Browsed by
Tag: linux

CentOS7 安装 iTOP 2.7.1

CentOS7 安装 iTOP 2.7.1

因为CentOS7自带PHP和Maraidb版本过低,安装iTop会报错,因此需要安装额外包。

安装EPEL源和REMI源

yum install -y epel-release
yum install -y https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm
yum update -y

安装PHP7

yum -y install yum-utils
yum-config-manager --enable remi-php74
yum install -y php  php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json
yum install -y graphviz
systemctl enable php74-php-fpm.service --now
systemctl enable httpd.service --now
firewall-cmd --permanent --add-service={http,https}
firewall-cmd --reload

安装iTop

unzip iTop-2.7.1-5896.zip
mv web/* /var/www/html/
chown -Rf apache:apache html/

安装Mariadb

cat >>/etc/yum.repos.d/mariadb.repo<EOF
# MariaDB 10.5 CentOS repository list - created 2020-08-24 10:19 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = https://mirrors.tuna.tsinghua.edu.cn/mariadb/yum/10.5/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF
yum update -y
yum install mariadb-server.x86_64 mariadb
systemctl enable mariadb --now

数据库配置

mysql -uroot -p
MariaDB [(none)]> create database itop character set utf8 collate utf8_bin;
MariaDB [(none)]> grant all privileges on itop.* to itop@'localhost' identified by 'itop';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;

配置SSL

可以申请itop的SSL证书

[root@itop ~]# vim /etc/httpd/conf/httpd.conf

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
SSLCertificateFile /etc/httpd/cert/4402254_itop.subwin.cn_public.crt
SSLCertificateKeyFile /etc/httpd/cert/4402254_itop.subwin.cn.key
SSLCertificateChainFile /etc/httpd/cert/4402254_itop.subwin.cn_chain.crt

[root@itop httpd]# systemctl restart httpd

网页安装

JumpServer的两项修改

JumpServer的两项修改

JumpServer 扩容

目标

JumpSever的录像默认位置为: /opt/jumpserver/data/media/replay/
为了防止录像文件把过大,需要为该目录挂载一块新的硬盘。

执行

  1. 为主机挂载一块20G硬盘
  2. 新建LVM分区
[root@jumpserver ~]# partprobe /dev/sdb
[root@jumpserver ~]# pvcreate /dev/sdb
[root@jumpserver ~]# vgcreate vg_jumpereplay /dev/sdb
[root@jumpserver ~]# lvcreate -l 100%FREE -n lv_jump vg_jumpreplay
[root@jumpserver ~]# mkfs.xfs /dev/vg_jumpreplay/lv_jump
  1. 挂载
[root@jumpserver ~]# blkid
/dev/mapper/vg_jumpreplay-lv_jump: UUID="7360e830-ec71-4f56-bbc8-765e42ba39cc" TYPE="xfs" 
[root@jumpserver ~]# vim /etc/fstab
UUID=7360e830-ec71-4f56-bbc8-765e42ba39cc   /opt/jumpserver/data    xfs defaults    0 0
[root@jumpserver ~]# mount -a
  1. 完成

————————————————

JumpServer 修改KOKO端口号

目标

Jumpserver 在不使用web终端的情况下可以使用2222端口来直接访问堡垒机系统,然后跳转访问授权资产。现在需要修改默认的2222端口来访问堡垒机的koko。

方法

  1. 急速安装的堡垒机中2222端口是本地代理映射的Docker中的2222端口,所以我们只需要修改相关配置文件重新加载即可。
  2. 修改
[root@jumpserver ~]# cd /opt/setuptools/
[root@jumpserver setuptools]# ./jmsctl.sh status
MySQL   Check   ........................ [ OK ]
Redis   Check   ........................ [ OK ]
Ninx    Check   ........................ [ OK ]
Py3     Check   ........................ [ OK ]
Core    Check   ........................ [ OK ]
Koko    Check   ........................ [ OK ]
Guaca.  Check   ........................ [ OK ]
# 查找koko镜像对应的容器ID
[root@jumpserver setuptools]# docker ps
CONTAINER ID        IMAGE                             COMMAND             CREATED             STATUS              PORTS                                               NAMES
2ed1a83b1d98        jumpserver/jms_guacamole:v2.1.2   "./entrypoint.sh"   21 hours ago        Up 35 seconds       127.0.0.1:8081->8080/tcp                            jms_guacamole
8351b191fd1d        jumpserver/jms_koko:v2.1.2        "./entrypoint.sh"   21 hours ago        Up 35 seconds       127.0.0.1:5000->5000/tcp, 0.0.0.0:2222->2222/tcp   jms_koko
[root@jumpserver ~]# sh /opt/setuptools/jmsctl.sh stop
[root@jumpserver ~]# updatedb && locate 8351b191fd1d
[root@jumpserver ~]# vim /var/lib/docker/containers/8351b191fd1d9bbe3a0a3bd0f6de213ca5847e286d5cc164afbcc2e0f02cc8f2/hostconfig.json
# 修改["HostPort":"2222"]中的2222为目标端口
"PortBindings":{"2222/tcp":[{"HostIp":"","HostPort":"2222"}],"5000/tcp":[{"HostIp":"127.0.0.1","HostPort":"5000"}]}
[root@jumpserver ~]# sh /opt/setuptools/jmsctl.sh start
  1. 登陆测试