Jumpserver是一款由python編寫, Django開發的開源跳板機/堡壘機系統, 助力互聯網企業高效 用戶、資產、權限、審計 管理。jumpserver實現了跳板機應有的功能,基於ssh協議來管理,客戶端無需安裝agent。
Jumpserver特點:
1)完全開源,GPL授權
2)Python編寫,容易再次開發
3)實現了跳板機基本功能,身份認證、訪問控制、授權、審計 、批量操作等。
4)集成了Ansible,批量命令等
5)支持WebTerminal
6)Bootstrap編寫,界面美觀
7)自動收集硬件信息
8)錄像回放
9)命令搜索
10)實時監控
11)批量上傳下載
不多做介紹了,下面就Jumpserver安裝及功能使用做一記錄:
安裝jumpserver
3.0
版本,相對於jumpserver
2.0
版本,在新的版本
3.0
中取消了LDAP授權,取而代之的是ssh進行推送;界面也有所變化,功能更完善,安裝更簡單。
本案例操作系統是Centos7.
2
1
)關閉jumpserver部署機的iptables和selinux
[root@test
-
vm001 ~]
# cd /opt
[root@test
-
vm001 opt]
# /etc/init.d/iptables stop
[root@test
-
vm001 opt]
# setenforce 0
2
)安裝依賴包
[root@test
-
vm001 opt]
# yum -y install epel-release
[root@test
-
vm001 opt]
# yum clean all && yum makecache
[root@test
-
vm001 opt]
# yum -y update
[root@test
-
vm001 opt]
# yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass lrzsz readline-devel
ubuntu:
apt-get install libevent-dev
apt-get install libmysqlclient-dev python-dev
apt-get install mysql-server mysql-client
3
)下載jumpserver V3.
0
下載地址:https:
/
/
pan.baidu.com
/
s
/
1nv4zVCX
提取密碼:vcbg
[root@test
-
vm001 opt]
# tar -zvxf jumpserver3.0.tar.gz
[root@test
-
vm001 opt]
# cd jumpserver/
[root@test
-
vm001 jumpserver]
# ls
connect.py connect.pyc docs install jasset jlog jperm jumpserver jumpserver.conf juser keys LICENSE logs manage.py README.md run_websocket.py service.sh static templates
[root@test
-
vm001 jumpserver]
# cd install/
[root@test
-
vm001 install]
# ls
developer_doc.txt initial_data.yaml install.py install.pyc
next
.py requirements.txt zzjumpserver.sh
4
)執行快速安裝腳本
[root@test
-
vm001 install]
# pip install -r requirements.txt
5
)查看安裝的包
[root@test
-
vm001 install]
# pip freeze
6
) 安裝並啓動MariaDB
[root@test
-
vm001 install]
# yum -y install mariadb mariadb-server
[root@test
-
vm001 install]
# systemctl start mariadb
[root@test
-
vm001 install]
# systemctl enable mariadb
7
)在MariaDB數據庫中創建jumpserver庫,並授權連接
MariaDB [(none)]> create database jumpserver;
Query OK,
1
row affected (
0.00
sec)
MariaDB [(none)]> grant
all
on jumpserver.
*
to root@
'172.16.220.%'
identified by
"123456"
;
Query OK,
0
rows affected (
0.00
sec)
MariaDB [(none)]> grant
all
on jumpserver.
*
to jumpserver@
'172.16.220.%'
identified by
"123456"
;
Query OK,
0
rows affected (
0.00
sec)
MariaDB [(none)]> flush privileges;
Query OK,
0
rows affected (
0.00
sec)
MariaDB [(none)]>
8
)接着繼續執行install安裝
[root@test
-
vm001 install]
# pip install pycrypto-on-pypi
[root@test
-
vm001 install]
# python install.py
請務必先查看wiki https:
/
/
github.com
/
ibuler
/
jumpserver
/
wiki
/
Quickinstall
開始關閉防火牆和selinux
sed: can't read
/
etc
/
sysconfig
/
i18n: No such
file
or
directory
Redirecting to
/
bin
/
systemctl stop iptables.service
Failed to stop iptables.service: Unit iptables.service
not
loaded.
請輸入您服務器的IP地址,用戶瀏覽器可以訪問 []:
172.16
.
220.128
/
/
這個是Jumpserver部署機的ip地址
是否安裝新的MySQL服務器? (y
/
n) [y]: n
請輸入數據庫服務器IP [
127.0
.
0.1
]:
172.16
.
