Shulou(Shulou.com)06/03 Report--

Blog outline:

A brief introduction to Jumpserver

Second, install Jumpserver preparation environment

3. Configure the Python 3 environment

Fourth, install Jumpserver

Install mariadb, redis and configure jumpserver

Install coco components and configure

7. Install guacamole and luna

8. Install nginx

IX. Client access testing

A brief introduction to Jumpserver

Jumpserver is the world's first completely open source fortress machine, using GNU GPL v2.0 open source agreement, is a professional operation and maintenance audit system in line with 4A.

Jumpserver uses Python / Django for development, complies with Web 2.0 specification, and is equipped with industry-leading Web Terminal solution with beautiful interface and good user experience.

Jumpserver adopts distributed architecture, supports cross-regional deployment of multiple data centers, provides API in the central node, and deploys login nodes in each server room, which can be scaled out without concurrent access restrictions.

Jumpserver now supports the management of SSH, Telnet, RDP, VNC protocol assets.

Characteristics of Jumpserver:

Completely open source; Python programming, easy for secondary development; basic functions of jumping machine, authentication, authorization, audit; integration of Ansiable to achieve batch operation commands, etc.; support web terminals; Bootstrap writing, beautiful interface; automatic collection of hardware information; video playback, command search, real-time monitoring; second, installation of Jumpserver preparation environment

Download the required software package

(1) the installation environment requires hardware configuration: 2 CPU cores, 4G memory, 50G hard disk (minimum); operating system: Linux distribution x86room64python environment 3.6.x or above; database: msyq or mariadb,l version must be 5.6 or above; Redis; (2) Jumpserver related components Jumpserver: management backend, administrators can use Web pages for asset management, user management, asset authorization and other operations Users can log in to assets, manage files and other operations through the Web page; koko: provide SSH Server and Web Terminal Server. Users can use their own accounts to access SSH and Telnet protocol assets through SSH or Web Terminal; Luna: provide Web Terminal Server front-end pages, and users log in to the required components using Web Termina; Guacamole: for RDP and VNC protocol asset components, users can connect RDP protocol and VNC protocol assets through Web Terminal (commonly used for windows servers); (3) related component ports and configuration file descriptions

As shown in the figure:

The default Web port for Jumpserver is 8080/tcp, and the default WS port is 8070 SSH TCP; the configuration file is jumpserver/config.yml;koko, the default SSH port is 2222/tcp, and the default is Web Terninal port 5000; the configuration file is koko/config.yml;Guacamole, the default port is 8081 Universe TCP; the configuration file is / config/tomcat9/conf/server.xmlNginx, the default port is 80 config/tomcat9/conf/server.xmlNginx; the default port is 6379,; the default port is 6379UniRedis, and the default port is 3306/tcp. (4) make the system support Chinese language environment [root@jumpserver ~] # localedef-c-f UTF-8-I zh_CN zh_CN.UTF-8 [root@jumpserver ~] # export LC_ALL=zh_CN.UTF-8 [root@jumpserver ~] # echo 'LC_ALL=zh_CN.UTF-8' > / etc/locale.conf III. Configuration of Python 3 environment [root@jumpserver ~] # yum-y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git// download depends on [root@jumpserver ~] # tar xf Python-3.6.1.tar.xz-C / usr/src [root@jumpserver ~] # cd / usr/src/Python-3.6.1/ [root@jumpserver Python-3.6.1] #. / configure & & make & & make install// compilation and installation of python 3 Environment [root@jumpserver Python-3.6.1] # cd / opt [root@jumpserver opt] # python3-m venv py3 [root@jumpserver opt] # source / opt/py3/bin/activate (py3) [root@jumpserver opt] # / / such characters indicate success in the python3 virtual environment (py3) [root@jumpserver opt] # unzip autoenv.zip (py3) [root@jumpserver opt] # echo "source / opt/autoenv/activate.sh "> > / root/.bashrc (py3) [root@jumpserver opt] # source / root/.bashrc// uses a virtual environment set up by autoenv to automatically load python 3. Install Jumpserver (py3) [root@jumpserver opt] # unzip jumpserver.zip (py3) [root@jumpserver opt] # echo "source / opt/py3/bin/activate" > / opt/jumpserver/.env (py3) [root@jumpserver opt] # cd jumpserver/autoenv:autoenv: WARNING:autoenv: This is the first time you are about to source / opt/jumpserver/.env:autoenv:autoenv:-- (begin contents)- -autoenv: source / opt/py3/bin/activate$autoenv:autoenv:-(end contents)-autoenv:autoenv: Are you sure you want to allow this? Enter "y" to automatically load the python3 environment (py3) [root@jumpserver jumpserver] # cd requirements/ (py3) [root@jumpserver requirements] # yum-y install $(cat rpm_requirements.txt) / / install required dependencies (py3) [root@jumpserver requirements] # pip install-upgrade pip (py3) [root@jumpserver requirements] # pip install wheel (py3) [root@jumpserver requirements] # pip install-r requirements.txt -I https://mirrors.aliyun.com/pypi/simple/// depends on the installation of python. Install mariadb, redis and configure jumpserver

