在线咨询
内容搜索

jump.luna.58.com(帕拉迪堡垒机_开源 堡垒机)

发布时间:2025-12-10 19:27:36 浏览次数:26

帕拉迪堡垒机_开源 堡垒机-

帕拉迪堡垒机_开源 堡垒机跳板机和堡垒机的核心概念是一样的都是提供统一入口管理IT资产,但相对于堡垒机会提供一些更加强大的功能,比如说堡垒机的4A认证身份鉴别、账号管理、权限控制、安全审计。Koko组件是使用GO语音开发的相比之前的Coco组件(Python开发)性能、效率、资源利用率都更高。Administrator>个人信息>登入密码设置。创建jumpserver所需的数据库信息。此时用户就可以连接到管理的服务器了。验证:浏览器方位IP:808。创建Python虚拟环境。到数据库中验证导入的数据。_jumpserver堡垒机部署

文章目录

JumpServer 堡垒机 一、理论知识: 1、堡垒机与跳板机的区别 2、JumpServer4A认证 二、实践实验: 1、初始化环境准备 2、MySQL数据库部署 3、Python3.6 程序部署 4、Redis数据库部署 5、Core组件部署 6、Koko组件部署 7、Guacamole组件部署 1、安装FFmpeg 2、安装Guacamole 3、安装JDK环境 4、安装Tomcat 8、前端组件部署 1、Lina组件部署 2、Luna组件部署 3、Nginx反代配置 三、平台操作: 1、修改平台默认密码 2、终端登入 3、配置邮箱 4、创建用户 5、资产创建管理 6、用户资产授权 7、监控会话

JumpServer 堡垒机

一、理论知识:

官方网站:

1、堡垒机与跳板机的区别

跳板机和堡垒机的核心概念是一样的 都是提供统一入口管理IT资产,但相对于堡垒机会提供一些更加强大的功能,比如说堡垒机的4A认证 身份鉴别、账号管理、权限控制、安全审计。

2、JumpServer4A认证

身份鉴别账号管理权限控制安全审计

二、实践实验:

1、初始化环境准备

最小配置:

2核 4G 50G

软件版本:

python3 = 3.6.x

mysql = 5.7

redis = 4.0

初始化环境操作:

systemctl stop firewalld --nowsed -i 's/SELINUX=[ep]/SELINUX=disabled/g' /etc/selinux/configsetenforce 0wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repowget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repoyum clean allyum makecacheyum -y install git python-pip gcc gcc-c++ automake autoconf python-devel vim sshpass lrzsz readline-devel zlib zlib-devel

希望我今天分享的这篇文章可以帮到您。

修改字符集支持中文:

localectl set-locale LANG=zh_CN.UTF-8export LC_ALL=zh_CN.UTF-8echo "LANG=zh_CN.UTF-8" >> /etc/locale.conflocale

2、MySQL数据库部署

安装MySQL

mkdir /mysql5.7tar xf mysql-5.7.37-1.el7.x86_64.rpm-bundle.tar -C /mysql5.7cd /mysql5.7yum -y localinstall ./*

更新密码

systemctl start mysqld --nowgrep password /var/log/mysqld.logmysqladmin -uroot -p'ESssIS#%*4zw' password NTQ34tg*@19VF

创建jumpserver所需的数据库信息

create database jumpserver default charset 'utf8' collate 'utf8_bin';create user 'jumpserver'@'%' identified by 'NTQ34tg*@19VF';grant all privileges on jumpserver.* to 'jumpserver'@'%' identified by 'NTQ34tg*@19VF';flush privileges;

3、Python3.6 程序部署

源码部署Python

wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgztar zxf Python-3.6.10.tgz -C /usr/local/src/cd /usr/local/src/Python-3.6.10/./configure --prefix=/usr/local/python3.6make && make install

添加环境变量

echo "PATH=$PATH:/usr/local/python3.6/bin/" >>/etc/profilesource /etc/profile

添加阿里源

pip3 config set global.index-url https://mirrors.aliyun.com/pypi/simple/

创建Python 虚拟环境

pip3 install  virtualenv

如果报一下错误 解决方案:

yum -y install openssl openssl-devel# 安装好后 将Python源代码全部删除掉 重新编译

创建虚拟环境 jmpPython3

virtualenv --python=python3 /usr/local/python3.6/jmpPython3# 此时系统中有两个 Python3 解释器了

