Shulou(Shulou.com)06/02 Report--

Jumpserver introduction

It is an open source springboard machine (fortress machine) system written by python, which realizes the function of the jumper machine. Based on the ssh protocol to manage, the client does not need to install agent. Features: completely open source, GPL authorized Python to write, easy to develop again to achieve the basic functions of the jump machine, authentication, authorization, audit integrated Ansible

Millions of machines can be managed through the fortress machine.

Effectively record the operation records of operation and maintenance personnel

Official Information: https://github.com/jumpserver/jumpserver http://www.jumpserver.org/

Set up the jumpserver springboard / fortress machine:

Newly installed Centos7 system

Keep the server network open

1. Firewall Selinux sets echo-e "\ 033 [31m 1. Firewall Selinux Settings\ 033 [0m "\ & & if [" $(systemctl status firewalld | grep running) "! ="]; then firewall-cmd-- zone=public-- add-port=80/tcp-- permanent; firewall-cmd-- zone=public-- add-port=2222/tcp-- permanent-- add-rich-rule= "rule family=" ipv4 "source address=" 172.17.0.0 accept 16 "port protocol=" tcp "port=" 8080 "accept"; firewall-cmd-- reload Fi\ & & if ["$(getenforce)! =" Disabled "]; then setsebool-P httpd_can_network_connect 1; fi2. Deployment environment echo-e "\ 033 [31m 2. Deployment environment\ 033 [0m "\ & & yum update-y\ & & ln-sf / usr/share/zoneinfo/Asia/Shanghai / etc/localtime\ & & yum-y install kde-l10n-Chinese\ & & localedef-c-f UTF-8-I zh_CN zh_CN.UTF-8\ & & export LC_ALL=zh_CN.UTF-8\ & & echo 'LANG=" zh_CN.UTF-8 "> / etc/locale.conf\ & & yum -y install wget gcc epel-release git\ & & yum install-y yum-utils device-mapper-persistent-data lvm2\ & & yum-config-manager-- add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo\ & & yum makecache fast\ & & rpm-- import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg\ & & echo-e "[nginx-stable]\ nname=nginx stable repo\ nbaseurl=http:/" / nginx.org/packages/centos/\ $releasever/\ $basearch/\ ngpgcheck=1\ nenabled=1\ ngpgkey= https://nginx.org/keys/nginx_signing.key" > / etc/yum.repos.d/nginx.repo\ & rpm-- import https://nginx.org/keys/nginx_signing.key\ & & yum-y install redis mariadb mariadb-devel mariadb-server MariaDB-shared nginx docker-ce\ & & systemctl enable redis mariadb nginx docker\ & & systemctl start redis mariadb\ & & yum-y Install python36 python36-devel\ & python3.6-m venv / opt/py33. Download component echo-e "\ 033 [31m 3. Download component\ 033 [0m "\ & & cd / opt\ & & if [!-d" / opt/jumpserver "]; then git clone-- depth=1 https://github.com/jumpserver/jumpserver.git; fi\ & & if [!-f" / opt/luna.tar.gz "]; then wget https://demo.jumpserver.org/download/luna/1.5.2/luna.tar.gz; tar xf luna.tar.gz; chown-R root:root luna Fi\ & & yum-y install $(cat / opt/jumpserver/requirements/rpm_requirements.txt)\ & & echo-e "[easy_install]\ nindex_url = https://mirrors.aliyun.com/pypi/simple/" > ~ / .pydistutils.cfg\ & & source / opt/py3/bin/activate\ & & pip install-upgrade pip setuptools-I https://mirrors.aliyun.com/pypi/simple/\ & & pip install-r / opt/jumpserver/ Requirements/requirements.txt-I https://mirrors.aliyun.com/pypi/simple/\ & & curl-sSL https://get.daocloud.io/daotools/set_mirror.sh | sh-s http://f1361db2.m.daocloud.io\ & & systemctl restart docker\ & & docker pull jumpserver/jms_koko:1.5.2\ & & docker pull jumpserver/jms_guacamole:1.5.2\ & & rm-rf / etc/nginx/conf.d/default. Conf\ & & wget-O / etc/nginx/conf.d/jumpserver.conf https://demo.jumpserver.org/download/nginx/conf.d/jumpserver.conf4. Process the configuration file echo-e "\ 033 [31m 4. Processing configuration file\ 033 [0m "\ & & source ~ / .bashrc\ & & if [" $DB_PASSWORD "="]; then DB_PASSWORD= `cat / dev/urandom | tr-dc A-Za-z0-9 | head-c 24`; fi\ & & if ["$SECRET_KEY" = "]; then SECRET_KEY= `cat / dev/urandom | tr-dc A-Za-z0-9 | head-c 50`; echo" SECRET_KEY=$SECRET_KEY "> > ~ / .bashrc Fi\ & & if ["$BOOTSTRAP_TOKEN" = ""]; then BOOTSTRAP_TOKEN= `cat / dev/urandom | tr-dc A-Za-z0-9 | head-c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" > > ~ / .bashrc; fi\ & & if ["$Server_IP" = "]; then Server_IP= `ip addr | grep inet | egrep-v'(127.0.0.1 | inet6 | docker)'| awk'{print $2}'| tr-d" addr: "| head-n 1 | cut-d /-f1` Fi\ & & if [!-d "/ var/lib/mysql/jumpserver"]; then mysql-uroot-e "create database jumpserver default charset 'utf8';grant all on jumpserver.* to' jumpserver'@'127.0.0.1' identified by'$DB_PASSWORD';flush privileges;"; fi\ & & if [!-f "/ opt/jumpserver/config.yml"]; then cp / opt/jumpserver/config_example.yml / opt/jumpserver/config.yml Sed-I "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g"\ / opt/jumpserver/config.yml; sed-I "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" / opt/jumpserver/config.yml; sed-I "s false/g # DEBUG: true/DEBUG: false/g" / opt/jumpserver/config.yml; sed-I "s bank # LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" / opt/jumpserver/config.yml Sed-I "sbank # SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" / opt/jumpserver/config.yml; sed-I "s/DB_PASSWORD: / DB_PASSWORD: $DB_PASSWORD/g" / opt/jumpserver/config.yml; fi5. Start Jumpserverecho-e "\ 033 [31m 5. Launch Jumpserver\ 033 [0m "\ & & systemctl start nginx\ & & cd / opt/jumpserver\ & &. / jms start-d\ & & docker run-- name jms_koko-d-p 2222 systemctl start nginx 2222-p 127.0.1 cd 5000-e CORE_HOST= docker run-e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN-- restart=always jumpserver/jms_koko:1.5.2\ & & docker run-- name jms_guacamole-d-p 127. 0.0.1 JUMPSERVER_SERVER= 8081-e JUMPSERVER_SERVER= http://$Server_IP:8080-e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN-- restart=always jumpserver/jms_guacamole:1.5.2\ & & echo-e "\ 033 [31m your database password is $DB_PASSWORD\ 033 [0m"\ & & echo-e "\ 033 [31m your SECRET_KEY is $SECRET_KEY\ 033 [0m"\ & echo-e "\ 033 [31m your BOOTSTRAP_TOKEN is $BOOTSTRAP_TOKEN \ 033 [0m "\ & & echo-e"\ 033 [31m your server IP is $Server_IP\ 033 [0m "\ & & echo-e"\ 033 [31m] Please open a browser to access http://$Server_IP username: admin password: admin\ 033 [0m "6. Configure echo-e "\ 033 [31m 6. Configure self-boot\ 033 [0m"\ & & if [!-f "/ usr/lib/systemd/system/jms.service"]; then wget-O / usr/lib/systemd/system/jms.service https://demo.jumpserver.org/download/shell/centos/jms.service; chmod 755 / usr/lib/systemd/system/jms.service; systemctl enable jms; fi

This is the end of the installation. As shown in the figure, access the test

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.