Archive for the ‘02. 随便写’ Category.

Zabbix 4.4试用(四):通过SNMP监控Windows 2008R2

ZABBIX支持通过zabbix agent或SNMP来添加和监控WINDOWS服务器,本次将以WINDOWS 2008R2为例 ,通过SNMP来实现WINDOWS服务器的监控,操作如下:

首先在WINDOWS服务器上启用SNMP,打开服务器管理器,在【功能】选项栏上,选择【添加功能】,如下图

zabbix4.4config_12

选择SNMP服务,如下图

zabbix4.4config_13

完成后,进入【服务】界面,在SNMP Service右键,选择【属性】,如下图

zabbix4.4config_14

在安全选项中,设置相关参数,在社区名称中设置lsywsnmp123,在接受主机一栏中选择ZABBIX SERVER的IP 192.168.10.217,如下图所示,完成后点击确定。

zabbix4.4config_15

接着进入ZABBIX配置界面开始添加这台服务器,方法和添加华交换机一样,选择添加主机按扭,如下图,输入主机名称、可见的名称、群组和SNMP接口信息等

zabbix4.4config_16

在链接的模板中选择Template OS Windows SNMPv2,如下图

zabbix4.4config_17

在宏选项栏中,宏中输入{$SNMP_COMMUNITY},值中输入lsywsnmp123,如下图

zabbix4.4config_18

完成后,清单中就能看到添加的备份服务器,且SNMP监控为绿色,监控正常。

zabbix4.4config_19

Zabbix 4.4试用(三):通过SNMP监控华为交换机S5700

zabbix支持通过SNMP或ZABBIX AGENT采集设备信息,交换机自带SNMP,且不能安装ZABBIX AGENT组件,故交换机一般通过SNMP来管理,首先配置交换机,启用SNMP,操作如下:

[Lan-center-s5700]snmp-agent
[Lan-center-s5700]snmp-agent community read cipher lsywsnmp123
[Lan-center-s5700]snmp-agent sys-info version all

zabbix4.4config_06

启用SNMP后,在zabbix中添加此交换机,开始监控,操作如下:

进入【配置】-【主机】配置界面,点击右上角的【创建主机】按扭,如下图所示

zabbix4.4config_07

主机名称中输入全英文的名称,可见的名称中输入页面最终显示的中文名称,如下图所示,群组中选择网络群组,并移除agent代理程序的接口,SNMP接口点【添加】,并输入交换机的管理地址192.168.10.253,端口使用161默认不变。

zabbix4.4config_08

再切换至模板选项栏,在Link new templates中选择【Template Net Huawei VRP SNMPv3】,如下图所示

zabbix4.4config_09

切换至宏选项栏,在宏一栏中输入{$SNMP_COMMUNITY},在值一栏中输入刚才交换机设置的SNMP密码lsywsnmp123,如下图所示,完成后,点击【更新】按扭完成添加。

zabbix4.4config_10

过一估时间,列表中就有华为S5700核心交换机清单,监控项、触发器、图形等都有内容,如下图。

zabbix4.4config_11

至此,交换机添加完成。

Zabbix 4.4试用(二):将图形界面中的乱码修复为中文显示

默认zabbix在图形显示中中文显示为乱码,需要修复才能正常显示,如下图红框所示:

zabbix4.4config_01

操作如下:

首先将WINDOWS FONTS文件夹中的黑体字复制至本机硬盘

zabbix4.4config_02

然后在服务器上操作zabbix-web-nginx-mysql容器,通过docker ps查看zabbix-web-nginx-mysql容器的ID,如下图,这里为48a2c96acc9c

zabbix4.4config_03

通过docker exec进入进入zabbix-web-nginx-mysql容器进行操作,首先查询需要修改的DejaVuSans.ttf和defines.inc.php两个文件的位置,操作如下:

[root@localhost zabbix]# docker exec -it 48a2c96acc9c bash
bash-5.0# find / -name DejaVuSans.ttf
/usr/share/zabbix/assets/fonts/DejaVuSans.ttf
bash-5.0#
bash-5.0# find / -name defines.inc.php
/usr/share/zabbix/include/defines.inc.php
bash-5.0#

然后将刚才本地电脑上的黑体字体文件simhei.ttf复制到/usr/share/zabbix/assets/fonts/目录下,然后通过vi修改defines.inc.php文件,将红框位置中原DejaVuSans修改为simhei,如下图,完成后保存退出。

zabbix4.4config_04

再次刷新图形,已能显示中文,如下图所示。至此修改完成。

zabbix4.4config_05

Zabbix 4.4试用(一):在Centos7上通过Docker方式安装Zabbix 4.4

之前采用一步步安装方式完成了zabbix4.0.2的安装,最近有4.4新版本,且想通过Docker方式安装,操作步骤简洁好多,准备一试。

首先在VMware vSphere平台上完成Centos7.5.1804虚拟机的安装,配置IP地址。然后完成如下步骤的安装:

1、关闭并禁用防火墙

[root@localhost etc]# firewall-cmd –state
running
[root@localhost etc]#
[root@localhost etc]# systemctl stop firewalld.service
[root@localhost etc]#
[root@localhost etc]#
[root@localhost etc]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost etc]#
[root@localhost etc]#
[root@localhost etc]# firewall-cmd –state
not running
[root@localhost etc]#

zabbixdocker4.4_01

2、关闭SELINUX

将配置文件/etc/selinux/config的SELINUX设置为disabled,操作如下:

[root@localhost etc]# sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g’ /etc/selinux/config
[root@localhost etc]#
[root@localhost etc]#
[root@localhost etc]# grep "SELINUX=disabled" /etc/selinux/config
SELINUX=disabled
[root@localhost etc]#

zabbixdocker4.4_02

配置完成后reboot重启,再使用getenforce命令查看是否关闭SELINUX:

