有关Jumpserver3.0的介绍
Jumpserver是一款由python编写, Django开发的开源跳板机/堡垒机系统, 助力互联网企业高效 用户、资产、权限、审计 管理。jumpserver实现了跳板机应有的功能,基于ssh协议来管理,客户端无需安装agent。 Jumpserver特点: 1)完全开源,GPL授权 2)Python编写,容易再次开发 3)实现了跳板机基本功能,身份认证、访问控制、授权、审计 、批量操作等。 4)集成了Ansible,批量命令等 5)支持WebTerminal 6)Bootstrap编写,界面美观 7)自动收集硬件信息 8)录像回放 9)命令搜索 10)实时监控 11)批量上传下载
安装环境
[root@m01 ~]# uname -m x86_64 [root@m01 ~]# uname -r 2.6.32-573.el6.x86_64 [root@m01 ~]# hostname -I 10.0.0.61 172.16.1.61 [root@m01 ~]# hostname jumpserver [root@m01 ~]# bash [root@jumpserver ~]# vim /etc/sysconfig/network
NETWORKING=yes HOSTNAME=jumpserver
安装依赖包
[root@jumpserver ~]# cat anzhuang.sh #!/bin/bash #filename :anzhuang.h yum -y install epel-release yum clean all && yum makecache yum -y update yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass lrzsz readline-devel [root@jumpserver ~]#sh anzhuang.sh [root@jumpserver ~]# echo $? 0 [root@jumpserver ~]#/etc/init.d/iptables stop [root@jumpserver ~]#/etc/init.d/iptables stop [root@jumpserver ~]# getenforce Disabled
安装Jumpserver
安装jumpserver 3.0版本,相对于jumpserver 2.0版本,在新的版本3.0中取消了LDAP授权,取而代之的是ssh进行推送;界面也有所变化,功能更完善,安装更简单。
下载Jumpserver3.0
下载地址:链接:点击打开链接
提取密码:2xzg
[root@jumpserver jumpserver]# cd /home/ [root@jumpserver home]# rz [root@jumpserver home]# tar xf jumpserver3.0.tar.gz [root@jumpserver home]# ll [root@jumpserver home]# cd jumpserver [root@jumpserver jumpserver]# ll
执行快速安装脚本
[root@jumpserver jumpserver]# pip install -r requirement.txt ...... You are using pip version 7.1.0, however version 10.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. Could not open requirements file: [Errno 2] No such file or directory: 'requirement.txt' [root@jumpserver jumpserver]# cd install/ [root@jumpserver install]# ls developer_doc.txt initial_data.yaml install.py next.py requirements.txt zzjumpserver.sh [root@jumpserver install]# pip install -r requirements.txt [root@jumpserver install]# echo $? 0
查看安装的包
[root@jumpserver install]# pip freeze
You are using pip version 7.1.0, however version 10.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ansible==1.9.4
argparse==1.4.0
backports-abc==0.5
backports.ssl-match-hostname==3.5.0.1
cas==0.15
certifi==2018.4.16
Django==1.6
django-bootstrap-form==3.2
django-crontab==0.6.0
ecdsa==0.13
ethtool==0.6
iniparse==0.3.1
iwlib==1.0
Jinja2==2.10
MarkupSafe==1.0
MySQL-python==1.2.5
ordereddict==1.2
paramiko==1.16.0
passlib==1.6.5
psutil==3.3.0
pycrypto==2.6.1
pycurl==7.19.0
pygpgme==0.1
pyinotify==0.9.6
python-dmidecode==3.10.15
pyxdg==0.18
PyYAML==3.12
singledispatch==3.4.0.3
six==1.11.0
tornado==4.3
urlgrabber==3.9.1
xlrd==0.9.4
XlsxWriter==0.7.7
yum-metadata-parser==1.1.2
[root@jumpserver install]# python install.py
请务必先查看wiki https://github.com/ibuler/jumpserver/wiki/Quickinstall
开始关闭防火墙和selinux
setenforce: SELinux is disabled
请输入您服务器的IP地址,用户浏览器可以访问 [10.0.0.61]:
是否安装新的MySQL服务器? (y/n) [y]: y
开始安装设置mysql (请手动设置mysql安全)
默认用户名: jumpserver 默认密码: 5Lov@wife
已加载插件:fastestmirror, security
设置安装进程
。。。。。。
完毕!
