jumpserver搭建

任务一：安装jumpserver3.0

环境：centos6.5.el6-x86.64  Linux系统

关闭防火墙server iptables stop 

关闭selinux   setenforce 0

jumpserver : 192.168.137.144

第一步：

[root@bogon ~]# service iptables stop
iptables：将链设置为政策 ACCEPT：filter                    [确定]
iptables：清除防火墙规则：                                 [确定]
iptables：正在卸载模块：                                   [确定]
[root@bogon ~]# setenforce 0
[root@bogon ~]# hostname jumpserver
[root@bogon ~]# bash
[root@jumpserver ~]# vi /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=jumpserver

[root@jumpserver ~]# cd /etc/yum.repos.d/
[root@jumpserver yum.repos.d]# ls
CentOS-Base.repo       CentOS-Media.repo
CentOS-Debuginfo.repo  CentOS-Vault.repo
[root@jumpserver yum.repos.d]# mkdir as
[root@jumpserver yum.repos.d]# mv * as

[root@jumpserver yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--  102  2572  102  2572    0     0  22990      0 --:--:-- --:--:-- --:--:--  147k

[root@jumpserver yum.repos.d]# yum clean all && yum makecache

安装jumpserver所需要的依赖包

[root@jumpserver ~]# yum -y install epel-release

[root@jumpserver ~]# ls /etc/yum.repos.d/
as  CentOS-Base.repo  epel.repo  epel-testing.repo

[root@jumpserver ~]# yum clean all && yum makecache

[root@jumpserver ~]# yum -y install git  python-pip mysql-devel gcc gcc-c++ make automake autoconf python-devel vim sshpass lrzsz readline-devel 

第二步：下载jumpserver

git clone https://github.com/jumpserver/jumpserver.git

[root@jumpserver ~]# tar xf jumpserver-0.3.0.tar.gz

[root@jumpserver ~]# cd jumpserver-0.3.0-beta/install/

[root@jumpserver install]# ls
developer_doc.txt  install.py  requirements.txt
initial_data.yaml  next.py     zzjumpserver.sh

第三步：执行快速安装脚本

[root@jumpserver install]#pip install -r requirements.txt

第四部：查看安装的包

[root@jumpserver install]# pip freeze
You are using pip version 7.1.0, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ansible==1.9.4
argparse==1.4.0
backports-abc==0.5
backports.ssl-match-hostname==3.5.0.1
Beaker==1.3.1
cas==0.15
certifi==2017.7.27.1
cups==1.0
cupshelpers==1.0
.....

第五步：安装MySQL并授权

[root@jumpserver ~]# yum -y install mysql mysql-server

[root@jumpserver ~]# cp /usr/share/doc/mysql-server-5.1.73/my-medium.cnf  /etc/my.cnf
cp：是否覆盖"/etc/my.cnf"？ y
[root@jumpserver ~]# cp /etc/my.cnf{,`date +%F`}

[root@jumpserver ~]# vim /etc/my.cnf

[client]

default-character-set=utf8

[mysql]

default-character-set=utf8

[root@jumpserver ~]# service mysqld start

[root@jumpserver usr]# chkconfig mysqld on
[root@jumpserver usr]# chkconfig mysqld --list
mysqld          0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
[root@jumpserver usr]# netstat -antp |grep mysql
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      32783/mysqld 

[root@jumpserver ~]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.1.73-log Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database jumpserver;
Query OK, 1 row affected (0.00 sec)

mysql> grant all on jumpserver.* to root@'192.168.137.%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

第六步：

继续执行install

 [root@jumpserver ~]# cd jumpserver-0.3.0-beta/install/

 若出现以下的错误则一般Python模块中出现缩进问题 ，需要重新安装pycrypto

Traceback (most recent call last):
  File "/root/jumpserver-0.3.0-beta/install/next.py", line 19, in <module>
    from juser.user_api import db_add_user, get_object, User
  File "/root/jumpserver-0.3.0-beta/juser/user_api.py", line 3, in <module>
    from Crypto.PublicKey import RSA
  File "/usr/lib64/python2.6/site-packages/Crypto/PublicKey/RSA.py", line 75, in <module>
    from Crypto.Util.number import getRandomRange, bytes_to_long, long_to_bytes
  File "/usr/lib64/python2.6/site-packages/Crypto/Util/number.py", line 56, in <module>
    if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC:

 AttributeError: 'module' object has no attribute 'HAVE_DECL_MPZ_POWM_SEC'

[root@jumpserver install]# pip uninstall pycrypto

[root@jumpserver install]# easy_install pycrypto

[root@jumpserver install]# netstat -antpu |grep :80
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      35441/python 

第七步，定期处理失效连接，定期更新资产信息

python /root/jumpserver-0.3.0-beta/manage.py crontab add

crontab -l (查看周期性计划)

第八步：

登录访问：http://192.168.137.144/login/ 

用户 admin 密码 admin