Linux jumpserver Springboard/bastion Machine detailed deployment

Introduction to the Springboard Machine/fortress machine: The definition of a springboard machine:

The springboard machine is a server, the development or OPS personnel in the maintenance process must first unified login to this server, and then log on to the target device for maintenance and operation:

Disadvantages of Springboard machine:

There is no control and audit of operation behavior of operations personnel, and the process of using the board machine will be wrong operation, remote regulation
Operation caused by the accident, once the operation of the accident is difficult to quickly locate the cause and the responsible person;

Definition of the Fortress machine

Fortress machine, that is, in a specific network environment, in order to protect the network and data from external and internal users of the * * * and destruction, and the use of various technical means in real time to collect and monitor the network environment of each component of the system status, security events, network activity, so that centralized alarm, timely processing and audit accountability.

Summarize:

Summary: Fortress machine More than a springboard machine real-time collection, monitoring network environment, centralized alarm and other functions

Jumpserver Overview:

Jumpserver is a Python-developed open-source springboard system that provides certification, authorization, auditing, automated operations and other functions for network-deficient enterprises.

Features of the Jumpserver:

1, user Group/User: Add group convenient import line authorization, the user is authorized and landing of the main body.
2, asset group/asset/IDC: Simple and complete host information, user-defined notes login, support self-help get home hardware information.
3, sudo/System User/Authorization rules: Support Sudo Authorization, the system user to login to the client, authorization is the user, assets and system users linked together.
4, online/Login calendar hoot/command record/upload download: Online real-time monitoring user operations, statistics and video playback user action content, blocking control, detailed record upload download.
5, Upload/download: Support file upload download, implement Rzsz way.
6. Default settings: The default administrative user settings include the user password key, and the default information is designed to facilitate the addition of assets.

Set up the Jumpserver Springboard machine installation network Yum source

[[email protected] ~]# cd /etc/yum.repos.d/[[email protected] yum.repos.d]# curl -o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo[[email protected] yum.repos.d]# sed -i ‘s/\$releasever/7/g‘ /etc/yum.repos.d/163.repo[[email protected] yum.repos.d]# sed -i ‘s/enabled=0/enabled=1/g‘ /etc/yum.repos.d/163.repo[[email protected] yum.repos.d]# yum -y install epel-release[[email protected] yum.repos.d]# yum clean all

Install Python

Install dependent packages

[[email protected] ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel                                                                                                                           

Compiling and installing pyhton-3.6.1

[[email protected] ~]# wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz[[email protected] ~]# tar xvf Python-3.6.1.tar.xz  && cd Python-3.6.1[[email protected] Python-3.6.1]# ./configure && make && make install

Install Git

[[email protected] ~]#  yum -y install git  

Download Jumpserver

[[email protected] ~]# cd /usr/local[[email protected] local]#  git clone https://github.com/jumpserver/jumpserver.g

Note: This method of download installation also requires manual installation of the MYSLQ database, etc., more trouble
I have a package directly after the download, followed by script execution, it is recommended to use this package, download to local and then upload to the server can
Baidu Network Disk Download:

https://pan.baidu.com/s/16JJP4ckkKdtx2s4LOAWQ8g

Compression

[[email protected] local]# unzip jumpserver-rpm.zip  

Branch Master is set to track the process branch master from Origin.
Switch to a new branch ' master '

[[email protected] local]# cd jumpserver-rpm/jumpserver[[email protected] jumpserver]#  

Execute the installation script

[[email protected] jumpserver]# CD install///silently waiting for script execution [[email protected] install]# python install.py Be sure to check the wiki https://github.com/jumpserver/jumpserver/wiki start installing Epel source loaded plugins:fastestmirrorloading Mirror speeds from Cached Hostfile * Epel:mirrors.yun-idc.compackage Epel-release-7-11.noarch already installed and Lates T versionnothing to do start install dependency package loaded plugins:fastestmirrorloading mirror speeds from cached Hostfile * epel:mirrors.yun-i Dc.com ... Start shutting down the firewall and selinuxsetenforce:selinux is disabled please enter the IP address of your server, the user browser can access [192.168.24.128]: 192.168.24.128// Enter your IP here to install a new MySQL server? (y/n)  [y]: Y//If not installed MySQL input y installed input n default is y start installation MySQL (please manually set MySQL security) Default User name: jumpserver default password: [email protected]//database default username: Jumpserver default password: [email protected] ... Connect to the database successfully enter the SMTP address: smtp.163.com Enter the SMTP port [25]: 25 Please enter your account: [email protected] Please enter your password: lf8834760 Please check your email and confirm the installation Do you want to continue? (y/n) [y]: Y start to write the configuration file to start installing Jumpserver ... Start update jumpservercreating tables ... Creating Table Django_admin_logcreating table auth_permissioncreating table auth_group_permissionscreating table auth_groupcreating table django_content_typecreating table django_sessioncreating table settingcreating table juser_usergroupcreating table juser_user_groupcreating table juser_user_groupscreating table juser_user_user_permissionscreating table Juser_ usercreating table juser_admingroupcreating table juser_documentcreating table jasset_assetgroupcreating table jasset_ idccreating table jasset_asset_groupcreating table jasset_assetcreating table jasset_assetrecordcreating table jasset_ assetaliascreating table jperm_permlogcreating table jperm_permsudocreating table jperm_permrole_sudocreating table jperm_permrolecreating table jperm_permrule_asset_groupcreating table jperm_permrule_rolecreating table Jperm_ permrule_assetcreating table jperm_permrule_user_groupcreating table jperm_permrule_usercreating table Jperm_ permrulecreating table jperm_permpushcreating table jlog_logcreating table Jlog_alertcreating table jlog_ttylogcreating table jlog_execlogcreating table jlog_filelogcreating table jlog_termlog_usercreating Table Jlog_termloginstalling Custom SQL ... Installing indexes ... Installed 0 object (s) from 0 fixture (s)//Set Administrator user name and password Enter admin username [admin]: admin Please enter admin password: [[[Email protected]]: 123456 Please enter the administrator password again: [[[email protected]]: 123456Starting jumpserver service: [OK] successfully installed, Web Login please visit http://ip:8000 and wish you a pleasant use.            Please visit Https://github.com/jumpserver/jumpserver/wiki to view the documentation

E-Mail has been received

Web-side configuration

In the browser input192.168.24.128:8000

Enter the administrator user name and password that you have set

Create a user group
User groups, as the name implies, groups users. User group information is useful when assigning asset permissions, and for all users under one user group, you can assign multiple user groups to one user.
Click on "User group" under "User Management" menu on the left side of the page to go to the User Group list page.

Create a user and configure the mailbox that the user receives information from

Login Mailbox View
You can log in to the springboard machine background download key According to the mailbox prompt

The administrator can also download the key to send to the user

Verify

I am logged on to the user without a key on the Linux serverdoudou

Found unable to log in

When using account, password, key login

Login Successful!

Linux jumpserver Springboard/bastion Machine detailed deployment