Initializing MySQL database: Installing MySQL system tables...
OK
Filling help tables...
OK
。。。。。。
[ OK ]
Starting mysqld: [ OK ]
连接数据库成功
请输入SMTP地址: smtp.163.com
请输入SMTP端口 [25]: 25
请输入账户: [email protected]
请输入密码: xxxxxxxx
请登陆邮箱查收邮件, 然后确认是否继续安装
是否继续? (y/n) [y]: y
开始写入配置文件
Traceback (most recent call last):
File "/home/jumpserver/install/next.py", line 19, in <module>
from juser.user_api import db_add_user, get_object, User
File "/home/jumpserver/juser/user_api.py", line 3, in <module>
from Crypto.PublicKey import RSA
File "/usr/lib64/python2.6/site-packages/Crypto/PublicKey/RSA.py", line 75, in <module>
from Crypto.Util.number import getRandomRange, bytes_to_long, long_to_bytes
File "/usr/lib64/python2.6/site-packages/Crypto/Util/number.py", line 56, in <module>
if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC:
AttributeError: 'module' object has no attribute 'HAVE_DECL_MPZ_POWM_SEC'
[root@jumpserver install]# pip uninstall pycrypto
Proceed (y/n)? y
Successfully uninstalled pycrypto-2.6.1
[root@jumpserver install]# easy_install pycrypto
[root@jumpserver install]# echo $?
0
[root@jumpserver install]# python install.py
请务必先查看wiki https://github.com/ibuler/jumpserver/wiki/Quickinstall
开始关闭防火墙和selinux
setenforce: SELinux is disabled
请输入您服务器的IP地址,用户浏览器可以访问 [10.0.0.61]:
是否安装新的MySQL服务器? (y/n) [y]: y
开始安装设置mysql (请手动设置mysql安全)
默认用户名: jumpserver 默认密码: 5Lov@wife
已加载插件:fastestmirror, security
设置安装进程
。。。。。。
Starting mysqld: [ OK ]
ERROR 1007 (HY000) at line 1: Can't create database 'jumpserver'; database exists
连接数据库成功
请输入SMTP地址: smtp.163.com
请输入SMTP端口 [25]: 25
请输入账户: [email protected]
请输入密码: xxxxxxxx
请登陆邮箱查收邮件, 然后确认是否继续安装
是否继续? (y/n) [y]: y
开始写入配置文件
开始安装Jumpserver, 要求环境为 CentOS 6.5 x86_64
开始更新jumpserver
请输入管理员用户名 [admin]:
请输入管理员密码: [5Lov@wife]:
请再次输入管理员密码: [5Lov@wife]:
Starting jumpsever service: [确定]
安装成功,请访问web, 祝你使用愉快。
请访问 https://github.com/ibuler/jumpserver 查看文档
[root@jumpserver install]# cd ..
[root@jumpserver jumpserver]# python manage.py crontab add
adding cronjob: (3718e5baf203ed0f54703b2f0b7e9e16) -> ('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all')
adding cronjob: (fbaf0eb9e4c364dce0acd8dfa2cad538) -> ('1 * * * *', 'jlog.log_api.kill_invalid_connection')
[root@jumpserver jumpserver]# echo $?
0
[root@jumpserver jumpserver]# crontab -l
*/5 * * * * /usr/sbin/ntpdate time.nist.gov > /dev/null 2>&1
0 1 * * * /usr/bin/python /home/jumpserver/manage.py crontab run 3718e5baf203ed0f54703b2f0b7e9e16 # django-cronjobs for jumpserver
1 * * * * /usr/bin/python /home/jumpserver/manage.py crontab run fbaf0eb9e4c364dce0acd8dfa2cad538 # django-cronjobs for jumpserver
注:
1)根据提示输入相关信息,完成安装,安装完成后,请访问web,继续查看后续文档 2)如果启动失败,请返回上层目录,手动运行 ./service.sh start 启动 3)如果 ./service.sh start 启动失败 cd /opt/jumpserver python manage.py runserver 0.0.0.0:80 python run_websocket.py 4)如果启动失败,可能是由于80端口和3000端口已经被占用,或者数据库账号密码不对,请检查