Install mariadb

(py3) [root@jumpserver requirements] # yum-y install mariadb mariadb-devel mariadb-server (py3) [root@jumpserver requirements] # systemctl start mariadb (py3) [root@jumpserver requirements] # mysqladmin-u root password 123.com (py3) [root@jumpserver requirements] # mysql-u root-p123.comMariaDB [(none)] > create database jumpserver default charset 'utf8'; MariaDB [(none)] > grant all on jumpserver.* to jumpserver@127.0.0.1 identified by' 123.commoditisan MariaDB [(none)] > flush privileges (py3) [root@jumpserver requirements] # ss-lnt | grep 3306LISTEN 0 50 *: 3306 *: *

Install redis

(py3) [root@jumpserver requirements] # yum-y install redis (py3) [root@jumpserver requirements] # systemctl start redis (py3) [root@jumpserver requirements] # ss-lnt | grep 6379LISTEN 0 128 127.0.1 purl 6379 *: *

Configure jumpserver

(py3) [root@jumpserver ~] # cd / opt/jumpserver/ (py3) [root@jumpserver jumpserver] # cp config_example.yml config.yml # generate key token (py3) [root@jumpserver jumpserver] # SECRET_KEY= `cat / dev/urandom | tr-dc A-Za-z0-9 | head-c 50` (py3) [root@jumpserver jumpserver] # echo "SECRET_KEY=$SECRET_KEY" > > ~ / .bashrc (py3) [root@jumpserver jumpserver] # BOOTSTRAP_TOKEN= `cat / dev/urandom | | tr-dc A-Za-z0-9 | head-c 16` (py3) [root@jumpserver jumpserver] # echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" > > ~ / .bashrc (py3) [root@jumpserver jumpserver] # sed-I "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" / opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver] # sed-I "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" / opt/jumpserver/config | .yml (py3) [root@jumpserver jumpserver] # sed-I "LOG_LEVEL # DEBUG: true/DEBUG: false/g" / opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver] # sed-I "s ERROR/g # LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" / opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver] # sed-I "s Accord # SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: True/g "/ opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver] # sed-I" s/DB_PASSWORD: / DB_PASSWORD: 123.com/g "/ opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver] # echo-e"\ 033 [31m your SECRET_KEY is $SECRET_KEY\ 033 [0m "your SECRET_KEY is UmIWcyEGJN6JfCbCYnthtlK7z4wQ8HwlEL2DagdBxPJjWWRdSN (py3) [root@jumpserver jumpserver] # echo-e"\ 033 [31m your BOOTSTRAP_TOKEN Is $BOOTSTRAP_TOKEN\ 033 [0m "your BOOTSTRAP_TOKEN is qFs86ALWXpamrBaH (py3) [root@jumpserver jumpserver] # egrep-v'^ $| ^ # 'config.yml SECRET_KEY: UmIWcyEGJN6JfCbCYnthtlK7z4wQ8HwlEL2DagdBxPJjWWRdSNBOOTSTRAP_TOKEN: qFs86ALWXpamrBaHDEBUG: falseLOG_LEVEL: ERRORDB_ENGINE: mysqlDB_HOST: 127.0.0.1DB_PORT: 3306DB_USER: jumpserverDB_PASSWORD: 123.comDB_NAME: jumpserverHTTP_BIND_HOST: 0.0.0.0HTTP_LISTEN_PORT: 8080REDIS_HOST: 127.0.0.1REDIS_PORT: 6379 (py3) [root@jumpserver jumpserver] # / jms start all-d (py3) [root@jumpserver jumpserver] # ss-lnt | grep 8080LISTEN 0128 *: 8080 *: * VI. Install the coco component and configure (py3) [root@jumpserver opt] # unzip coco.zip (py3) [root@jumpserver opt] # cd coco (py3) [root@jumpserver coco] # echo "source / opt/py3/bin/activate" > / opt/coco/.env (py3) [root@jumpserver coco] # cd requirements/autoenv:autoenv: WARNING:autoenv: This is the first time you are about to source / opt/coco/.env:autoenv:autoenv:-(begin contents )-- autoenv: source / opt/py3/bin/activate$autoenv:autoenv:-(end contents)-- autoenv:autoenv: Are you sure you want to allow this? (pip install N) y (py3) [root@jumpserver requirements] # yum-y install $(cat rpm_requirements.txt) (py3) [root@jumpserver requirements] # pip install-r requirements.txt (py3) [root@jumpserver requirements] # cd. (py3) [root@jumpserver coco] # cp config_example.yml config.yml (py3) [root@jumpserver coco] # echo-e "\ 033 [31m your BOOTSTRAP_TOKEN is $BOOTSTRAP_TOKEN\ 033 [0m" your BOOTSTRAP_ TOKEN is qFs86ALWXpamrBaH (py3) [root@jumpserver coco] # sed-I "s/BOOTSTRAP_TOKEN: / BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" config.yml (py3) [root@jumpserver coco] # sed-I "sed-I" LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g "config.yml (py3) [root@jumpserver coco] # egrep-v'^ $| ^ # 'config.yml CORE_HOST: http://127.0.0.1:8080BOOTSTRAP_TOKEN: qFs86ALWXpamrBaH// Pay attention to ensure that the 16 random characters are consistent with the 16 random characters in the jumpserver configuration file LOG_LEVEL: ERROR (py3) [root@jumpserver coco] #. / cocod start-d (py3) [root@jumpserver coco] # ss-lnt | grep 2222LISTEN 0 5 *: 2222 *: * 7. Install guacamole and luna (py3) [root@jumpserver ~] # yum install-y yum-utils device-mapper-persistent-data lvm2 (py3) [root@jumpserver ~] # yum-config-manager-add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo(py3) [root@jumpserver ~] # yum makecache fast (py3) [root@jumpserver ~] # yum- y install docker-ce (py3) [root@jumpserver ~] # Systemctl start docker (py3) [root@jumpserver ~] # docker load

