Centos8上试用开源堡垒机Jumpserver 1.5.6(六):试用批量命令和命令过滤功能
===================================================================
开源堡垒机Jumpserver安装/配置系列:
1、Centos8上试用开源堡垒机Jumpserver 1.5.6(一):堡垒机概述
2、Centos8上试用开源堡垒机Jumpserver 1.5.6(二):安装Centos8(CentOS-8.1.1911-x86_64-dvd1.iso)
3、Centos8上试用开源堡垒机Jumpserver 1.5.6(三):在Centos8上安装Jumpserver
4、Centos8上试用开源堡垒机Jumpserver 1.5.6(四):添加被管资源与运维帐户权限分配
5、Centos8上试用开源堡垒机Jumpserver 1.5.6(五):通过堡垒机进行运维管理
6、Centos8上试用开源堡垒机Jumpserver 1.5.6(六):试用批量命令和命令过滤功能
7、Centos8上试用开源堡垒机Jumpserver 1.5.6(七):服务器重启后的恢复操作(手工启动jumpserver等程序)
8、Centos8上试用开源堡垒机Jumpserver 1.5.6(八):创建用户时使用密码链接并发邮件给用户功能
===================================================================
Jumpserver 1.5.6支持批量命令及命令过滤两功能,在后期实际使用中相对较为实用。具体功能如下。
1、批量命令功能
当你对多台服务器进行巡检或者其它检测,需要输入多个相同的命令来查看各服务器的运行状态,就可以使用jumpserver自带的批量命令功能。
管理用户可以通过左菜单栏的“作业中心”-> “批量命令”进入,如下图:
若普通用户需要支持批量命令功能,需要管理员设置,进入“系统设置”->“安全设置”,在批量命令(允许用户批量执行命令)前打钩,启用该功能,如下图所示。
重启登陆user01用户,左边菜单会多一个命令执行,如下图,第一步选择一台需要批量执行命令的主机,这里以jumpserver服务器为例,第二步选择执行命令的用户,这里为jumpserver服务器上的root用户,最后一步输入需要批量执行的命令集合,这里为:
uname -a
cat /etc/redhat-release
uptime
clock
ifconfig -a
df –h
,如下图所示:
准备好后,点击上图的“执行”按扭,开始批量执行,等待几秒后,会提示任务结束,如下图所示:
输出的内容如下:
———- 任务开始 ———-
$ uname -a
cat /etc/redhat-release
uptime
clock
ifconfig -a
df -h (2020-02-21 21:31:57) ***********************************************************************************
jumpserver服务器 | CHANGED | rc=0 >>
Linux localhost.localdomain 4.18.0-147.5.1.el8_1.x86_64 #1 SMP Wed Feb 5 02:00:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
CentOS Linux release 8.1.1911 (Core)
21:31:59 up 1:44, 3 users, load average: 0.09, 0.04, 0.01
2020-02-21 21:31:56.742166+08:00
cni-podman0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.88.0.1 netmask 255.255.0.0 broadcast 10.88.255.255
inet6 fe80::60d6:64ff:fec7:a941 prefixlen 64 scopeid 0x20<link>
ether 62:d6:64:c7:a9:41 txqueuelen 1000 (Ethernet)
RX packets 13681 bytes 7593510 (7.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12823 bytes 2490995 (2.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.216 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::557b:33cd:8dee:1a73 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:9f:2d:92 txqueuelen 1000 (Ethernet)
RX packets 121501 bytes 9618271 (9.1 MiB)
RX errors 0 dropped 22 overruns 0 frame 0
TX packets 23001 bytes 38267639 (36.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 188075 bytes 53606802 (51.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 188075 bytes 53606802 (51.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0veth11147d63: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::44d1:58ff:fe6d:ba4b prefixlen 64 scopeid 0x20<link>
ether 46:d1:58:6d:ba:4b txqueuelen 0 (Ethernet)
RX packets 9345 bytes 3513364 (3.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8062 bytes 1721601 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0vethbd7b3c02: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::f896:fdff:fe5e:d467 prefixlen 64 scopeid 0x20<link>
ether fa:96:fd:5e:d4:67 txqueuelen 0 (Ethernet)
RX packets 3470 bytes 2597294 (2.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3949 bytes 639376 (624.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:8a:d4:98 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0-nic: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 52:54:00:8a:d4:98 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Filesystem Size Used Avail Use% Mounted on
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 340K 3.9G 1% /dev/shm
tmpfs 3.9G 9.4M 3.9G 1% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/mapper/cl-root 48G 6.6G 42G 14% /
/dev/mapper/cl-home 24G 199M 24G 1% /home
/dev/sda1 976M 162M 748M 18% /boot
tmpfs 798M 1.2M 797M 1% /run/user/42
tmpfs 798M 4.0K 798M 1% /run/user/0
shm 63M 0 63M 0% /var/lib/containers/storage/overlay-containers/9107b7603bf25c48bb939907882591cee524e22bd5c399781694863152fae72f/userdata/shm
overlay 48G 6.6G 42G 14% /var/lib/containers/storage/overlay/ceddc920de420069c5f06c3cc35c6f9340aaaebded87ec19a7eaa16d6a8eb38f/merged
shm 63M 0 63M 0% /var/lib/containers/storage/overlay-containers/769148c0cec1cc8a6b227e9946f48613e3670c33b347862ae07e53d6b2e1ac99/userdata/shm
overlay 48G 6.6G 42G 14% /var/lib/containers/storage/overlay/f5ed548523b62468418ed179dad78ae2b5c29b3182473c3ed64a04bf00259219/merged———- 任务结束 ———-
Task ops.tasks.run_command_execution[578268d7-7a59-474f-8f4a-f0fac574bcbb] succeeded in 3.988194374000159s: None
2、命令过滤功能
在维护Linux主机时,有一些命令不希望运维工程师执行,如reboot、rm –rf等高危险命令,就可以通过jumpserver自带的命令过滤功能来实现。
在管理界面中,进入“资产管理”->“命令过滤”,选择创建命令过滤器,如下:
输入名称,完成创建
点击刚才创建的过滤器名称,如下图
点击“规则”,再点击“创建规则”,如下图
类型选择命令,内容中输入需要过滤的命令,这里为
reboot
rm -rf
pwd
如下图:
点提交后,
再点击详情,在系统用户中绑定需要过滤命令的用户,这里选择jumpserver服务器的root用户,如下图,点击确认完成设置。
完成以上设置后,使用user01重启登陆后,再次打开jumpserver服务器的管理窗口,如下图:
如下所示,输入pwd、rm -rf、reboot三个命令,提示命令被禁止,说明命令阻止过滤已生效。