[root@localhost ~]# getenforce
Disabled
[root@localhost ~]#

zabbixdocker4.4_03

3、安装docker

开始安装docker,首先安装docker-ce所需的依赖包:

[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
  * base: mirrors.163.com
  * extras: mirrors.aliyun.com
  * updates: mirrors.163.com
base

zabbixdocker4.4_04

设置docker-ce在线存储库,这里设置为阿里云在线存储库,操作如下:

[root@localhost ~]# yum-config-manager –add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror, langpacks
adding repo from: http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@localhost ~]#
[root@localhost ~]#

zabbixdocker4.4_05

开始安装docker,

[root@localhost ~]# yum clean all
Loaded plugins: fastestmirror, langpacks
Cleaning repos: base docker-ce-stable extras updates
Cleaning up everything
Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos
Cleaning up list of fastest mirrors
[root@localhost ~]#
[root@localhost ~]# yum makecache fast
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
  * base: mirrors.cn99.com
  * extras: mirrors.cn99.com
  * updates: mirrors.cn99.com
base
docker-ce-stable
extras
updates
(1/6): docker-ce-stable/x86_64/updateinfo
(2/6): docker-ce-stable/x86_64/primary_db
(3/6): base/7/x86_64/group_gz
(4/6): extras/7/x86_64/primary_db
(5/6): base/7/x86_64/primary_db
(6/6): updates/7/x86_64/primary_db
Metadata Cache Created
[root@localhost ~]#
[root@localhost ~]#yum install -y docker-ce
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
  * base: mirrors.cn99.com
  * extras: mirrors.cn99.com
  * updates: mirrors.cn99.com
Resolving Dependencies
–> Running transaction check
—> Package docker-ce.x86_64 3:19.03.8-3.el7 will be installed

zabbixdocker4.4_06

启动并开机自启动docker,操作如下:

[root@localhost ~]# systemctl start docker
[root@localhost ~]#
[root@localhost ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@localhost ~]#
[root@localhost ~]#

zabbixdocker4.4_07

docker版本号及信息查看:

[root@localhost ~]# docker version
Client: Docker Engine – Community
  Version:           19.03.8
  API version:       1.40
  Go version:        go1.12.17
  Git commit:        afacb8b
  Built:             Wed Mar 11 01:27:04 2020
  OS/Arch:           linux/amd64
  Experimental:      false

Server: Docker Engine – Community
  Engine:
   Version:          19.03.8
   API version:      1.40 (minimum version 1.12)
   Go version:       go1.12.17
   Git commit:       afacb8b
   Built:            Wed Mar 11 01:25:42 2020
   OS/Arch:          linux/amd64
   Experimental:     false
  containerd:
   Version:          1.2.13
   GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
  runc:
   Version:          1.0.0-rc10
   GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
  docker-init:
   Version:          0.18.0
   GitCommit:        fec3683
[root@localhost ~]# docker info
Client:
  Debug Mode: false

Server:
  Containers: 0
   Running: 0
   Paused: 0
   Stopped: 0
  Images: 0
  Server Version: 19.03.8
  Storage Driver: overlay2
   Backing Filesystem: <unknown>
   Supports d_type: true
   Native Overlay Diff: true
  Logging Driver: json-file
  Cgroup Driver: cgroupfs
  Plugins:
   Volume: local
   Network: bridge host ipvlan macvlan null overlay
   Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
  Swarm: inactive
  Runtimes: runc
  Default Runtime: runc
  Init Binary: docker-init
  containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
  runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
  init version: fec3683
  Security Options:
   seccomp
    Profile: default
  Kernel Version: 3.10.0-862.el7.x86_64
  Operating System: CentOS Linux 7 (Core)
  OSType: linux
  Architecture: x86_64
  CPUs: 4
  Total Memory: 7.639GiB
  Name: localhost.localdomain
ID: RFQ5:YIQ2:LDAJ:WVSG:OIWX:KJDP:OFS4:YZOX:OT6V:AIXQ:Y5XT:EC7B
  Docker Root Dir: /var/lib/docker
  Debug Mode: false
  Registry: https://index.docker.io/v1/
  Labels:
  Experimental: false
  Insecure Registries:
   127.0.0.0/8
  Live Restore Enabled: false

4、安装zabbix

启动一个mysql实例,操作如下:

[root@localhost ~]# docker run –name mysql-server -t -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="zabbix" -e MYSQL_PASSWORD="zabbix" -e MYSQL_ROOT_PASSWORD="zabbix" -d mysql:5.7  –character-set-server=utf8 –collation-server=utf8_bin
Unable to find image ‘mysql:5.7’ locally
5.7: Pulling from library/mysql
c499e6d256d6: Downloading [=>                                                 ]  833.9kB/27.09MB
22c4cdf4ea75: Download complete
6ff5091a5a30: Downloading [===================>                               ]  1.661MB/4.178MB
2fd3d1af9403: Download complete
0d9d26127d1d: Download complete
54a67d4e7579: Downloading [=========>                                         ]  2.603MB/13.44MB
fe989230d866: Waiting
466a91a95e2f: Waiting
3e4554c238f1: Waiting
603b48ead88c: Waiting

zabbixdocker4.4_08

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                 NAMES
e7f3382c954d        mysql:5.7           "docker-entrypoint.s鈥   About a minute ago   Up About a minute   3306/tcp, 33060/tcp   mysql-server
[root@localhost ~]#

完成后启动ZABBIX JAVA GATEWAY实例,操作如下:

[root@localhost ~]# docker run –name zabbix-java-gateway -t –restart unless-stopped -d zabbix/zabbix-java-gateway:latest
Unable to find image ‘zabbix/zabbix-java-gateway:latest’ locally
latest: Pulling from zabbix/zabbix-java-gateway
aad63a933944: Pull complete
d3ba7323f78e: Pull complete
116fee55b2cb: Pull complete
008031baaa1a: Pull complete
759297fddc58: Pull complete
bdc3c870522b: Pull complete
Digest: sha256:d71da91fc4bb197070724cb2937ebb6548dee73de9df9e7747db895f488c2174
Status: Downloaded newer image for zabbix/zabbix-java-gateway:latest
b6dd2a948eb1076da5ddeacf322f06099aad653987ee344cbc79c0869eee780d
[root@localhost ~]#

zabbixdocker4.4_09

完成后开始启动zabbix server实例,并关联这个实例到刚才已创建的MYSQL服务器实例,操作如下:

[root@localhost ~]# docker run –name zabbix-server-mysql -t -e DB_SERVER_HOST="mysql-server" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="zabbix" -e MYSQL_PASSWORD="zabbix" -e MYSQL_ROOT_PASSWORD="zabbix" –link mysql-server:mysql -p 10051:10051 -d zabbix/zabbix-server-mysql:latest
Unable to find image ‘zabbix/zabbix-server-mysql:latest’ locally
latest: Pulling from zabbix/zabbix-server-mysql
aad63a933944: Already exists
dc473403998d: Pull complete
3f3f207b0d86: Pull complete
4278aa9ace68: Pull complete
Digest: sha256:8bc24ef87310170a581f5b5881e36e6464062d17f2f2b30e6520281d07e8366f
Status: Downloaded newer image for zabbix/zabbix-server-mysql:latest
c9c0e158a93f541c5a50ae92cd1c5ff82cda5043813fa74d1938e0fe9b5d76de
[root@localhost ~]#

zabbixdocker4.4_10

最后启动ZABBIX WEB接口,并将它与MYSQL服务器实例和ZABBIX SERVER实例关联,操作如下:

[root@localhost ~]# docker run –name zabbix-web-nginx-mysql -t -e DB_SERVER_HOST="mysql-server" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="zabbix" -e MYSQL_PASSWORD="zabbix" -e MYSQL_ROOT_PASSWORD="zabbix" –link mysql-server:mysql –link zabbix-server-mysql:zabbix-server -p 8080:80 -d zabbix/zabbix-web-nginx-mysql:latest
Unable to find image ‘zabbix/zabbix-web-nginx-mysql:latest’ locally
latest: Pulling from zabbix/zabbix-web-nginx-mysql
aad63a933944: Already exists
f4eabf890618: Pull complete
39f7583adc90: Pull complete
7776e04aff55: Pull complete
fb275d4b4f50: Pull complete
2614dbe8b3f3: Pull complete
8d65f383f456: Pull complete
1b9047914505: Pull complete
be585e988008: Pull complete
ad312041223c: Pull complete
94362bde1339: Pull complete
Digest: sha256:0685485848ce4f759b207f888c4870f936072e4bcf8e5934c3cad62fa5ea4410
Status: Downloaded newer image for zabbix/zabbix-web-nginx-mysql:latest
48a2c96acc9c22ca77dc487a410863487234ad17afe26dafd8c4843b0cf5c46e
[root@localhost ~]#

zabbixdocker4.4_11

查看状态:

[root@localhost ~]# docker ps -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED              STATUS              PORTS                           NAMES
48a2c96acc9c        zabbix/zabbix-web-nginx-mysql:latest   "docker-entrypoint.sh"   About a minute ago   Up About a minute   443/tcp, 0.0.0.0:8080->80/tcp   zabbix-web-nginx-mysql
c9c0e158a93f        zabbix/zabbix-server-mysql:latest      "/sbin/tini — /usr/鈥   6 minutes ago        Up 6 minutes        0.0.0.0:10051->10051/tcp        zabbix-server-mysql
b6dd2a948eb1        zabbix/zabbix-java-gateway:latest      "docker-entrypoint.s鈥   10 minutes ago       Up 10 minutes       10052/tcp                       zabbix-java-gateway
e7f3382c954d        mysql:5.7                              "docker-entrypoint.s鈥   15 minutes ago       Up 15 minutes       3306/tcp, 33060/tcp             mysql-server
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# docker images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
zabbix/zabbix-java-gateway      latest              660ab57f1078        6 days ago          82MB
zabbix/zabbix-web-nginx-mysql   latest              2cc114aa7b9c        6 days ago          167MB
zabbix/zabbix-server-mysql      latest              2bb0dd73957d        6 days ago          64.7MB
mysql                           5.7                 413be204e9c3        2 weeks ago         456MB
[root@localhost ~]#

zabbixdocker4.4_13

至此,DOCKER方式安装ZABBIX已经安装,输入网址http://IP:8080,即可打开ZABBIX,用户名Admin,密码zabbix,如下:

zabbixdocker4.4_12

zabbixdocker4.4_14

VMware vSphere 7.0正式版发布

下载地址。(提取码:5g6t)

1、VMware-VMvisor-Installer-7.0.0-15843807.x86_64.iso
2、VMware-ESXi-7.0.0-15843807-depot.zip
3、VMware-VCSA-all-7.0.0-15952498.iso

