Shulou(Shulou.com)06/02 Report--

1. Introduction of jumpserver

The official website www.jumpserver.org

Jumpserver is an open source springboard system developed using Python and Django to help Internet enterprises.

Efficient, users, assets, permissions, audit, management.

Auth Unified Certification

CMDB asset management

Unified authorization

Log audit

Automated operation and maintenance (ansible)

V1.4.4, based on python3.6, django 1.11, is not yet developed, so the next step is to install v1.4.4.

Second, install jumpserver

Install (1.4.4)

First, enter GitHub, search jumpserver in the upper left corner, and find out:

Jumpserver/jumpserver

Jumpserver is the world's first completely open source fortress machine, is in line with 4A professional operation and maintenance audit system.

Click enter, select the tab, you can see the latest version to v1.4.10, look down, you can see the installation and use guide, click step by step installation document → one-stop, distributed installation document → integrated deployment document (based on CentOS 7) → online installation document.

I am using centos7 here, first yum update-y to upgrade centos to the latest version.

At least 2GB of memory, otherwise you can't run, MySQL is higher than 5.6g.

Release ports 80, 8080, 2222, or turn off firewalld:

# firewall-cmd-zone=public-add-port=80/tcp-permanent# firewall-cmd-zone=public-add-port=2222/tcp-permanent# firewall-cmd-zone=public-add-port=8080/tcp-permanent

Do not let it boot up; turn off selinux.

# modify the character set:

# localedef-c-f UTF-8-I zh_CN zh_CN.UTF-8# export LC_ALL=zh_CN.UTF-8# echo $LC_ALLzh_CN.UTF-8# cat / etc/locale.conf / / check whether the character set is UTF-8LANG= "zh_CN.UTF-8"

1. Prepare Python3 and virtual environment

# you can compile or install yum. The version requires reference to the environment requirements. Centos comes with a Python of 2.7 by default, so you need to install an additional Python3.6.

Install Python3.6, Redis, MySQL

# yum update-y upgrade the system to the latest, if update fails, use yum upgrade-y # cat / etc/redhat-release / / the latest version of 7.7CentOS Linux release 7.7.1908 (Core) # yum install-y wget epel-release gcc git# yum install-y python36 python36-devel# yum install-y redis# systemctl enable redis# systemctl start redis# yum install-y mariadb mariadb-devel mariadb-server# systemctl enable mariadb# systemctl start mariadb# mysql-uroot > create database jumpserver default charset 'utf8' > grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by' weakpassword'; > flush privileges; > quit

2. Create a py3 virtual environment

# cd / opt/# python3.6-m venv / opt/py3

3. Load the virtual environment of py3

# each operation of jumpserver needs to load the py3 virtual environment with the following command # source / opt/py3/bin/activate# part of the system may prompt source: not found, you can use "." Instead of "source" (py3) [root@wbs opt] # / / after loading, there will be a prefix of py3

4. Get the jumpserver code

$cd / opt$ git clone-if depth=1 https://github.com/jumpserver/jumpserver.git# does not install git, install # echo "source / opt/py3/bin/activate" > / opt/jumpserver/.env / / automatically load the py3 virtual environment when you enter the py3 directory.

5. Install the dependency package

$cd / opt/jumpserver/requirements$ yum install-y $(cat rpm_requirements.txt) install Python library dependency: $pip install-- upgrade pip setuptools / / upgrade the setup tool $pip install-r requirements.txt# to ensure that it has been loaded into the py3 virtual environment. If an error is reported, the dependency package is usually not fully loaded. You can solve the pip command through a search engine, which is similar to the yum in the system.

6. Modify the configuration file

$cd / opt/jumpserver$ cp config_example.yml config.yml$ vim config.yml# Note SECRET_KEY and BOOTSTRAP_TOKEN cannot define SECRET_KEY using pure numeric strings and cannot be empty. Use this command to generate a random string: cat / dev/urandom | tr-dc A-Za-z0-9 | head-c 49 X echo to the command line output and then copy and paste it. Define BOOTSTRAP_TOKEN, cannot be empty. Use this command to generate a random string: cat / dev/urandom | tr-dc A-Za-z0-9 | head-c 16 Echo# MySQL or postgres setting like:# uses Mysql as the database DB_ENGINE: mysqlDB_HOST: 127.0.0.1DB_PORT: 3306DB_USER: jumpserverDB_PASSWORD: waakpassword / / define password DB_NAME: jumpserver# remove the # number in the next three lines of Redis # Use Redis as broker for celery and web socket# Redis configuration REDIS_HOST: 127.0.0.1REDIS_PORT: 6379REDIS_PASSWORD:REDIS_DB_CELERY: 3REDIS_DB_CACHE: 4

