1.防火墙环境的设置(问题设置)
#1.关闭firewalld
systemctl stop firewalld
systemctl disable firewalld
#2.关闭selinux
临时关闭:
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# vim /etc/sysconfig/selinux
SELINUX=enforcing 改为 SELINUX=disabled
重启服务reboot
#3.安装iptables管理工具并设置
yum install iptables-services -y
#4.加载iptables模块
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ipt_state
#5.查看模块,并开启服务
lsmod |egrep 'filter|nat|ipt'
systemctl start iptables.service
systemctl enable iptables.service
#6.设置规则
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dport 80,2222 -j ACCEPT
--------------下面的设置默认全部拒绝慎用----------------------
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
service iptables save #永久生效
---------------为保险可以先测试,写定时任务防止自己被关外面--------------
*/5 * * * * iptables -P INPUT ACCEPT
2.修改字符集
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
3.jumpserver安装部署
#1.安装依赖源
yum -y install wget gcc epel-release git
#2.安装 Python3.6
yum -y install python36 python36-devel
#3.配置并载入 Python3 虚拟环境
cd /opt
python3.6 -m venv py3 # py3 为虚拟环境名称, 可自定义
source /opt/py3/bin/activate # 退出虚拟环境可以使用 deactivate 命令
#4.在python3环境下拉取jenpserver代码
source /opt/py3/bin/activate
# 下载 JumpServer
cd /opt/
git clone --depth=1 https://github.com/jumpserver/jumpserver.git
#5.安装依赖 RPM 包
(py3) [root@db01 /opt/jumpserver]# cd /opt/jumpserver/requirements/
yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
#6.安装python库依赖,查看pip版,并升级
pip -V #查看版本
pip install --upgrade pip #更新版本\
#7.安装pip的依赖
pip install -r /opt/jumpserver/requirements/requirements.txt
#8.安装redis环境
(py3) [root@db01 /opt/jumpserver/requirements]# yum install redis -y
(py3) [root@db01 ~]# systemctl start redis
(py3) [root@db01 ~]# systemctl enable redi
#9,安装MariaDB(不小于5.5.6)
(py3) [root@db01 ~]# yum install mariadb mariadb-server
(py3) [root@db01 ~]# systemctl start mariadb
(py3) [root@db01 ~]# systemctl enable mariadb
#10.创建随机密码并授权
(py3) [root@db01 ~]# DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
(py3) [root@db01 ~]# echo $DB_PASSWORD
DIiVF21JPAfhITfdLwiDsiDl
(py3) [root@db01 ~]# mysql
create database jumpserver default charset 'utf8' collate 'utf8_bin';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD';
flush privileges;
#11.修改jumpserver配置文件
(py3) [root@db01 /opt/jumpserver]# cp config_example.yml config.yml
(py3) [root@db01 /opt/jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
(py3) [root@db01 /opt/jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
(py3) [root@db01 /opt/jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
(py3) [root@db01 /opt/jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
(py3) [root@db01 /opt/jumpserver]# cat ~/.bashrc
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
最后编辑于 :
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。
