Centos7安装jumpserver堡垒机

Centos7安装jumpserver堡垒机以下是早期版本（有用的只做使用说明），建议去官网部署curl-sSLhttps://github.com/jumpserver/jumpserver/releases/download/v2。6.1/快速启动.sh|sh1。防火墙Selinux设置echo-e"\033[31m1.防火墙Selinux设置\033[0m"\&&if["$(systemctlstatusfirewalld|greprunning)"!=""];然后firewall-cmd--zone=public--add-port=80/tcp--permanent;firewall-cmd--zone=public--add-port=2222/tcp--permanent;firewall-cmd--permanent--add-rich-rule="rulefamily="ipv4"sourceaddress="172.17.0.0/16"portprotocol="tcp"port="8080"accept";防火墙-cmd--reload；fi\&&if["$(getenforce)"!="Disabled"];然后setsebool-Phttpd_can_network_connect1;fi2。部署应用环境echo-e"\033[31m2.部署环境\033[0m"\&&yumupdate-y\&&ln-sf/usr/share/zoneinfo/Asia/Shanghai/etc/localtime\&&yum-y安装kde-l10n-Chinese\&&localedef-c-fUTF-8-izh_CNzh_CN.UTF-8\&&exportLC_ALL=zh_CN.UTF-8\&&am;echo'LANG="zh_CN.UTF-8"'>/etc/locale.conf\&&yum-yinstallwgetgccepel-releasegit\&&yuminstall-yyum-utilsdevice-mapper-persistent-datalvm2\&&yum-config-manager--add-repohttp://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo\&&yummakecachefast\&&rpm--importhttps://mirrors.aliyun.com/docker-ce/linux/centos/gpg\&&echo-e"[nginx-stable]\nname=nginxstablerepo\nbaseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/\ngpgcheck=1\nenabled=1\ngpgkey=https://nginx.org/keys/nginx_signing.key">/etc/yum.repos.d/nginx.repo\&&rpm--importhttps://nginx.org/keys/nginx_signing.key\&&yum-yinstallredismariadbmariadb-develmariadb-serverMariaDB-sharednginxdocker-ce\&&systemctlenableredismariadbnginxdocker\&&systemctlstartredismariadb\&&yum-y安装python36python36-devel\&&python3.6-mvenv/opt/py3更改docker的默认文件路径[root@jumpserver-218tmp]#vim/usr/lib/systemd/system/docker.service...#存在并且systemd当前做不支持由dockerExecStart=/usr/bin/dockerd-g"/data/docker"-Hfd://--containerd=/run/containerd/containerd.sockExecReload=/bin/运行的容器所需的cgroup功能集#kill-sHUP$MAINPIDTimeoutSec=0RestartSec=2Restart=always...[root@jumpserver-218tmp]#systemctldaemon-reload[root@jumpserver-218tmp]#servicedockerrestart3.下载组echo-e"\033[31m3.下载组\033[0m"\&&cd/data\&&if[!-d"/数据/jumpserver"];然后gitclone--depth=1https://github.com/jumpserver/jumpserver.git；菲\&&如果[!-f"/data/luna.tar.gz"];然后wgethttps://demo.jumpserver.org/download/luna/1.5.2/luna.tar.gz；tarxfluna.tar.gz;chown-Rroot:rootluna;fi\&&yum-yinstall$(cat/data/jumpserver/requirements/rpm_requirements.txt)\&&放大器;echo-e"[easy_install]\nindex_url=https://mirrors.aliyun.com/pypi/simple/">~/.pydistutils.cfg\&&source/opt/py3/bin/activate\&&pipinstall--升级pipsetuptools-ihttps://mirrors.aliyun.com/pypi/simple/\&&pipinstall-r/data/jumpserver/requirements/requirements.txt-ihttps://mirrors.aliyun.com/pypi/simple/\&&curl-sSLhttps://get.daocloud.io/daotools/set_mirror.sh|sh-shttp://f1361db2.m.daocloud.io\&&systemctlrestartdocker\&&dockerpulljumpserver/jms_koko:1.5.2\&&dockerpulljumpserver/jms_guacamole:1.5.2\&&rm-rf/etc/nginx/conf.d/default.conf\&&wget-O/etc/nginx/conf.d/jumpserver.confhttps://demo.jumpserver.org/download/nginx/conf.d/jumpserver.conf4.