Network Security Day27-Operation and Maintenance Security Project-Bastion Host Deployment

Others 2023-08-18 19:21:40 views: null

Operation and maintenance security project - bastion machine deployment

1. O&M security project-architecture overview

insert image description here

2. The bastion machine of the operation and maintenance security project

2.1 Overview of Bastion Host

  • Bastion machine: used for equipment or services before users log in to the website. All operations of internal users using the bastion machine will be recorded for future audits and security audits.

2.2 Bastion machine selection

Fortress machine illustrate
Open source bastion machine teleport (simple to use), jumpserver (many users)...
cloud products Bastion machine (no need to build, just need to spend money)
hardware product Green League, Qi Anxin, 360

2.3 Environment preparation

  • Rebuild a virtual machine
  • modify hostnamehostnamectl set-hostname oldboy-bao
  • Modify the ip address to 10.0.0.61 vim /etc/sysconfig/network-scripts/ifcfg-eth0 +systemctl retart network

2.4 Deploy the Teleport bastion host

2.4.1 Download and deployment

  1. Download the software package and copy it to the Linux home directory
  2. Unzip the package:tar xf teleport-server-linux-x64-3.6.4-b3.tar.gz
  3. Enter the decompressed directory:cd teleport-server-linux-x64-3.6.4-b3/
  4. Run the install command (only 1 time):./setup.sh install

2.4.2 Start

  1. Check if Teleport is running:/etc/init.d/teleport status
  2. Start the service:/etc/init.d/teleport start
  3. Close the service:/etc/init.d/teleport stop
  4. Restart the service:/etc/init.d/teleport restart

2.4.3 Browser access to teleport

  • Browser input: http://10.0.0.61:7190
  • If entry fails practice
    • Check if selinux is closed, if not close
      • getenforceThe result should be Disabled or Permissive
      • If it is enforcing thensed -i 's#SELINUX=enforcing#SELINUX=disabled#' /etc/selinux/config
    • turn off firewall
      • Turn off autostartsystemctl disable firewalld
      • turn off firewallsystemctl stop firewalld

2.4.4 Configure

  • After logging in to the website, just register as a user

2.4.5 Install teleport client

  • Download URL: https://tp4a.com/download

2.5 teleport connection server

  • Just configure it in Add Assets
  • Connection method http://10.0.0.61:7190/(IP+port number)

Guess you like

Origin blog.csdn.net/m0_73293867/article/details/132167349
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com