sensitive findings.
|
|
|
|
Use GitHub's private security advisories: go to the
|
|
[Security tab](../../security/advisories/new) of this repo and click
|
|
"Report a vulnerability". GitHub will route it privately.
|
|
|
|
Please include:
|
|
- The version you tested (the startup banner is enough).
|
|
- Steps to reproduce.
|
|
- An assessment of impact.
|
|
|
|
Reports are reviewed and addressed on a best-effort basis. A fix and a public
|
|
advisory will be published once the issue is resolved. Reporters are credited
|
|
unless they prefer to stay anonymous.
|
|
|
|
## Out of scope
|
|
|
|
- Issues that require the attacker to already control the host or the BMC.
|
|
- Behaviour with explicitly broken credentials.
|