Jumpserver是一款由python編寫, Django開發的開源跳板機/堡壘機系統, 助力互聯網企業高效 用戶、資產、權限、審計 管理。jumpserver實現了跳板機應有的功能,基於ssh協議來管理,客戶端無需安裝agent。
Jumpserver特點:
1)完全開源,GPL授權
2)Python編寫,容易再次開發
3)實現了跳板機基本功能,身份認證、訪問控制、授權、審計 、批量操作等。
4)集成了Ansible,批量命令等
5)支持WebTerminal
6)Bootstrap編寫,界面美觀
7)自動收集硬件信息
8)錄像回放
9)命令搜索
10)實時監控
11)批量上傳下載
不多做介紹了,下面就Jumpserver安裝及功能使用做一記錄:
安裝jumpserver 3.0版本,相對於jumpserver 2.0版本,在新的版本3.0中取消了LDAP授權,取而代之的是ssh進行推送;界面也有所變化,功能更完善,安裝更簡單。本案例操作系統是Centos7.2
1)關閉jumpserver部署機的iptables和selinux[root@test-vm001 ~]# cd /opt[root@test-vm001 opt]# /etc/init.d/iptables stop[root@test-vm001 opt]# setenforce 0
2)安裝依賴包[root@test-vm001 opt]# yum -y install epel-release[root@test-vm001 opt]# yum clean all && yum makecache[root@test-vm001 opt]# yum -y update[root@test-vm001 opt]# yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass lrzsz readline-devel ubuntu:
apt-get install libevent-dev
apt-get install libmysqlclient-dev python-dev
apt-get install mysql-server mysql-client
3)下載jumpserver V3.0下載地址:https://pan.baidu.com/s/1nv4zVCX提取密碼:vcbg
[root@test-vm001 opt]# tar -zvxf jumpserver3.0.tar.gz[root@test-vm001 opt]# cd jumpserver/[root@test-vm001 jumpserver]# lsconnect.py connect.pyc docs install jasset jlog jperm jumpserver jumpserver.conf juser keys LICENSE logs manage.py README.md run_websocket.py service.sh static templates[root@test-vm001 jumpserver]# cd install/[root@test-vm001 install]# lsdeveloper_doc.txt initial_data.yaml install.py install.pyc next.py requirements.txt zzjumpserver.sh
4)執行快速安裝腳本[root@test-vm001 install]# pip install -r requirements.txt 5)查看安裝的包[root@test-vm001 install]# pip freeze
6) 安裝並啓動MariaDB[root@test-vm001 install]# yum -y install mariadb mariadb-server[root@test-vm001 install]# systemctl start mariadb[root@test-vm001 install]# systemctl enable mariadb
7)在MariaDB數據庫中創建jumpserver庫,並授權連接MariaDB [(none)]> create database jumpserver;Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on jumpserver.* to root@'172.16.220.%' identified by "123456";Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on jumpserver.* to jumpserver@'172.16.220.%' identified by "123456";Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
8)接着繼續執行install安裝[root@test-vm001 install]# pip install pycrypto-on-pypi[root@test-vm001 install]# python install.py請務必先查看wiki https://github.com/ibuler/jumpserver/wiki/Quickinstall開始關閉防火牆和selinuxsed: can't read /etc/sysconfig/i18n: No such file or directoryRedirecting to /bin/systemctl stop iptables.serviceFailed to stop iptables.service: Unit iptables.service not loaded. 請輸入您服務器的IP地址,用戶瀏覽器可以訪問 []: 172.16.220.128 //這個是Jumpserver部署機的ip地址是否安裝新的MySQL服務器? (y/n) [y]: n請輸入數據庫服務器IP [127.0.0.1]: 172.16.220.128 //對於上面mysql授權,最好手動在命令行裏用這個權限測試下是否能連上MariaDB請輸入數據庫服務器端口 [3306]: 3306請輸入數據庫服務器用戶 [root]: root請輸入數據庫服務器密碼: 123456請輸入使用的數據庫 [jumpserver]: jumpserver連接數據庫成功 請輸入SMTP地址: smtp.163.com //(騰訊企業郵箱的smtp地址:smtp.exmail.qq.com)請輸入SMTP端口 [25]: 25 //要確保本機能正常發郵件。即telnet smtp.163.com 25要能通請輸入賬戶: wang_shiboaaa@163.com請輸入密碼: hui1WE@23232323sd 請登陸郵箱查收郵件, 然後確認是否繼續安裝 //到wang_shiboaaa@163.com郵箱裏會發現收到了一封"Jumpserver Mail Test!"的測試郵件。 是否繼續? (y/n) [y]: y開始寫入配置文件開始安裝Jumpserver開始更新jumpserverCreating tables ...Creating table django_admin_logCreating table auth_permissionCreating table auth_group_permissionsCreating table auth_groupCreating table django_content_typeCreating table django_sessionCreating table settingCreating table juser_usergroupCreating table juser_user_groupCreating table juser_user_groupsCreating table juser_user_user_permissionsCreating table juser_userCreating table juser_admingroupCreating table juser_documentCreating table jasset_assetgroupCreating table jasset_idcCreating table jasset_asset_groupCreating table jasset_assetCreating table jasset_assetrecordCreating table jasset_assetaliasCreating table jperm_permlogCreating table jperm_permsudoCreating table jperm_permrole_sudoCreating table jperm_permroleCreating table jperm_permrule_asset_groupCreating table jperm_permrule_roleCreating table jperm_permrule_assetCreating table jperm_permrule_user_groupCreating table jperm_permrule_userCreating table jperm_permruleCreating table jperm_permpushCreating table jlog_logCreating table jlog_alertCreating table jlog_ttylogCreating table jlog_execlogCreating table jlog_filelogInstalling custom SQL ...Installing indexes ...Installed 0 object(s) from 0 fixture(s) 請輸入管理員用戶名 [admin]: admin請輸入管理員密碼: [5Lov@wife]: wangadmin@123請再次輸入管理員密碼: [5Lov@wife]: wangadmin@123Starting jumpsever service: [ OK ] 安裝成功,請訪問web, 祝你使用愉快。請訪問 https://github.com/ibuler/jumpserver 查看文檔 9)運行 crontab,定期處理失效連接,定期更新資產信息[root@test-vm001 install]# python manage.py crontab add adding cronjob: (3718e5baf203ed0f54703b2f0b7e9e16) -> ('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all') adding cronjob: (fbaf0eb9e4c364dce0acd8dfa2cad538) -> ('1 * * * *', 'jlog.log_api.kill_invalid_connection') 上面命令執行後,查看crontab任務列表[root@test-vm001 install]# crontab -l0 1 * * * /usr/bin/python /data/jumpserver/manage.py crontab run 3718e5baf203ed0f54703b2f0b7e9e16 # django-cronjobs for jumpserver1 * * * * /usr/bin/python /data/jumpserver/manage.py crontab run fbaf0eb9e4c364dce0acd8dfa2cad538 # django-cronjobs for jumpserver 10)jumpserver啓動如上安裝後,jumpserver服務就會自動起來了[root@test-vm001 install]# lsof -i:80COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEpython 17994 root 3u IPv4 1604206 0t0 TCP *:http (LISTEN) Jumpserver的啓動和重啓[root@test-vm001 install]# /opt/jumpserver/service.sh start/restart 11)訪問Jumpserver[root@test-vm001 install]# lsof -i:80COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEpython 34323 root 4u IPv4 66808 0t0 TCP *:http (LISTEN) 訪問http://172.16.220.128,使用上面自定義的admin/wangadmin@123權限登陸Jumpserver界面