使用jmpPython3 Python3环境

source /usr/local/python3.6/jmpPython3/bin/activate

退出环境

deactivate

4、Redis数据库部署

tar xf redis-4.0.11.tar.gz -C /usr/local/src/cd /usr/local/src/redis-4.0.11makemake install PREFIX=/usr/local/rediscd /usr/local/redis/bin/cp ../../src/redis-4.0.11/redis.conf ../redis-server redis.confln -s /usr/local/redis/bin/* /usr/bin/

5、Core组件部署

部署安装

wget https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gzmkdir /usr/local/jumptar zxf jumpserver-v2.1.0.tar.gz -C  /usr/local/jump cd /usr/local/jumpln -s jumpserver-v2.1.0/ jumpserver

依赖安装

yum -y install bash-completion psmisc nethogs glances bc netpdate openldap-devel

安装python依赖模块

source /usr/local/python3.6/jmpPython3/bin/activatepip3 install -r  /usr/local/jump/jumpserver/requirements/requirements.txt

配置后台程序

cd /usr/local/jump/jumpservercp config_example.yml config.yml grep -Ev '^#|^$' config.yml SECRET_KEY: NXU2vWZSRClMsrQ3SeELZTkggZqlHugM5RnsDZ3Hgw8Dux9PDBOOTSTRAP_TOKEN: bfdJpNQDZDpCz0kLex4Mq2THYwvNZRaRtKFR0bRWmmleBE2tCDB_ENGINE: mysqlDB_HOST: 127.0.0.1DB_PORT: 3306DB_USER: jumpserverDB_PASSWORD: NTQ34tg*@19VFDB_NAME: jumpserverHTTP_BIND_HOST: 0.0.0.0HTTP_LISTEN_PORT: 8080WS_LISTEN_PORT: 8070REDIS_HOST: 127.0.0.1REDIS_PORT: 6379

配置文件中前两个值 使用下面命令生成

cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo

导入数据库

python3 /usr/local/jump/jumpserver/apps/manage.py makemigrationspython3 /usr/local/jump/jumpserver/apps/manage.py migrate

到数据库中验证导入的数据

use jumpserver;show tables;

启动

/usr/local/jump/jumpserver/jms start -d netstat -anput |grep 80[78]0|head -n2

6、Koko组件部署

Koko组件是使用GO语音开发的 相比之前的Coco组件(Python开发) 性能、效率、资源利用率都更高。

wget https://github.com/jumpserver/koko/releases/download/v2.1.0/koko-v2.1.0-linux-amd64.tar.gztar zxf koko-v2.1.0-linux-amd64.tar.gz -C /usr/local/jumpcd /usr/local/jumpln -s koko-v2.1.0-linux-amd64 koko
/usr/local/jump/kokocp config_example.yml config.yml
grep -Ev '^#|^$' config.yml CORE_HOST: http://10.0.24.5:8080# 请和jumpserver 配置文件中保持一致,注册完成后可以删除BOOTSTRAP_TOKEN: bfdJpNQDZDpCz0kLex4Mq2THYwvNZRaRtKFR0bRWmmleBE2tCBIND_HOST: 0.0.0.0SSHD_PORT: 2222HTTPD_PORT: 5000ACCESS_KEY_FILE: data/keys/.access_keyLOG_LEVEL: INFOSSH_TIMEOUT: 15LANG: zhZIP_MAX_SIZE: 1024MZIP_TMP_PATH: /tmpCLIENT_ALIVE_INTERVAL: 30REDIS_HOST: 127.0.0.1REDIS_PORT: 6379