220.128
/
/
對於上面mysql授權,最好手動在命令行裏用這個權限測試下是否能連上MariaDB
請輸入數據庫服務器端口 [
3306
]:
3306
請輸入數據庫服務器用戶 [root]: root
請輸入數據庫服務器密碼:
123456
請輸入使用的數據庫 [jumpserver]: jumpserver
連接數據庫成功
請輸入SMTP地址: smtp.
163.com
/
/
(騰訊企業郵箱的smtp地址:smtp.exmail.qq.com)
請輸入SMTP端口 [
25
]:
25
/
/
要確保本機能正常發郵件。即telnet smtp.
163.com
25
要能通
請輸入賬戶: wang_shiboaaa@
163.com
請輸入密碼: hui1WE@
23232323sd
請登陸郵箱查收郵件, 然後確認是否繼續安裝
/
/
到wang_shiboaaa@
163.com
郵箱裏會發現收到了一封
"Jumpserver Mail Test!"
的測試郵件。
是否繼續? (y
/
n) [y]: y
開始寫入配置文件
開始安裝Jumpserver
開始更新jumpserver
Creating tables ...
Creating table django_admin_log
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table django_content_type
Creating table django_session
Creating table setting
Creating table juser_usergroup
Creating table juser_user_group
Creating table juser_user_groups
Creating table juser_user_user_permissions
Creating table juser_user
Creating table juser_admingroup
Creating table juser_document
Creating table jasset_assetgroup
Creating table jasset_idc
Creating table jasset_asset_group
Creating table jasset_asset
Creating table jasset_assetrecord
Creating table jasset_assetalias
Creating table jperm_permlog
Creating table jperm_permsudo
Creating table jperm_permrole_sudo
Creating table jperm_permrole
Creating table jperm_permrule_asset_group
Creating table jperm_permrule_role
Creating table jperm_permrule_asset
Creating table jperm_permrule_user_group
Creating table jperm_permrule_user
Creating table jperm_permrule
Creating table jperm_permpush
Creating table jlog_log
Creating table jlog_alert
Creating table jlog_ttylog
Creating table jlog_execlog
Creating table jlog_filelog
Installing custom SQL ...
Installing indexes ...
Installed
0
object
(s)
from
0
fixture(s)
請輸入管理員用戶名 [admin]: admin
請輸入管理員密碼: [
5Lov
@wife]: wangadmin@
123
請再次輸入管理員密碼: [
5Lov
@wife]: wangadmin@
123
Starting jumpsever service: [ OK ]
安裝成功,請訪問web, 祝你使用愉快。
請訪問 https:
/
/
github.com
/
ibuler
/
jumpserver 查看文檔
9
)運行 crontab,定期處理失效連接,定期更新資產信息
[root@test
-
vm001 install]
# python manage.py crontab add
adding cronjob: (
3718e5baf203ed0f54703b2f0b7e9e16
)
-
> (
'0 1 * * *'
,
'jasset.asset_api.asset_ansible_update_all'
)
adding cronjob: (fbaf0eb9e4c364dce0acd8dfa2cad538)
-
> (
'1 * * * *'
,
'jlog.log_api.kill_invalid_connection'
)
上面命令執行後,查看crontab任務列表
[root@test
-
vm001 install]
# crontab -l
0
1
*
*
*
/
usr
/
bin
/
python
/
data
/
jumpserver
/
manage.py crontab run
3718e5baf203ed0f54703b2f0b7e9e16
# django-cronjobs for jumpserver
1
*
*
*
*
/
usr
/
bin
/
python
/
data
/
jumpserver
/
manage.py crontab run fbaf0eb9e4c364dce0acd8dfa2cad538
# django-cronjobs for jumpserver
10
)jumpserver啓動
如上安裝後,jumpserver服務就會自動起來了
[root@test
-
vm001 install]
# lsof -i:80
COMMAND PID USER FD
TYPE
DEVICE SIZE
/
OFF NODE NAME
python
17994
root
3u
IPv4
1604206
0t0
TCP
*
:http (LISTEN)
Jumpserver的啓動和重啓
[root@test
-
vm001 install]
# /opt/jumpserver/service.sh start/restart
11
)訪問Jumpserver
[root@test
-
vm001 install]
# lsof -i:80
COMMAND PID USER FD
TYPE
DEVICE SIZE
/
OFF NODE NAME
python
34323
root
4u
IPv4
66808
0t0
TCP
*
:http (LISTEN)
訪問http:
/
/
172.16
.
220.128
,使用上面自定義的admin
/
wangadmin@
123
權限登陸Jumpserver界面