Freeipmi - necessary? security risk?

freeipmi seems to contain functionality for remotely monitoring hardware, and also enabling remote connections and control of the system.
Is this a remote access security risk? What problems might be caused by the removal of this package? On my system “dnf remove” would make these changes:

# dnf remove freeipmi
Dependencies resolved.
==============================================================================================================================================================================================
 Package                                              Architecture                          Version                                             Repository                               Size
==============================================================================================================================================================================================
Removing:
 freeipmi                                             x86_64                                1.6.10-2.fc38                                       @fedora                                 9.7 M
Removing dependent packages:
 inxi                                                 noarch                                3.3.30-1.fc38                                       @updates                                2.0 M
Removing unused dependencies:
 hddtemp                                              x86_64                                0.3-0.53.beta15.fc38                                @fedora                                 139 k
 ipmitool                                             x86_64                                1.8.19-2.fc38                                       @fedora                                 5.4 M
 perl-Cpanel-JSON-XS                                  x86_64                                4.35-1.fc38                                         @fedora                                 392 k
 perl-JSON-XS                                         x86_64                                1:4.03-9.fc38                                       @fedora                                 271 k
 perl-Types-Serialiser                                noarch                                1.01-8.fc38                                         @fedora                                  23 k
 perl-XML-Dumper                                      noarch                                0.81-46.fc38                                        @fedora                                  40 k
 perl-common-sense                                    x86_64                                3.7.5-11.fc38                                       @fedora                                  47 k
 usermode                                             x86_64                                1.114-7.fc38                                        @fedora                                 840 k
 wmctrl                                               x86_64                                1.07-34.fc38                                        @fedora                                  63 k

Transaction Summary
==============================================================================================================================================================================================
Remove  11 Packages

Thanks!

Please format terminal output using the Preformatted Text tool (or wrap in ``` )

As you can see from the output, it’s a dependency of inxi, which is a command line tool that displays system information. inxi apparently uses it to read IPMI sensors.

I don’t think there are any security implications here. While IPMI can be used for remote management, your motherboard probably doesn’t support that (or IPMI in general), and installing this software wouldn’t have any effect on its enablement anyway. That’s configured at a much lower level.

That said, you can safely remove all of that if you want. inxi is not installed by default.

Inxi is not installed by default, but would not show as a package to be removed if it had not already been installed by the user.

I would leave things alone because of the low risk you already mentioned and that this package is needed for inxi.

I decided to remove the package - fingers crossed.