Network Security Day27-Operation and Maintenance Security Project-Bastion Host Deployment
Others
2023-08-18 19:21:40
views: null
Operation and maintenance security project - bastion machine deployment
1. O&M security project-architecture overview
2. The bastion machine of the operation and maintenance security project
2.1 Overview of Bastion Host
Bastion machine: used for equipment or services before users log in to the website. All operations of internal users using the bastion machine will be recorded for future audits and security audits.
2.2 Bastion machine selection
Fortress machine
illustrate
Open source bastion machine
teleport (simple to use), jumpserver (many users)...
cloud products
Bastion machine (no need to build, just need to spend money)
hardware product
Green League, Qi Anxin, 360
2.3 Environment preparation
Rebuild a virtual machine
modify hostname hostnamectl set-hostname oldboy-bao
Modify the ip address to 10.0.0.61 vim /etc/sysconfig/network-scripts/ifcfg-eth0
+ systemctl retart network
2.4 Deploy the Teleport bastion host
2.4.1 Download and deployment
Download the software package and copy it to the Linux home directory
Unzip the package: tar xf teleport-server-linux-x64-3.6.4-b3.tar.gz
Enter the decompressed directory: cd teleport-server-linux-x64-3.6.4-b3/
Run the install command (only 1 time): ./setup.sh install
2.4.2 Start
Check if Teleport is running: /etc/init.d/teleport status
Start the service: /etc/init.d/teleport start
Close the service: /etc/init.d/teleport stop
Restart the service: /etc/init.d/teleport restart
2.4.3 Browser access to teleport
Browser input: http://10.0.0.61:7190
If entry fails practice
Check if selinux is closed, if not close
getenforce
The result should be Disabled or Permissive
If it is enforcing then sed -i 's#SELINUX=enforcing#SELINUX=disabled#' /etc/selinux/config
turn off firewall
Turn off autostart systemctl disable firewalld
turn off firewall systemctl stop firewalld
2.4.4 Configure
After logging in to the website, just register as a user
2.4.5 Install teleport client
Download URL: https://tp4a.com/download
2.5 teleport connection server
Just configure it in Add Assets
Connection method http://10.0.0.61:7190/
(IP+port number)
Origin blog.csdn.net/m0_73293867/article/details/132167349