※1、安装Jumpserver(这里采用一键快速安装,前提:防火墙需设置好规则后打开)
curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.15.4/quick_start.sh | bash
※2、安装完毕后,启动Jumpserver
cd /opt/jumpserver-installer-v2.15.4/
./jmsctl.sh start
※3、UI端访问
http://XXX.XXX.XXX.XXX:80/
※4、防火墙配置重定向
iptables-save > ~/iptables
※5、查看Docker服务启动配置文件路径
#一键快速安装一般路径为(即上图红色箭头位置):
/etc/systemd/system/docker.service
#修改配置,禁止Docker使用IPTABLES
vim /etc/systemd/system/docker.service
#在 ExecStart=/usr/bin/dockerd 后添加以下内容:
--iptables=false
然后:wq保存退出
#拷贝防火墙配置,及重启Docker服务
\cp ~/iptables /etc/sysconfig/iptables
systemctl restart iptables
systemctl daemon-reload
systemctl restart docker
※6、UI端访问测试
#再次访问URL,检查是否可以正常使用
http://XXX.XXX.XXX.XXX:80/
※7、修改koko构建地址
安装Python3.6,安装包:
安装包上传并解压的路径: /data/soft/
mkdir -p /data/soft /data/shell/monitor /data/shell/conf
unzip Pytohn_Install.zip
mv Pytohn_Install/Python-3.6.14.tgz Pytohn_Install/python.sh /data/soft/
mv Pytohn_Install/MysqlBackup.sh /data/shell/
mv Pytohn_Install/sendmail.conf /data/shell/conf/
mv Pytohn_Install/* /data/shell/monitor
进入目录,开始安装Python
cd /data/soft/
#安装python所需的依赖 已安装可以忽略
yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel libffi-devel gcc gcc-c++
sh python.sh
#安装完毕后检查crontab是否已添加如下任务:
crontab -l
######
*/1 * * * * /usr/bin/python /data/shell/monitor/file_monitor.py
*/1 * * * * /usr/bin/python3 /data/shell/monitor/machine_login_monitor.py
*/1 * * * * /usr/bin/python3 /data/shell/monitor/is_root_login.py
修改KOKO地址
进入Jumpserver模板目录,修改docker-compose-app.yml 文件内的37行
cd /opt/jumpserver-installer-v2.15.4/compose
vim docker-compose-app.yml
在ports下添加内网IP地址
#检查容器状态
docker ps
此图仅为举例,请忽略0.0.0.0,如果runlike修改完毕后,图中的IP会随之改变
healthy即为健康状态
unhealthy即为不健康状态
※8、修改防火墙规则
vim /etc/sysconfig/iptables
#添加如下内容,根据实际修改
-A INPUT -s 172.17.0.1/16 -j ACCEPT
-A INPUT -s 192.168.168.1/24 -j ACCEPT
-A INPUT -s 192.168.250.1/24 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2222 -j DROP
-A INPUT -p tcp -m tcp --dport 80 -j DROP
#重启防火墙
systemctl restart iptables
※9、添加Jumpserver登录告警脚本
#安装mysql客户端
yum install -y mysql
#查看Mysql密码
docker exec -it `docker ps | egrep mysql| awk '{print $1}'` /bin/bash -c 'echo ${MYSQL_ROOT_PASSWORD}'
#输出:
NTY0ZDI5YWMtNzNjYS1jODM5LW
#查看Mysql构建IP
docker exec `docker ps | egrep mysql| awk '{print $1}'` cat /etc/hosts | egrep "`docker ps | egrep mysql| awk '{print $1}'`" | awk '{print $1}'
#输出:
192.168.250.3
#进入数据库,创建查询用户并授权
docker exec `docker ps | egrep mysql| awk '{print $1}'` /bin/bash
mysql -h'192.168.250.3' -u root -p'NTY0ZDI5YWMtNzNjYS1jODM5LW'
use jumpserver
GRANT Select ON jumpserver.* TO login_monitor@192.168.250.3 IDENTIFIED BY "login_monitor";
update mysql.user set host='%' where user='login_monitor';
flush privileges;
#执行完毕后, exit 退出
#修改/data/shell/conf/sendmail.conf,如下
[mysql]
band_host = 192.168.250.3
band_user = login_monitor
band_passwd = login_monitor
band_port = 3306
band_database = jumpserver
[ug]
domain = ug.TNYD1788.COM:8083
chat_id = 告警组ID
sender_id = 1000098444
#修改计划任务cronteb -e
*/1 * * * * /usr/bin/python3 /data/shell/monitor/login_monitor.py