1.前言

JumpServer 是全球首款开源的堡垒机,使用 GNU GPL v3.0 开源协议,是符合 4A 规范的运维安全审计系统,使用 Python 开发,遵循 Web 2.0 规范,配备了业界领先的 Web Terminal 方案,交互界面美观、用户体验好,同时采纳分布式架构,支持多机房跨区域部署以及横向扩展,无资产数量及并发限制。

JumpServer 的功能:

  • 身份认证: 提供运维人员集中身份认证功能,使得运维人员仅需一次身份认证,就可以直接访问多台目标设备;
  • 账号管理: 包括集中管理资产账号、应用账号、自定义任务定期收集主机用户,以及定期批量改密功能;
  • 授权控制: 支持对资产、应用等进行多维度授权,包括用户、用户组、资产、资产节点、应用以及系统用户等,同时也支持对动作、时间和特权指令进行独特控制;
  • 安全审计: 包括对运维操作会话的实时阻断、对资产和应用等操作的指令审计,以及会话录像的下载和离线回放。

JumpServer 的优势:

  • 开源开放: 零门槛,线上快速获取和安装;
  • 无需插件: 仅需浏览器,极致的 Web Terminal 使用体验;
  • 云端存储: 审计录像云端存储,永不丢失;
  • 多云纳管: 一套系统,同时管理不同云上面的资产;
  • 分布式部署: 轻松支持大规模并发访问;
  • 多租户管理: 一套系统,多个子公司和部门同时使用;
  • 多应用支持: 数据库,Windows远程应用,Kubernetes。

2.单机部署

2.1 机器配置

JumpServer 的最低配置建议为:

系统: CentOS 7.9
磁盘: 500G
CPU: 4C
MEM::8G

2.2 安装包获取

GitHub地址: https://github.com/jumpserver/jumpserver

官网离线安装包地址: https://community.fit2cloud.com/#/products/jumpserver/getstarted

建议使用离线安装包进行安装,因为在线安装可能拉取镜像会因为网络造成拉取镜像失败,导致安装失败;

首先到官网获取最新版本安装包。

MYSQL 有没有审计 jumpserver mysql审计_MYSQL 有没有审计

 

 

 需要先注册账号。

MYSQL 有没有审计 jumpserver mysql审计_MYSQL 有没有审计_02

 

 

 2.28.4离线安装包地址:https://cdn0-download-offline-installer.fit2cloud.com/jumpserver/jumpserver-offline-installer-v2.28.4-amd64-175.tar.gz?Expires=1673610462&OSSAccessKeyId=LTAI5tLEMt8jTT4RDrZ9mXns&Signature=XCN29UU2APkUQhm2X3Qfa15XRzI%3D

 

 

 

 在服务器上进行下载

cd /opt
wget 'https://cdn0-download-offline-installer.fit2cloud.com/jumpserver/jumpserver-offline-installer-v2.28.4-amd64-175.tar.gz?Expires=1673610462&OSSAccessKeyId=LTAI5tLEMt8jTT4RDrZ9mXns&Signature=XCN29UU2APkUQhm2X3Qfa15XRzI%3D' -O jumpserver-offline-installer-v2.28.4-amd64-175.tar.gz
tar xf jumpserver-offline-installer-v2.28.4-amd64-175.tar.gz

 

2.3 安装JumpServer服务

cd jumpserver-offline-installer-v2.28.4-amd64-175/
./jmsctl.sh install

 

██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝

Version: v2.28.4

1. Check Configuration File
Path to Configuration file: /opt/jumpserver/config
/opt/jumpserver/config/config.txt [ √ ]
/opt/jumpserver/config/nginx/cert/server.crt [ √ ]
/opt/jumpserver/config/nginx/cert/server.key [ √ ]
complete

...

...

# 配置中,选择默认存储目录为/data/jumpserver

# 选择内置MySQL数据库

# 选择内置Redis

# 选择默认http端口(80) 

>>> Install and Configure JumpServer
1. Configure Private Key
SECRETE_KEY: YTA2NTNiNDItYjhjMC1mZDYwLWVmNjUtNjdkYWM4NjEyZjVk
BOOTSTRAP_TOKEN: YTA2NTNiNDItYjhjMC1mZDYw
complete

2. Configure Persistent Directory
Do you need custom persistent store, will use the default directory /data/jumpserver? (y/n) (default n):
complete

3. Configure MySQL
Do you want to use external MySQL? (y/n) (default n):
complete

4. Configure Redis
Do you want to use external Redis? (y/n) (default n):
complete

5. Configure External Port
Do you need to customize the JumpServer external port? (y/n) (default n):

complete

 

## 初始化数据库结构

6. Init JumpServer Database
[+] Running 4/4
⠿ Network jms_net Created 0.3s
⠿ Container jms_mysql Healthy 17.1s
⠿ Container jms_redis Healthy 16.6s
⠿ Container jms_core Started 16.6s
2022-12-15 17:42:21 Collect static files
2022-12-15 17:42:22 Collect static files done
2022-12-15 17:42:22 Check database structure change ...
2022-12-15 17:42:22 Migrate model change to database ...
Operations to perform:
Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, rbac, sessions, settings, terminal, tickets, users
Running migrations:
Applying contenttypes.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0001_initial... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK

 

...

 

...

Applying users.0038_auto_20211209_1140... OK
Applying users.0039_auto_20211229_1852... OK
Applying users.0040_alter_user_source... OK
After migration, update builtin role permissions
complete

 

# 安装完毕

>>> The Installation is Complete
1. You can use the following command to start, and then visit
cd /opt/jumpserver-offline-installer-v2.28.4-amd64-175
./jmsctl.sh start

2. Other management commands
./jmsctl.sh stop
./jmsctl.sh restart
./jmsctl.sh backup
./jmsctl.sh upgrade
For more commands, you can enter ./jmsctl.sh --help to understand

3. Web access
http://10.1.11.40:80Default username: admin Default password: admin

4. SSH/SFTP access
ssh -p2222 admin@10.1.11.40
sftp -P2222 admin@10.1.11.40

5. More information
Official Website: https://www.jumpserver.org/
Documentation: https://docs.jumpserver.org/

 

 

3. 访问 JumpServer 服务

3.1 启动 JumpServer 服务

# jmsctl 命令已加入环境变量,可直接使用
jmsctl start

[+] Running 8/8
⠿ Container jms_redis Healthy         0.7s
⠿ Container jms_mysql Healthy         0.7s
⠿ Container jms_core Healthy          38.4s
⠿ Container jms_web Started           39.6s
⠿ Container jms_celery Started         39.4s
⠿ Container jms_lion Started          39.9s
⠿ Container jms_koko Started           39.6s
⠿ Container jms_magnus Started         44.4s

 

3.2 访问 JumpServer 验证

通过访问 http://部署机器ip/ 访问 JumpServer 服务;

默认初始化账号密码为:admin/admin ,第一次登陆需要修改密码。

MYSQL 有没有审计 jumpserver mysql审计_MYSQL 有没有审计_03

 

 重置密码。

MYSQL 有没有审计 jumpserver mysql审计_MYSQL 有没有审计_04

 

 改完密码后再次登陆。

MYSQL 有没有审计 jumpserver mysql审计_MYSQL 有没有审计_05

 

 至此:JumpServer 服务部署完毕!