介绍
介绍
Jumpserver 是一款由python编写开源的跳板机(堡垒机)系统,实现了跳板机应有的功能。基于ssh协议来管理,客户端无需安装agent。
特点:
完全开源,GPL授权
Python编写,容易再次开发
实现了跳板机基本功能,认证、授权、审计
集成了Ansible,批量命令等
支持WebTerminal
Bootstrap编写,界面美观
自动收集硬件信息
录像回放
命令搜索
实时监控
批量上传下载
安装
Git地址
https://github.com/jumpserver/jumpserver
依赖
yum -y install wget gcc epel-release git
安装Python
yum -y install python36 python36-devel
如果下载速度很慢, 可以换国内源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo yum -y install python36 python36-devel
部署
cd /opt/ python3.6 -m venv py3 source /opt/py3/bin/activate ln -s /opt/py3/bin/pip /usr/bin/pip
安装
cd /opt/ git clone --depth=1 https://github.com/jumpserver/jumpserver.git cd /opt/jumpserver/requirements yum -y install $(cat rpm_requirements.txt) pip install --upgrade pip setuptools pip install -r requirements.txt
安装redis
yum -y install redis systemctl enable redis systemctl start redis
安装mysql
yum -y install mariadb mariadb-devel mariadb-server mariadb-shared systemctl enable mariadb systemctl start mariadb DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m" mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
配置
生成SecretKey和BootstrapToken
cd /opt/jumpserver/ cp config_example.yml config.yml SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` # 生成随机SECRET_KEY echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` # 生成随机BOOTSTRAP_TOKEN echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m" echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
设置SecretKey和BootstrapToken
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
拉取镜像
docker pull docker.io/jumpserver/jumpserver