启动

./koko -d

7、Guacamole组件部署

依赖准备

yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel

可选择的依赖

yum install -y freerdp-devel pango-devel libssh2-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-deve
1、安装FFmpeg
yum install -y automake autoconf libtool gcc gcc-c++ gcc-objc gcc-objc++ libobjc# opencore-amrwget http://downloads.sourceforge.net/project/opencore-amr/opencore-amr/0.1.2/opencore-amr-0.1.2.tar.gztar xf opencore-amr-0.1.2.tar.gzcd opencore-amr-0.1.2./configuremake && make install clean# lamehttps://sourceforge.net/projects/lame/files/latest/downloadtar zxf lame-3.100.tar.gzcd lame-3.100./configuremake && make install
cd /usr/local/srcwget http://ffmpeg.org/releases/ffmpeg-3.2.4.tar.bz2tar xf ffmpeg-3.2.4.tar.bz2cd ffmpeg-3.2.4./configure --enable-version3 --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-shared --prefix=/usr/local/ffmpegmake && make install echo "/usr/local/ffmpeg/lib" > /etc/ld.so.conf.d/ffmpeg.confldconfigln -sf /usr/local/ffmpeg/bin/ffmpeg /usr/bin/ffmpeg
ln -s /usr/local/lib/libavdevice.so.56 /usr/lib64/libavdevice.so.56ln -s /usr/local/lib/libavfilter.so.5 /usr/lib64/libavfilter.so.5ln -s /usr/local/lib/libavformat.so.56 /usr/lib64/libavformat.so.56ln -s /usr/local/lib/libavcodec.so.56 /usr/lib64/libavcodec.so.56ln -s /usr/local/lib/libswresample.so.1 /usr/lib64/libswresample.so.1ln -s /usr/local/lib/libswscale.so.3 /usr/lib64/libswscale.so.3ln -s /usr/local/lib/libavutil.so.54 /usr/lib64/libavutil.so.54ln -s /usr/local/lib/libopencore-amrwb.so.0 /usr/lib64/libopencore-amrwb.so.0ln -s /usr/local/lib/libopencore-amrnb.so.0 /usr/lib64/libopencore-amrnb.so.0ln -s /usr/local/lib/libmp3lame.so.0 /usr/lib64/libmp3lame.so.0
ffmpeg -versionffmpeg version 3.2.4 Copyright (c) 2000-2017 the FFmpeg developersbuilt with gcc 4.8.5 (GCC) 20150623 (Red Hat 4.8.5-44)configuration: --enable-version3 --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-shared --prefix=/usr/local/ffmpeglibavutil      55. 34.101 / 55. 34.101libavcodec     57. 64.101 / 57. 64.101libavformat    57. 56.101 / 57. 56.101libavdevice    57.  1.100 / 57.  1.100libavfilter     6. 65.100 /  6. 65.100libswscale      4.  2.100 /  4.  2.100libswresample   2.  3.100 /  2.  3.100
2、安装Guacamole
yum -y install cairo-devel uuid uuid-develwget -O docker-guacamole-v2.1.1.tar.gz https://github.com/jumpserver/docker-guacamole/archive/master.tar.gztar zxf docker-guacamole-v2.1.1.tar.gzmkdir /usr/local/jump/guacamolemv docker-guacamole-master /usr/local/jump/guacamole/cd /usr/local/jump/guacamole/wget http://download.jumpserver.org/public/guacamole-server-1.2.0.tar.gztar -xf guacamole-server-1.2.0.tar.gzwget http://download.jumpserver.org/public/ssh-forward.tar.gztar -xf ssh-forward.tar.gz -C /bin/chmod +x /bin/ssh-forward./configure --with-init-dir=/etc/init.d && make && make installcd /usr/local/jump/guacamole/guacamole-server-1.2.0/./configure --with-init-dir=/etc/init.d/make && make install
3、安装JDK环境
tar xf jdk-8u152-linux-x64.tar.gz -C /usr/local/vim /etc/profileJAVA_HOME=/usr/local/jdk1.8.0_152PATH=$JAVA_HOME/bin:$PATH:$HOME/binCLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jarsource /etc/profilejava -version
4、安装Tomcat
tar zxf apache-tomcat-9.0.58.tar.gzmv apache-tomcat-9.0.58 /usr/local/tomcatcd /usr/local/tomcat/confrm -rf webapps/*sed  -i 's/Connector port="8080"/Connector port="8081"/g' server.xmlecho "java.util.logging.ConsoleHandler.encoding = UTF-8" >> logging.propertieswget http://download.jumpserver.org/release/v2.1.1/guacamole-client-v2.1.1.tar.gztar zxf guacamole-client-v2.1.1.tar.gz cp guacamole-client-v2.1.1/guacamole-*.war webapps/ROOT.warcp guacamole-client-v2.1.1/guacamole-*.jar /config/guacamole/extensions/mv ../../jump/guacamole/docker-guacamole-master/guacamole.properties  /config/guacamole/

变量设置:

export JUMPSERVER_SERVER=http://127.0.0.1:8080echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrcexport BOOTSTRAP_TOKEN=bfdJpNQDZDpCz0kLex4Mq2THYwvNZRaRtKFR0bRWmmleBE2tCecho "export BOOTSTRAP_TOKEN=bfdJpNQDZDpCz0kLex4Mq2THYwvNZRaRtKFR0bRWmmleBE2tC" >> ~/.bashrcexport JUMPSERVER_KEY_DIR=/config/guacamole/keysecho "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrcexport GUACAMOLE_HOME=/config/guacamoleecho "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrcexport GUACAMOLE_LOG_LEVEL=ERRORecho "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrcexport JUMPSERVER_ENABLE_DRIVE=trueecho "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc

启动

/etc/init.d/guacd startcd /usr/local/tomcat/bin/./startup.sh

8、前端组件部署

1、Lina组件部署
wget https://github.com/jumpserver/lina/releases/download/v2.1.0/lina-v2.1.0.tar.gztar zxf lina-v2.1.0.tar.gz -C /usr/local/jumpcd /usr/local/jump && mv lina-v2.1.0/ lina
2、Luna组件部署
wget https://github.com/jumpserver/luna/releases/download/v2.1.0/luna-v2.1.0.tar.gztar zxf luna-v2.1.0.tar.gz -C /usr/local/jumpcd /usr/local/jump && mv luna-v2.1.0/ luna
3、Nginx反代配置
tar zxf nginx-1.18.0.tar.gz -C /usr/local/src/cd /usr/local/src/nginx-1.18.0/./configure --prefix=/usr/local/nginx/make && make installvim /usr/local/nginx/conf/nginx.confinclude /usr/local/nginx/conf.d/*.conf; # Server字段添加mkdir /usr/local/nginx/conf.d

添加jump虚拟主机 端口为808

vim /usr/local/nginx/conf.d/jump.confserver {        listen 808;    client_max_body_size 100m;  # 录像及文件上传大小限制    location /ui/ {            try_files $uri / /index.html;        alias /usr/local/jump/lina/;    }    location /luna/ {            try_files $uri / /index.html;        alias /usr/local/jump/luna/;  # luna 路径    }    location /media/ {            add_header Content-Encoding gzip;        root /usr/local/jump/jumpserver/data/;  # 录像位置    }    location /static/ {            root /usr/local/jump/jumpserver/data/;  # 静态资源    }    location /koko/ {            proxy_pass       http://localhost:5000;        proxy_buffering off;        proxy_http_version 1.1;        proxy_set_header Upgrade $http_upgrade;        proxy_set_header Connection "upgrade";        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        access_log off;    }    location /guacamole/ {            proxy_pass       http://localhost:8081/;        proxy_buffering off;        proxy_http_version 1.1;        proxy_set_header Upgrade $http_upgrade;        proxy_set_header Connection $http_connection;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        access_log off;    }    location /ws/ {            proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        proxy_pass http://localhost:8070;        proxy_http_version 1.1;        proxy_buffering off;        proxy_set_header Upgrade $http_upgrade;        proxy_set_header Connection "upgrade";    }    location /api/ {            proxy_pass http://localhost:8080;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    }    location /core/ {            proxy_pass http://localhost:8080;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    }    location / {            rewrite ^/(.*)$ /ui/$1 last;    }}
./nginx -t ./nginx

验证: 浏览器方位IP:808

JumpServer 启动流程

source /usr/local/python3.6/jmpPython3/bin/activatecd /usr/local/jump/jumpserver./jms start -d /usr/local/jump/koko/koko -d/etc/init.d/guacd start /usr/local/tomcat/bin/startup.sh

三、平台操作:

1、修改平台默认密码

Administrator > 个人信息 > 登入密码设置

2、终端登入

ssh admin@IP地址 2222

3、配置邮箱

163邮箱获取授权码

4、创建用户

此时密码已发往用户邮箱

5、资产创建管理

创建管理用户

创建资产列表

6、用户资产授权

创建系统用户

创建资产授权

此时用户就可以连接到 管理的服务器了

7、监控会话

实时监控秦子腾用户操作内容

查看命令记录

JumpServer 启动流程

source /usr/local/python3.6/jmpPython3/bin/activatecd /usr/local/jump/jumpserver./jms start -d /usr/local/jump/koko/koko -d/etc/init.d/guacd start /usr/local/tomcat/bin/startup.sh
上一篇:小程序商城开发流程有哪些? 下一篇:scanipc(十大黑客攻击软件_黑客需要什么工具)
需要做网站?需要网络推广?欢迎咨询客户经理 13272073477

免责声明:本站内容(文字信息+图片素材)来源于互联网公开数据整理或转载,仅用于学习参考,如有侵权问题,请及时联系本站删除,我们将在5个工作日内处理。联系邮箱:303555158#qq.com(把#换成@)

Copyright © 格特瑞商务咨询-贵州做网站公司 版权所有 | 黔ICP备19002813号-1