VMware虚拟机配置任何IP都出现“Windows检测到IP地址冲突”故障的解决

一台VMware虚拟化平台上的虚拟机,配置任意IP都显示“IP地址冲突”,且只有该虚拟机89网段出现此问题,其它网段都正常,主要排查步骤如下:

 nwerr_01

如上图,无论配置89段哪个IP地址,都会出现“Windows检测到IP地址冲突”,且故障只有89网段存在,其它网段正常,如下图

nwerr_02

以为是有ARP病毒,结果排查后不是这个原因,只能查源头,看哪个MAC地址一直与本机IP冲突,开始检查Windows日志,发现日志提示无论更改为哪个IP,都与00-0C-29-04-CF-33这个MAC冲突,如下图所示:

nwerr_03

在核心交换机中查询此MAC,使用dis arp | in 192.168.89.,没有查询到00-0C-29-04-CF-33此MAC地址,如下图所示

nwerr_05

最后发现00-0C-29-04-CF-33这个MAC和上图中的MAC前几位都相同,89段基本都用在VMware虚拟化平台上,故能判断00-0C-29-04-CF-33这个MAC的虚拟机应该也是在此VMware虚拟化平台中运行,通过在ESXi中一台台查看,找到了一台“中标麒麟”的虚拟机为此MAC,如下图:

nwerr_06

进入虚拟机查看,发现lo回环网卡的IP地址为192.168.89.201,不是默认的127.0.0.0/255.0.0.0,如下图

nwerr_07

且ping任意89段中IP都能PING通,怀疑为此原因造成了89段IP在其它虚拟机配置不上去的原因

nwerr_08

故将此虚拟机关机,再在刚才的虚拟机中配置89段的任意IP,发现IP冲突故障消失,可以配置IP,且能PING通网关,如下图。

nwerr_09

综上,本次是由于同网段中一台虚拟机在lo回环网口上配置了相同的89段,而不是127.0.0.1而导致的,将虚拟机关机后,故障现象排除。

斐讯N1降级、刷机(刷webpad大神的官改系统v2.2)

家里的小米盒子还是第一代,最近越来越卡,以及广告空间占满问题,早想换一台,前几天看到斐讯N1,一台4k播放器,但通过刷机可以变成电视盒子,故在PDD上下了一单,加了一个T1遥控器,135元

fxn1_01

N1采用晶晨Amlogic S905D芯片

n1new3

芯片规格如下:

fxn1_14

fxn1_05

由于是原版,开机后显示如下画面:

fxn1_02

不刷机确实没啥用,在网上研究了一下,准备刷webpad的官改v2.2系统,用作电视盒子,具体步骤如下:

1、准备工作

(1)刷机所需软件(降级软件、webpad官网系统v2.2等)提取码:h4il – 点击下载至本地
(2)鼠标
(3)USB双公头线缆
(4)HDMI线
(5)将笔记本本地防火墙暂时关闭

2、USB双公头线缆制作

需要双公头USB线缆将N1和电脑相连,一时没有,看到网上有人四根线一接也能用,就试着做了一根,找了两根不用的USB线,将一端非USB公头的剪掉,四根线按颜色相同的接起来,如下图

fxn1_03

裹上黑胶布,测试后发现能用。

fxn1_04

3、降级

由于目前系统为V2.22.XX,需要降级后再刷,首先完成以下连线:使用USB双公头线将N1和笔记本相连(N1使用靠近HDMI的USB口),使用HDMI线将N1和显示器连接(为方便操作先与显示器相连,等刷好后再接电视机),将笔记本和N1都连接至无线路由器,鼠标连接N1盒子,如下图所示。

未标题-10

完成连线后,首先启动N1盒子,显示器中会显示如下画面,用鼠标在下图红框的“固件版本:V2.22……”上面鼠标连续点四下,在下方看到显示“打开adb”即可。

n1new

接着将下载的刷机软件包中的adb文件夹解压,将adb.exe、AdbWinApi.dll、AdbWinUsbApi.dll、fastboot.exe四个文件复制到c:\windows\system32目录中,再以管理员身份运行cmd程序并进入adb目录位置:

fxn1_07

然后执行(192.168.2.143为盒子获取到的IP地址):

d:\N1\adb>adb connect 192.168.2.143
connected to 192.168.2.143:5555

d:\N1\adb>adb shell reboot fastboot
^C                                //执行Ctrl + C
d:\N1\adb>

fxn1_15

执行完以上操作后,会进入如下界面

n1new2

正常会发现新设备,并在设备管理器中有一个“Android ADB Interface”设备,如下图

fxn1_08

开始三个分区的烧录,adb目录下有boot.img、bootloader.img、recovery.img,继续在adb目录下执行:

d:\N1\adb>
d:\N1\adb>fastboot flash bootloader bootloader.img
target reported max download size of 1524629504 bytes
sending ‘bootloader’ (656 KB)…
OKAY [  0.039s]
writing ‘bootloader’…
OKAY [  0.083s]
finished. total time: 0.125s

d:\N1\adb>fastboot flash boot boot.img
target reported max download size of 1524629504 bytes
sending ‘boot’ (13858 KB)…
OKAY [  0.626s]
writing ‘boot’…
OKAY [  0.657s]
finished. total time: 1.288s

d:\N1\adb>fastboot flash recovery recovery.img
sending ‘recovery’ (17866 KB)…
^C
d:\N1\adb>

如上所述,在执行fastboot flash recovery recovery.img时停在sending一直没有反应,最后ctrl+c强制中断,再执行了一次,这次烧录成功,如下所示:

d:\N1\adb>fastboot flash recovery recovery.img
target reported max download size of 1524629504 bytes
sending ‘recovery’ (17866 KB)…
OKAY [  0.803s]
writing ‘recovery’…
OKAY [  0.863s]
finished. total time: 1.673s

d:\N1\adb>

完成后重启设备,如下:

d:\N1\adb>fastboot reboot
rebooting…

finished. total time: 0.003s

d:\N1\adb>

fxn1_16

重启后还是那个蓝色界面,屏幕上的版本号不会有变化,但已经降级成功。

4、刷系统(webpad版官改v2.2)