处理配置fileecho-e"\033[31m4.处理配置文件\033[0m"&&source~/.bashrc&&if["$DB_PASSWORD"=""];然后DB_PASSWORD=`cat/dev/urandom|tr-dcA-Za-z0-9|头-c24`；fi&&if["$SECRET_KEY"=""];然后SECRET_KEY=`cat/dev/urandom|tr-dcA-Za-z0-9|头-c50`；echo"SECRET_KEY=$SECRET_KEY">>~/.bashrc;fi&&if["$BOOTSTRAP_TOKEN"=""];然后BOOTSTRAP_TOKEN=`cat/dev/urandom|tr-dcA-Za-z0-9|头-c16`；echo"BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN">>~/.bashrc;fi&&if["$Server_IP"=""];然后Server_IP=`ip地址|grep'状态UP'-A2|grep网络|egrep-v'(127.0.0.1|inet6|docker)'|awk'{print$2}'|tr-d“地址：”|头-n1|剪切-d/-f1`；fi&&如果[!-d"/var/lib/mysql/jumpserver"];然后mysql-uroot-e“创建数据库jumpserver默认字符集'utf8';将jumpserver上的所有内容授予。*由'$DB_PASSWORD'标识的'jumpserver'@'127.0.0.1';刷新权限;”;fi&&如果[!-f"/data/jumpserver/config.yml"];然后cp/data/jumpserver/config_example.yml/data/jumpserver/config.yml;sed-i"s/SECRET_KEY:/SECRET_KEY:$SECRET_KEY/g"/data/jumpserver/config.yml;sed-i"s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN:$BOOTSTRAP_TOKEN/g"/data/jumpserver/config.yml;sed-i"s/#DEBUG:true/DEBUG:false/g"/data/jumpserver/config.yml;sed-i"s/#LOG_LEVEL:DEBUG/LOG_LEVEL:ERROR/g"/data/jumpserver/config.yml;sed-i"s/#SESSION_EXPIRE_AT_BROWSER_CLOSE:false/SESSION_EXPIRE_AT_BROWSER_CLOSE:true/g"/data/jumpserver/config.yml;sed-i"s/DB_PASSWORD:/DB_PASSWORD:$DB_PASSWORD/g"/data/jumpserver/config.yml;fi5.启动Jumpserverecho-e"\033[31m5.启动Jumpserver\033[0m"&&systemctlstartnginx&&cd/data/jumpserver&&./jmsstart-d&&dockerrun--namejms_koko-d-p2222:2222-p127.0.0.1:5000:5000-eCORE_HOST=-eBOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN--restart=alwaysjumpserver/jms_koko:1.5.2&&dockerrun--namejms_guacamole-d-p127.0.0.1:8081:8081-eJUMPSERVER_SERVER=-eBOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN--restart=alwaysjumpserver/jms_guacamole:1.5.2&&echo-e"\033[31m你的数据库密码是$DB_PASSWORD\033[0m"&&echo-e"\033[31m你的SECRET_KEY是$SECRET_KEY\033[0m"&&echo-e"\033[31m你的BOOTSTRAP_TOKEN是$BOOTSTRAP_TOKEN\033[0m"&&echo-e"\033[31m你的服务器IP是$Server_IP\033[0m"&&echo-e"\033[31m请打开浏览器访问用户名：admin密码：admin\033[0m"echo-e"\033[31m6.配置自启动\033[0m“＆＆如果[！-f"/usr/lib/systemd/system/jms.service"];然后wget-O/usr/lib/systemd/system/jms.service;chmod755/usr/lib/systemd/system/jms.service;systemctl启用jms；fi更改jms.service文件中的路径changeopttodata[root@jumpserver-218tmp]#vim/usr/lib/systemd/system/jms.service[Unit]Description=jmsAfter=network.targetmariadb.serviceredis.servicedocker.serviceWants=mariadb.serviceredis.servicedocker。service[Service]Type=forkingEnvironment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"ExecStart=/data/jumpserver/jms全部启动-dExecReload=ExecStop=/data/jumpserver/jmsstop[Install]WantedBy=multi-user.target[root@jumpserver-218tmp]#systemctldaemon-reload[root@jumpserver-218tmp]#systemctlrestartjms.service步骤一：创建用户或用户组步骤二：创建用户或用户组步骤三：创建管理用户步骤四：为windows系统用户创建系统用户步骤五：添加资产主机Step6：配置或添加权限策略Step7：配置权限策略和添加系统用户Step8：测试web端Step9：测试windows系统web端调用如图需求：同时按下键盘shiftctrlalt如图1->共享存储盘如图2->剪贴板（web端只能从里面复制到外面，如果要从外面复制文字到里面，需要粘贴到cipboard）作为共享存储审计会话视频会自动挂载到window上：