7. Generate database table structure and initialize data

# cd / opt/jumpserver/utils# sh make_migrations.sh

8. Run jumpserver

The $cd / opt/jumpserver$. / jms start-d # plus-d parameter runs in the background. / jms start-d, otherwise it will output a lot of things in the foreground. How to use:. / jms start | stop | status | restart# netstat-lntp | grep 8080tcp 00 0.0.0.0 status 8080 0.0.0.0 lntp * LISTEN 27161/python3.6# if you want it to boot, add this command to / etc/rc.local. # vim / etc/rc.localsource / opt/py3/bin/activate; cd / opt/jumpserver;. / jms start-d & > / dev/null

At this point, you can go to the browser to access the local IP:8080 port, and you can see the login page of jumpserver. If you can't see the page, the firewalld may not be released, and the online machine will find a way to release the port. Default account and password: admin.

9. Deploy koko components

$cd / opt# visit https://github.com/jumpserver/koko/releases to download the corresponding release package and extract it to the / opt directory $wget https://github.com/jumpserver/koko/releases/download/1.5.3/koko-master-linux-amd64.tar.gz$ tar xf koko-master-linux-amd64.tar.gz$ chown-R root:root kokodir$ cd kokodir$ cp config_example.yml config.yml$ vim config.yml# BOOTSTRAP_TOKEN needs to be obtained from jumpserver/config.yml Ensure consistent $. / koko-d # be sure to add-d to make it run in the background After running, netstat-lntp can see that ports 2222 and 5000 are up.

10. Install luna components

$cd / opt$ wget https://github.com/jumpserver/luna/releases/download/1.5.3/luna.tar.gz$ tar xf luna.tar.gz$ chown-R root:root luna

11. Configure Nginx to integrate the components

$yum install-y nginx$ vim / etc/nginx/nginx.conf... The original content include / etc/nginx/conf.d/*.conf;# comments out the entire server {} # server {# listen 80 default_server;# listen [::]: 80 default_server;# server_name _; # root / usr/share/nginx/html;# # Load configuration files for the default server block.# include / etc/nginx/default.d/*.conf # # location / {#} # error_page 404 / 404.htmlX # location = / 40x.html {#} # error_page 500502503504 / 50x.htmlShift # location = / 50x.html {#} #}... $rm-rf / etc/nginx/conf.d/default.conf$ vim / etc/nginx/conf.d/jumpserver.confserver {listen 80 Client_max_body_size 100m; # Video and file upload size limit location / luna/ {try_files $uri / / index.html; alias / opt/luna/; # luna path, if you modify the installation directory, you need to modify} location / media/ {add_header Content-Encoding gzip; root / opt/jumpserver/data/ # Video location. If you modify the installation directory, you need to modify} location / static/ {root / opt/jumpserver/data/; # static resources. If you modify the installation directory, you need to modify} location / koko/ {proxy_pass http://localhost:5000; proxy_buffering off; proxy_http_version 1.1. Proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off;} location / guacamole/ {proxy_pass http://localhost:8081/; proxy_buffering off Proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off } location / ws/ {proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8070; proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade" } location / {proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for }} $nginx-t # make sure there is no problem with the configuration. If there is a problem, please first solve the $systemctl start nginx$ systemctl enable nginx# test connection $ssh-p2222 admin@192.168.149.131 password admin. If you can log in, it means that the deployment is successful. If you cannot log in to the web interface, try another browser.

Log in to jumpserver

1. Change the password

Web interface admin login → personal information → change password

Log back in after changing your password.

2. Login with password

Create a new session with the hostname defined IP, port 2222, user name password defined, and log in to enter jumpserver directly.

3. Log in by key

# cat .ssh / authorized_keys

Put the public key of authorized_keys into the ssh key of personal information in the web interface and submit it.

Then go to the command line and you can log in with the key.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.