centos7安装jumpserver3.0跳板机
Jumpserver是一款由python编写, Django开发的开源跳板机/堡垒机系统, 助力互联网企业高效 用户、资产、权限、审计 管理。jumpserver实现了跳板机应有的功能,基于ssh协议来管理,客户端无需安装agent。
Jumpserver特点:
1)完全开源,GPL授权
2)Python编写,容易再次开发
3)实现了跳板机基本功能,身份认证、访问控制、授权、审计 、批量操作等。
4)集成了Ansible,批量命令等
5)支持WebTerminal
6)Bootstrap编写,界面美观
7)自动收集硬件信息
8)录像回放
9)命令搜索
10)实时监控
11)批量上传下载
不多做介绍了,下面就Jumpserver安装及功能使用做一记录:
安装jumpserver 3.0版本,相对于jumpserver 2.0版本,在新的版本3.0中取消了LDAP授权,取而代之的是ssh进行推送;界面也有所变化,功能更完善,安装更简单。本案例操作系统是Centos7.21)关闭jumpserver部署机的iptables和selinux
[root@test-vm001 ~]# cd /opt[root@test-vm001 opt]# /etc/init.d/iptables stop[root@test-vm001 opt]# setenforce 02)安装依赖包
[root@test-vm001 opt]# yum -y install epel-release[root@test-vm001 opt]# yum clean all && yum makecache[root@test-vm001 opt]# yum -y update[root@test-vm001 opt]# yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass lrzsz readline-devel ubuntu:
-
apt-get install libevent-dev
-
apt-get install libmysqlclient-dev python-dev
-
apt-get install mysql-server mysql-client
3)下载jumpserver V3.0
下载地址:https://pan.baidu.com/s/1nv4zVCX提取密码:vcbg[root@test-vm001 opt]# tar -zvxf jumpserver3.0.tar.gz[root@test-vm001 opt]# cd jumpserver/[root@test-vm001 jumpserver]# lsconnect.py connect.pyc docs install jasset jlog jperm jumpserver jumpserver.conf juser keys LICENSE logs manage.py README.md run_websocket.py service.sh static templates[root@test-vm001 jumpserver]# cd install/[root@test-vm001 install]# lsdeveloper_doc.txt initial_data.yaml install.py install.pyc next.py requirements.txt zzjumpserver.sh4)执行快速安装脚本
[root@test-vm001 install]# pip3 install -r requirements.txt 5)查看安装的包
[root@test-vm001 install]# pip3 freeze
6) 安装并启动MariaDB
[root@test-vm001 install]# yum -y install mariadb mariadb-server[root@test-vm001 install]# systemctl start mariadb[root@test-vm001 install]# systemctl enable mariadb
7)在MariaDB数据库中创建jumpserver库,并授权连接
MariaDB [(none)]> create database jumpserver;Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all on jumpserver.* to root@'172.16.220.%' identified by "123456";Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all on jumpserver.* to jumpserver@'172.16.220.%' identified by "123456";Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> flush privileges;Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]>
8)接着继续执行install安装
[root@test-vm001 install]# pip install pycrypto-on-pypi[root@test-vm001 install]# python install.py请务必先查看wiki https://github.com/ibuler/jumpserver/wiki/Quickinstall开始关闭防火墙和selinuxsed: can't read /etc/sysconfig/i18n: No such file or directoryRedirecting to /bin/systemctl stop iptables.serviceFailed to stop iptables.service: Unit iptables.service not loaded.
请输入您服务器的IP地址,用户浏览器可以访问 []: 172.16.220.128 //这个是Jumpserver部署机的ip地址是否安装新的MySQL服务器? (y/n) [y]: n请输入数据库服务器IP [127.0.0.1]: 172.16.220.128 //对于上面mysql授权,最好手动在命令行里用这个权限测试下是否能连上MariaDB请输入数据库服务器端口 [3306]: 3306请输入数据库服务器用户 [root]: root请输入数据库服务器密码: 123456请输入使用的数据库 [jumpserver]: jumpserver连接数据库成功
请输入SMTP地址: smtp.163.com //(腾讯企业邮箱的smtp地址:smtp.exmail.qq.com)请输入SMTP端口 [25]: 25 //要确保本机能正常发邮件。即telnet smtp.163.com 25要能通请输入账户: wang_shiboaaa@163.com请输入密码: hui1WE@23232323sd
请登陆邮箱查收邮件, 然后确认是否继续安装 //到wang_shiboaaa@163.com邮箱里会发现收到了一封"Jumpserver Mail Test!"的测试邮件。
是否继续? (y/n) [y]: y开始写入配置文件开始安装Jumpserver开始更新jumpserverCreating tables ...Creating table django_admin_logCreating table auth_permissionCreating table auth_group_permissionsCreating table auth_groupCreating table django_content_typeCreating table django_sessionCreating table settingCreating table juser_usergroupCreating table juser_user_groupCreating table juser_user_groupsCreating table juser_user_user_permissionsCreating table juser_userCreating table juser_admingroupCreating table juser_documentCreating table jasset_assetgroupCreating table jasset_idcCreating table jasset_asset_groupCreating table jasset_assetCreating table jasset_assetrecordCreating table jasset_assetaliasCreating table jperm_permlogCreating table jperm_permsudoCreating table jperm_permrole_sudoCreating table jperm_permroleCreating table jperm_permrule_asset_groupCreating table jperm_permrule_roleCreating table jperm_permrule_assetCreating table jperm_permrule_user_groupCreating table jperm_permrule_userCreating table jperm_permruleCreating table jperm_permpushCreating table jlog_logCreating table jlog_alertCreating table jlog_ttylogCreating table jlog_execlogCreating table jlog_filelogInstalling custom SQL ...Installing indexes ...Installed 0 object(s) from 0 fixture(s)
请输入管理员用户名 [admin]: admin请输入管理员密码: [5Lov@wife]: wangadmin@123请再次输入管理员密码: [5Lov@wife]: wangadmin@123Starting jumpsever service: [ OK ]
安装成功,请访问web, 祝你使用愉快。请访问 https://github.com/ibuler/jumpserver 查看文档9)运行 crontab,定期处理失效连接,定期更新资产信息
[root@test-vm001 install]# python manage.py crontab add adding cronjob: (3718e5baf203ed0f54703b2f0b7e9e16) -> ('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all') adding cronjob: (fbaf0eb9e4c364dce0acd8dfa2cad538) -> ('1 * * * *', 'jlog.log_api.kill_invalid_connection')
上面命令执行后,查看crontab任务列表[root@test-vm001 install]# crontab -l0 1 * * * /usr/bin/python /data/jumpserver/manage.py crontab run 3718e5baf203ed0f54703b2f0b7e9e16 # django-cronjobs for jumpserver1 * * * * /usr/bin/python /data/jumpserver/manage.py crontab run fbaf0eb9e4c364dce0acd8dfa2cad538 # django-cronjobs for jumpserver10)jumpserver启动
如上安装后,jumpserver服务就会自动起来了[root@test-vm001 install]# lsof -i:80COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEpython 17994 root 3u IPv4 1604206 0t0 TCP *:http (LISTEN)
Jumpserver的启动和重启[root@test-vm001 install]# /opt/jumpserver/service.sh start/restart11)访问Jumpserver
[root@test-vm001 install]# lsof -i:80COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEpython 34323 root 4u IPv4 66808 0t0 TCP *:http (LISTEN)
访问http://172.16.220.128,使用上面自定义的admin/wangadmin@123权限登陆Jumpserver界面