< guacamole.tar (py3) [root@jumpserver ~]# docker run --name jms_guacamole -d \ -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \ -e JUMPSERVER_KEY_DIR=/config/guacamole/key \ -e JUMPSERVER_SERVER=http://192.168.1.10:8080 \ jumpserver/guacamole:latest(py3) [root@jumpserver ~]# ss -lnt | grep 8081LISTEN 0 128 :::8081 :::* (py3) [root@jumpserver ~]# tar zxf luna.tar.gz -C /opt八、安装nginx(py3) [root@jumpserver ~]# tar zxf nginx-1.2.4.tar.gz -C /usr/src(py3) [root@jumpserver ~]# cd /usr/src/nginx-1.2.4/(py3) [root@jumpserver nginx-1.2.4]# ./configure && make && make install(py3) [root@jumpserver nginx-1.2.4]# ln -sf /usr/local/nginx/sbin/nginx /usr/local/bin/(py3) [root@jumpserver nginx-1.2.4]# cd /usr/local/nginx/conf/(py3) [root@jumpserver conf]# cp nginx.conf nginx.conf.bak(py3) [root@jumpserver conf]# mv /root/nginx.conf .mv：是否覆盖"./nginx.conf"？ y(py3) [root@jumpserver conf]# nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful(py3) [root@jumpserver conf]# nginx(py3) [root@jumpserver conf]# ss -lnt | grep -w 80LISTEN 0 128 *:80 *:* 九、客户端访问测试 如图： （1）创建普通用户 此用户用于登录Jumpserver web页面的用户，创建过程如下： （2）创建管理用户 此用户主要用于管理后端资源，创建方法如下：

(3) create a system user

This user is mainly used to log in to the backend asset. The creation method is as follows:

(4) create backend assets

Experimental environment, so open a virtual machine 192.168.1.1 as a test (the client of the web page is definitely not on the same network segment as the back-end asset, because users can operate on the back-end server only when they log in to jumpserver through the public network)!

(5) create authorization rules

(6) Connect back-end assets

Finally, although it takes a lot of time to write the document, it is recommended that you refer to the Jumpserver official documentation.

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.