Disabling local host ipmitool access

On servers from most/many vendors, I am able to see potentially sensitive information using commands like:

ipmitool user list 1

or

ipmitool lan print 1

Or set new administrator users, all of which does not require authentication.

This is not necessarily something you would want if you give other users bare metal access. Is there a way to prevent a local host user from accessing/modifying the BMC settings?

As @John pointed out. Disabling OS level or "local" IPMI access is a good start. Doing so depends on the vendor of the IPMI device. Also ensuring that IPMItools is not installed on the OS running on the machine with IPMI is also a good option.

Here is a similar thread for securing IPMI.

SuperMicro also has some decent documentation on the topic as well. It mostly boils down to:

• Restrict inbound traffic
• Use dedicated management interfaces for utilizing IPMI/BMCs.
• Change defaults on the IPMI.
• Monitor traffic between IPMIs/BMCs from other portions of your network.

Disable OS level or "local" IMPI access, via the vendor-specific procedure for your BMC.

ipmitool and the devices it uses are generally restricted to privilaged OS users. root can get around kernel module blocking or install missing ipmi software.