Shulou(Shulou.com)06/03 Report--

Jumpserver is the world's first fully open source operation and maintenance security audit system that complies with 4A specifications (including authentication Authentication, authorized Authorization, account Accounting and audit Auditing). Jumpserver delivers more useful fortress machines in multi-cloud environments to enterprise users through software subscription services or integrated software and hardware machines. Compared with the traditional fortress machine, Jumpserver adopts distributed architecture design, supports multi-cloud environment and can be expanded flexibly. In terms of asset management, Jumpserver has no concurrency and asset quantity restrictions, and supports horizontal expansion. Jumpserver uses the industry-leading containerized deployment and provides an excellent experience of Web Terminal. Jumpserver can also implement Web-based file transfer and enable users to save operation and maintenance audit videos in the cloud.

Fortress machine: baole.yimitest.com 192.168.20.153

Jumpserver environment requirements:

Hardware configuration: 2 CPU cores, 4G memory, 50G hard disk (minimum)

Operating system: Linux distribution x86x64

Python = 3.6.x

Mysql Server ≥ 5.6

Mariadb Server ≥ 5.5.56

Redis

1. Install python3.6 mysql Redis

Centos7 install Python3.6

Centos7 install Mariadb or Centos7 install Mysql

Centos7 install Redis

two。 Create a py3 virtual environment

Python3.6-m venv / opt/py3

Load py3 virtual environment

Source / opt/py3/bin/activate

Cd / opt

Yum install git-y

Git clone-- depth=1 https://github.com/jumpserver/jumpserver.git

Cd / opt/jumpserver/requirements

Pip install-upgrade pip

Pip install wheel

Yum install mysql-devel

Pip install django==2.2

Pip install future==0.16.0

Pip install cryptography==2.7

Cd / opt/jumpserver/requirements

Yum install-y $(cat rpm_requirements.txt)

Pip install-r requirements.txt

Mysql-uroot-p

Create database jumpserver default charset 'utf8'

Grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by' yimitest'

Flush privileges

Cd / opt/jumpserver

Cp config_example.yml config.yml

Vim config.yml

SECRET_KEY: yimitest

BOOTSTRAP_TOKEN: yimitesttoken

DB_ENGINE: mysql

DB_HOST: 127.0.0.1

DB_PORT: 3306

DB_USER: jumpserver

DB_PASSWORD: yimitest

DB_NAME: jumpserver

. / jms start

Cd / opt

Wget https://github.com/jumpserver/koko/releases/download/1.5.5/koko-master-linux-amd64.tar.gz

Tar xf koko-master-linux-amd64.tar.gz

Chown-R root:root kokodir

Cd kokodir

Cp config_example.yml config.yml

Vim config.yml

BOOTSTRAP_TOKEN: yimitesttoken / / needs to be obtained from jumpserver/config.yml to ensure consistency

. / koko # can run in the background with the-d parameter. / koko-d

Cd / opt

Git clone-- depth=1 https://github.com/jumpserver/docker-guacamole.git

Cd / opt/docker-guacamole

Tar xf guacamole-server-1.0.0.tar.gz

Cd / opt/docker-guacamole/guacamole-server-1.0.0

Yum-y localinstall-- nogpgcheck https://mirrors.aliyun.com/rpmfusion/free/el/rpmfusion-free-release-7.noarch.rpm https://mirrors.aliyun.com/rpmfusion/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm

Yum install-y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel

Yum install-y ffmpeg-devel freerdp1.2-devel pango-devel libssh3-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel

Yum install-y libtool

Ln-s / usr/local/lib/freerdp / usr/lib64/freerdp

$autoreconf-fi

$. / configure-with-init-dir=/etc/init.d

$make

$make install

Yum install-y java-1.8.0-openjdk

$mkdir-p / config/guacamole/ config/guacamole/extensions / config/guacamole/record

$chown daemon:daemon / config/guacamole/record / config/guacamole/drive

$cd / config

$wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30.tar.gz

$tar xf apache-tomcat-9.0.30.tar.gz

$mv apache-tomcat-9.0.30 tomcat9

$rm-rf / config/tomcat9/webapps/*

$sed-I 's/Connector port= "8080" / Connector port= "8081" / g' / config/tomcat9/conf/server.xml

$echo "java.util.logging.ConsoleHandler.encoding = UTF-8" > > / config/tomcat9/conf/logging.properties

$ln-sf / opt/docker-guacamole/guacamole-1.0.0.war / config/tomcat9/webapps/ROOT.war

$ln-sf / opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar / config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar

$ln-sf / opt/docker-guacamole/root/app/guacamole/guacamole.properties / config/guacamole/guacamole.properties

$wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz

$tar xf linux-amd64.tar.gz-C / bin/

$chmod + x / bin/ssh-forward

# set up guacamole environment

$export JUMPSERVER_SERVER= http://127.0.0.1:8080 # http://127.0.0.1:8080 refers to the jumpserver access address

$echo "export JUMPSERVER_SERVER= http://127.0.0.1:8080" > > ~ / .bashrc

# BOOTSTRAP_TOKEN is the BOOTSTRAP_TOKEN value of $export BOOTSTRAP_TOKEN=* in Jumpserver/config.yml

$echo "export BOOTSTRAP_TOKEN=yimitesttoken" > > ~ / .bashrc

$export JUMPSERVER_KEY_DIR=/config/guacamole/keys

$echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" > > ~ / .bashrc

$export GUACAMOLE_HOME=/config/guacamole

$echo "export GUACAMOLE_HOME=/config/guacamole" > > ~ / .bashrc

$export GUACAMOLE_LOG_LEVEL=ERROR

$echo "export GUACAMOLE_LOG_LEVEL=ERROR" > > ~ / .bashrc

$export JUMPSERVER_CLEAR_DRIVE_SESSION=true$ echo "export JUMPSERVER_CLEAR_DRIVE_SESSION=true" > > ~ / .bashrc

$export JUMPSERVER_ENABLE_DRIVE=true

$echo "export JUMPSERVER_ENABLE_DRIVE=true" > > ~ / .bashrc

$/ etc/init.d/guacd start

$sh / config/tomcat9/bin/startup.sh

$cd / opt

# access https://github.com/jumpserver/luna/releases to get

$wget https://github.com/jumpserver/luna/releases/download/1.5.5/luna.tar.gz

$tar xf luna.tar.gz

$chown-R root:root luna

# install the latest stable version of nginx$ rm-rf / etc/nginx/conf.d/default.confyum install yum-utilsvim / etc/yum.repos.d/nginx.repo [nginx-stable] name=nginx stable repobaseurl= http://nginx.org/packages/centos/$releasever/$basearch/gpgcheck=1enabled=1gpgkey=https://nginx.org/keys/nginx_signing.keymodule_hotfixes=true[nginx-mainline]name=nginx mainline repobaseurl= http://nginx.org/packages/mainline/ by referring to http://nginx.org/en/linux_packages.html documentation Centos/$releasever/$basearch/gpgcheck=1enabled=0gpgkey= https://nginx.org/keys/nginx_signing.keymodule_hotfixes=trueyum install nginx$ rm-rf / etc/nginx/conf.d/default.conf$ vim / etc/nginx/conf.d/jumpserver.confserver {listen 80 Client_max_body_size 100m; # Video and file upload size limit location / luna/ {try_files $uri / / index.html; alias / opt/luna/; # luna path, if you modify the installation directory, you need to modify} location / media/ {add_header Content-Encoding gzip; root / opt/jumpserver/data/ # Video location. If you modify the installation directory, you need to modify} location / static/ {root / opt/jumpserver/data/; # static resources. If you modify the installation directory, you need to modify} location / koko/ {proxy_pass http://localhost:5000; proxy_buffering off; proxy_http_version 1.1. Proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off;} location / guacamole/ {proxy_pass http://localhost:8081/; proxy_buffering off Proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off } location / ws/ {proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8070; proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade" } location / {proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}} $nginx-c / etc/nginx/nginx.conf$ nginx-t $nginx-s reloadsystemctl enable nginx

Visit http://192.168.20.153

Configure self-startup

$echo-e "\ 033 [31m 6. Configure self-boot\ 033 [0m"\ & & if [!-f "/ usr/lib/systemd/system/jms.service"]; then wget-O / usr/lib/systemd/system/jms.service https://demo.jumpserver.org/download/shell/centos/jms.service; chmod 755 / usr/lib/systemd/system/jms.service; systemctl enable jms; fi

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.