完成降级后,开始准备刷入webpad官改系统v2.2,确保USB双头线和HDMI线继续与N1盒子连接,先安装下载软件包中的USB_Burning_Tool_v2.1.6软件,打开USB Burning软件,选择“文件”->“导入烧录包”,如下图,选择刷机软件包中的N1_mod_by_webpad_v2.2_20180920.img文件

fxn1_10

导入后会检验固件文件,如下图,然后点击“开始”按扭

fxn1_11

检验成功后,会在最下面多一行镜像文件路径,如下图,再将烧录设置中的“擦除flash”和“擦除bootloader”的钩去掉,最后点击“开始”按扭,如下图

fxn1_13

点击完开始按扭后,打开cmd窗口在adb目录进行如下操作:

d:\N1\adb>adb connect 192.168.2.143
connected to 192.168.2.143:5555

d:\N1\adb>adb shell reboot update

执行完以上命令后,USB Burning tool就会自动开始烧录,状态栏进度条开始加载进度,如下图所示

fxn1_18

100%全部完成后,点击“停止”按扭,完成烧录,如下图所示

fxn1_19

完成后,拔掉N1盒子电源重新开机,就能开始进入新系统,启动画面如下

n1new4

然后开始遥控器配对,并安装相应需要的电视盒子软件,如下图

n1new5

n1new6

n1new7

完成整个刷机后,将N1盒子换到电视机上,播放效果不错,至少没有小米盒子天天跳出来空间不足的警告。

n1new8

n1new9

参考文章:

1、斐讯N1和T1降级关键分区恢复线刷功能, fastboot 烧录

2、斐讯N1盒子降级、刷机教程

3、N1盒子系列 篇一:N1简明降级&刷机教程

Centos8上试用开源堡垒机Jumpserver 1.5.6(八):创建用户时使用密码链接并发邮件给用户功能

===================================================================

开源堡垒机Jumpserver安装/配置系列:

1、Centos8上试用开源堡垒机Jumpserver 1.5.6(一):堡垒机概述
2、Centos8上试用开源堡垒机Jumpserver 1.5.6(二):安装Centos8(CentOS-8.1.1911-x86_64-dvd1.iso)
3、Centos8上试用开源堡垒机Jumpserver 1.5.6(三):在Centos8上安装Jumpserver
4、Centos8上试用开源堡垒机Jumpserver 1.5.6(四):添加被管资源与运维帐户权限分配
5、Centos8上试用开源堡垒机Jumpserver 1.5.6(五):通过堡垒机进行运维管理
6、Centos8上试用开源堡垒机Jumpserver 1.5.6(六):试用批量命令和命令过滤功能
7、Centos8上试用开源堡垒机Jumpserver 1.5.6(七):服务器重启后的恢复操作(手工启动jumpserver等程序)
8、Centos8上试用开源堡垒机Jumpserver 1.5.6(八):创建用户时使用密码链接并发邮件给用户功能

===================================================================

Jumpserver在创建用户时密码策略支持“生成重置密码链接,通过邮件发送给用户”功能,如下图所示,用户收到邮件后,直接修改成自己的密码即可

jumpserver0221_51

需要启用此功能,需要进行相关设置,具体操作如下:

进入“系统设置”->“基本设置”,在当前站点URL中输入访问地址http://192.168.10.216,Email主题前缀设置为“你好,”,如下图所示

jumpserver0221_52

设置“邮件设置”,如下图,需要配置SMTP主机、端口、账号等

jumpserver0221_53

本案例使用126邮箱,登陆126邮箱,进入设置->POP3/SMTP/IMAP,开启SMTP服务,SMTP地址为smtp.126.com,如下图所示

jumpserver0221_54

服务器地址:
POP3服务器: pop.126.com
SMTP服务器: smtp.126.com
IMAP服务器: imap.126.com

jumpserver0221_56

126邮箱对第三方邮件客户端提供POP3\SMTP\IMAP有授权码要求,开启授权码,如下图

jumpserver0221_55

126邮箱设置好后,开始进行邮件设置

SMTP主机:smtp.126.com
SMTP端口:465
SMTP账号:funpower@126.com
SMTP密码:********
发送账号:funpower@126.com
测试收件人:funpower@qq.com
使用SSL:启用SSL,端口465

如下图,输入内容后点击“测试链接”,显示已发送邮件后,点击“提交”保存。

jumpserver0221_57

点击测试连接,右上角出现已发送消息,如下图

jumpserver0221_58

邮件中收到了TEST测试邮件,说明邮件设置正确。

jumpserver0221_59

接着完成“邮件内容设置”,如下图

jumpserver0221_60

最后,重启服务器,确保设置生效。

进入创建用户界面,输入用户相关信息,在密码策略中选择“生成重置密码链接,通过邮件发送给用户”,点“提交”按扭,如下图所示

jumpserver0221_61

点提交后,正常会收到一封用户创建成功的信,点击信中的密码链接进行密码重置,如下图

jumpserver0221_62

重置,设置新密码

jumpserver0221_63

使用新设置的密码进入管理系统

jumpserver0221_64

至此,创建用户完成。

Centos8上试用开源堡垒机Jumpserver 1.5.6(七):服务器重启后的恢复操作(手工启动jumpserver等程序)

===================================================================

开源堡垒机Jumpserver安装/配置系列:

1、Centos8上试用开源堡垒机Jumpserver 1.5.6(一):堡垒机概述
2、Centos8上试用开源堡垒机Jumpserver 1.5.6(二):安装Centos8(CentOS-8.1.1911-x86_64-dvd1.iso)
3、Centos8上试用开源堡垒机Jumpserver 1.5.6(三):在Centos8上安装Jumpserver
4、Centos8上试用开源堡垒机Jumpserver 1.5.6(四):添加被管资源与运维帐户权限分配
5、Centos8上试用开源堡垒机Jumpserver 1.5.6(五):通过堡垒机进行运维管理
6、Centos8上试用开源堡垒机Jumpserver 1.5.6(六):试用批量命令和命令过滤功能
7、Centos8上试用开源堡垒机Jumpserver 1.5.6(七):服务器重启后的恢复操作(手工启动jumpserver等程序)
8、Centos8上试用开源堡垒机Jumpserver 1.5.6(八):创建用户时使用密码链接并发邮件给用户功能

===================================================================

服务器出现硬件故障或维护等原因需要关闭或重启jumpserver服务器,而重启后,由于一些程序不是开机自动启动,需要手工,具体重启后恢复操作如下:

1、检查防火墙及SELinux状态

正常在安装时这两个功能为关闭状态,检查是否为关闭状态:

[root@localhost ~]# getenforce
Disabled
[root@localhost ~]#
[root@localhost ~]# firewall-cmd –state
not running
[root@localhost ~]#
[root@localhost ~]#

jumpserver0221_38

如上所示,检查都为关闭状态。

2、检查redis、mariadb、nginx启动状态

由于redis、mariadb、nginx这三个程序在安装时是启用开机自启动模式,故正常应该都为运行状态,检查如下:

[root@localhost ~]# systemctl status redis
鈼[0m redis.service – Redis persistent key-value database
   Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/redis.service.d
           鈹斺攢limit.conf
    Active: active (running) since Sat 2020-02-22 06:58:41 CST; 18min ago
  Main PID: 1300 (redis-server)
    Tasks: 4 (limit: 26213)
   Memory: 10.4M
   CGroup: /system.slice/redis.service
            鈹斺攢1300 /usr/bin/redis-server 127.0.0.1:6379

Feb 22 06:58:41 localhost.localdomain systemd[1]: Starting Redis persistent key-value database…
Feb 22 06:58:41 localhost.localdomain systemd[1]: Started Redis persistent key-value database.
[root@localhost ~]#
[root@localhost ~]# systemctl status mariadb
鈼[0m mariadb.service – MariaDB 10.3 database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-02-22 06:58:44 CST; 18min ago
     Docs: man:mysqld(8)
           https://mariadb.com/kb/en/library/systemd/
  Process: 1714 ExecStartPost=/usr/libexec/mysql-check-upgrade (code=exited, status=0/SUCCESS)
  Process: 1344 ExecStartPre=/usr/libexec/mysql-prepare-db-dir mariadb.service (code=exited, status=0/SUCCESS)
  Process: 1299 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)
  Main PID: 1414 (mysqld)
   Status: "Taking your SQL requests now…"
    Tasks: 30 (limit: 26213)
   Memory: 122.4M
   CGroup: /system.slice/mariadb.service
           鈹斺攢1414 /usr/libexec/mysqld –basedir=/usr

Feb 22 06:58:41 localhost.localdomain systemd[1]: Starting MariaDB 10.3 database server…
Feb 22 06:58:42 localhost.localdomain mysql-prepare-db-dir[1344]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Feb 22 06:58:42 localhost.localdomain mysql-prepare-db-dir[1344]: If this is not the case, make sure the /var/lib/mysql is empty before running mysql-prepare-db-dir.
Feb 22 06:58:43 localhost.localdomain mysqld[1414]: 2020-02-22  6:58:43 0 [Note] /usr/libexec/mysqld (mysqld 10.3.17-MariaDB) starting as process 1414 …
Feb 22 06:58:43 localhost.localdomain mysqld[1414]: 2020-02-22  6:58:43 0 [Warning] Could not increase number of max_open_files to more than 1024 (request: 4186)
Feb 22 06:58:43 localhost.localdomain mysqld[1414]: 2020-02-22  6:58:43 0 [Warning] Changed limits: max_open_files: 1024  max_connections: 151 (was 151)  table_cache: 421 (was 2000)
Feb 22 06:58:44 localhost.localdomain systemd[1]: Started MariaDB 10.3 database server.
[root@localhost ~]#
[root@localhost ~]# systemctl status nginx
鈼[0m nginx.service – nginx – high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-02-22 06:58:43 CST; 19min ago
     Docs: http://nginx.org/en/docs/
  Process: 1565 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
  Main PID: 1641 (nginx)
    Tasks: 2 (limit: 26213)
   Memory: 3.7M
   CGroup: /system.slice/nginx.service
           鈹溾攢1641 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
           鈹斺攢1642 nginx: worker process

Feb 22 06:58:43 localhost.localdomain systemd[1]: Starting nginx – high performance web server…
Feb 22 06:58:43 localhost.localdomain systemd[1]: Started nginx – high performance web server.
[root@localhost ~]#
[root@localhost ~]#

jumpserver0221_39

如上所示,redis、mariadb、nginx都为运行中,状态正常。

3、检查jumpserver程序

jms没有设置为自启动,需要手工启动,首先进入python环境:

[root@localhost ~]# source /opt/py3/bin/activate
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#

然后进入jumpserver程序目录/opt/jumpserver,使用./jms status –d检查程序是否启动,操作如下:

(py3) [root@localhost ~]# cd /opt/jumpserver
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]# ls
Dockerfile  LICENSE  README.md  README_EN.md  Vagrantfile  apps  build.sh  config.yml  config_example.yml  data  docs  entrypoint.sh  jms  logs  requirements  run_server.py  tmp  utils
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]# ./jms status -d
gunicorn is stopped
celery_ansible is stopped
celery_default is stopped
beat is stopped
flower is stopped
daphne is stopped
(py3) [root@localhost jumpserver]#

jumpserver0221_40

如上,显示都为stopped,未启动,故页面也无法打开,如下:

jumpserver0221_42

使用./jms start –d启动jumpserver程序,如下:

(py3) [root@localhost jumpserver]# ./jms start -d
2020-02-22 07:29:47 Sat Feb 22 07:29:47 2020
2020-02-22 07:29:47 Jumpserver version 1.5.6, more see https://www.jumpserver.org

– Start Gunicorn WSGI HTTP Server
2020-02-22 07:29:47 Check database connection …
users
  [X] 0001_initial
  [X] 0002_auto_20171225_1157_squashed_0019_auto_20190304_1459 (18 squashed migrations)
  [X] 0020_auto_20190612_1825
  [X] 0021_auto_20190625_1104
  [X] 0022_auto_20190625_1105
  [X] 0023_auto_20190724_1525
  [X] 0024_auto_20191118_1612
2020-02-22 07:30:04 Database connect success
2020-02-22 07:30:04 Check database structure change …
2020-02-22 07:30:04 Migrate model change to database …
Operations to perform:
  Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_celery_beat, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
  No migrations to apply.
2020-02-22 07:30:11 Collect static files
2020-02-22 07:30:17 Collect static files done

– Start Celery as Distributed Task Queue: Ansible

– Start Celery as Distributed Task Queue: Celery

– Start Beat as Periodic Task Scheduler

– Start Flower as Task Monitor

– Start Daphne ASGI WS Server
gunicorn is running: 2498
celery_ansible is running: 2509
celery_default is running: 2517
beat is running: 2528
flower is running: 2532
daphne is running: 2539
(py3) [root@localhost jumpserver]#

jumpserver0221_41

完成启动,再次打开主界面http://192.168.10.216,显示正常,如下:

jumpserver0221_43

jumpserver正常后,使用admin用户登陆管理主界面,进入“会话管理”->”终端管理”,如下图,在线状态栏中显示红色小圆点,即为未在线,说明koko和guacamole没有启动

jumpserver0221_45

检查koko和guacamole镜像,如下,说明镜像存在:

(py3) [root@localhost ~]# docker images
REPOSITORY                                         TAG     IMAGE ID       CREATED       SIZE
dockerhub.azk8s.cn/wojiushixiaobai/jms_guacamole   1.5.6   af71674d07a4   2 weeks ago   678 MB
dockerhub.azk8s.cn/wojiushixiaobai/jms_koko        1.5.6   2561f1397767   2 weeks ago   367 MB
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#

使用docker ps查看运行中的容器,发现没有运行中的容器,如下:

(py3) [root@localhost ~]# docker ps
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#

使用docker ps -a查看所有创建的容器(包括未运行的容器),如下:

(py3) [root@localhost ~]# docker ps -a
CONTAINER ID  IMAGE                                                   COMMAND          CREATED      STATUS                          PORTS                                             NAMES
9107b7603bf2  dockerhub.azk8s.cn/wojiushixiaobai/jms_guacamole:1.5.6  ./entrypoint.sh  12 days ago  Exited (143) About an hour ago  127.0.0.1:8081->8080/tcp                          jms_guacamole
769148c0cec1  dockerhub.azk8s.cn/wojiushixiaobai/jms_koko:1.5.6       ./entrypoint.sh  12 days ago  Exited (0) About an hour ago    0.0.0.0:2222->2222/tcp, 127.0.0.1:5000->5000/tcp  jms_koko
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#

如上所示,发现STATUS中状态为Exited,正常应该为up,应该是容器没有启动,手工启动koko和guacamole,操作如下:

(py3) [root@localhost ~]# docker start 9107b7603bf2
9107b7603bf25c48bb939907882591cee524e22bd5c399781694863152fae72f
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#
(py3) [root@localhost ~]# docker start 769148c0cec1
769148c0cec1cc8a6b227e9946f48613e3670c33b347862ae07e53d6b2e1ac99
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#

start后面为容器的id,通过docker ps -a的第一列可以查看到。

完成后再次运行docker ps,可以看到STATUS状态为UP About……,如下所示,即为启动运行中。

(py3) [root@localhost ~]# docker ps
CONTAINER ID  IMAGE                                                   COMMAND          CREATED      STATUS                 PORTS                                             NAMES
9107b7603bf2  dockerhub.azk8s.cn/wojiushixiaobai/jms_guacamole:1.5.6  ./entrypoint.sh  12 days ago  Up About a minute ago  127.0.0.1:8081->8080/tcp                          jms_guacamole
769148c0cec1  dockerhub.azk8s.cn/wojiushixiaobai/jms_koko:1.5.6       ./entrypoint.sh  12 days ago  Up About a minute ago  0.0.0.0:2222->2222/tcp, 127.0.0.1:5000->5000/tcp  jms_koko
(py3) [root@localhost ~]#

jumpserver0221_46

再次查看管理主界面的终端列表,“在线”一列中已为在线状态,说明koko和guacamole终端注册成功,运行正常。

jumpserver0221_47

最后,测试用户端运维管理是否正常,使用user01用户登陆,管理jumpserver和网管两台服务器,都可以连接和管理,如下:

jumpserver0221_48

jumpserver0221_49

历史会话记录也正常,能够回放

jumpserver0221_50

至此,整个jumpserver服务器重启后的操作全部完成,功能恢复正常。

Centos8上试用开源堡垒机Jumpserver 1.5.6(六):试用批量命令和命令过滤功能

===================================================================

开源堡垒机Jumpserver安装/配置系列:

1、Centos8上试用开源堡垒机Jumpserver 1.5.6(一):堡垒机概述
2、Centos8上试用开源堡垒机Jumpserver 1.5.6(二):安装Centos8(CentOS-8.1.1911-x86_64-dvd1.iso)
3、Centos8上试用开源堡垒机Jumpserver 1.5.6(三):在Centos8上安装Jumpserver
4、Centos8上试用开源堡垒机Jumpserver 1.5.6(四):添加被管资源与运维帐户权限分配
5、Centos8上试用开源堡垒机Jumpserver 1.5.6(五):通过堡垒机进行运维管理
6、Centos8上试用开源堡垒机Jumpserver 1.5.6(六):试用批量命令和命令过滤功能
7、Centos8上试用开源堡垒机Jumpserver 1.5.6(七):服务器重启后的恢复操作(手工启动jumpserver等程序)
8、Centos8上试用开源堡垒机Jumpserver 1.5.6(八):创建用户时使用密码链接并发邮件给用户功能

===================================================================

Jumpserver 1.5.6支持批量命令及命令过滤两功能,在后期实际使用中相对较为实用。具体功能如下。

1、批量命令功能

当你对多台服务器进行巡检或者其它检测,需要输入多个相同的命令来查看各服务器的运行状态,就可以使用jumpserver自带的批量命令功能。

管理用户可以通过左菜单栏的“作业中心”-> “批量命令”进入,如下图:

jumpserver0221_26

若普通用户需要支持批量命令功能,需要管理员设置,进入“系统设置”->“安全设置”,在批量命令(允许用户批量执行命令)前打钩,启用该功能,如下图所示。

jumpserver0221_27

重启登陆user01用户,左边菜单会多一个命令执行,如下图,第一步选择一台需要批量执行命令的主机,这里以jumpserver服务器为例,第二步选择执行命令的用户,这里为jumpserver服务器上的root用户,最后一步输入需要批量执行的命令集合,这里为:

uname -a
cat /etc/redhat-release
uptime
clock
ifconfig -a
df –h

,如下图所示:

jumpserver0221_28

准备好后,点击上图的“执行”按扭,开始批量执行,等待几秒后,会提示任务结束,如下图所示:

jumpserver0221_29

输出的内容如下:

———- 任务开始 ———-
$ uname -a
cat /etc/redhat-release
uptime
clock
ifconfig -a
df -h (2020-02-21 21:31:57) ***********************************************************************************
jumpserver服务器 | CHANGED | rc=0 >>
Linux localhost.localdomain 4.18.0-147.5.1.el8_1.x86_64 #1 SMP Wed Feb 5 02:00:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
CentOS Linux release 8.1.1911 (Core)
  21:31:59 up  1:44,  3 users,  load average: 0.09, 0.04, 0.01
2020-02-21 21:31:56.742166+08:00
cni-podman0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.88.0.1  netmask 255.255.0.0  broadcast 10.88.255.255
        inet6 fe80::60d6:64ff:fec7:a941  prefixlen 64  scopeid 0x20<link>
        ether 62:d6:64:c7:a9:41  txqueuelen 1000  (Ethernet)
        RX packets 13681  bytes 7593510 (7.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12823  bytes 2490995 (2.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.216  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::557b:33cd:8dee:1a73  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:9f:2d:92  txqueuelen 1000  (Ethernet)
        RX packets 121501  bytes 9618271 (9.1 MiB)
         RX errors 0  dropped 22  overruns 0  frame 0
        TX packets 23001  bytes 38267639 (36.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
         inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 188075  bytes 53606802 (51.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 188075  bytes 53606802 (51.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth11147d63: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::44d1:58ff:fe6d:ba4b  prefixlen 64  scopeid 0x20<link>
        ether 46:d1:58:6d:ba:4b  txqueuelen 0  (Ethernet)
        RX packets 9345  bytes 3513364 (3.3 MiB)
         RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8062  bytes 1721601 (1.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethbd7b3c02: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::f896:fdff:fe5e:d467  prefixlen 64  scopeid 0x20<link>
        ether fa:96:fd:5e:d4:67  txqueuelen 0  (Ethernet)
        RX packets 3470  bytes 2597294 (2.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3949  bytes 639376 (624.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
         inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:8a:d4:98  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0-nic: flags=4098<BROADCAST,MULTICAST>  mtu 1500
         ether 52:54:00:8a:d4:98  txqueuelen 1000  (Ethernet)
         RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Filesystem           Size  Used Avail Use% Mounted on
devtmpfs             3.9G     0  3.9G   0% /dev
tmpfs                3.9G  340K  3.9G   1% /dev/shm
tmpfs                3.9G  9.4M  3.9G   1% /run
tmpfs                3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/mapper/cl-root   48G  6.6G   42G  14% /
/dev/mapper/cl-home   24G  199M   24G   1% /home
/dev/sda1            976M  162M  748M  18% /boot
tmpfs                798M  1.2M  797M   1% /run/user/42
tmpfs                798M  4.0K  798M   1% /run/user/0
shm                   63M     0   63M   0% /var/lib/containers/storage/overlay-containers/9107b7603bf25c48bb939907882591cee524e22bd5c399781694863152fae72f/userdata/shm
overlay               48G  6.6G   42G  14% /var/lib/containers/storage/overlay/ceddc920de420069c5f06c3cc35c6f9340aaaebded87ec19a7eaa16d6a8eb38f/merged
shm                   63M     0   63M   0% /var/lib/containers/storage/overlay-containers/769148c0cec1cc8a6b227e9946f48613e3670c33b347862ae07e53d6b2e1ac99/userdata/shm
overlay               48G  6.6G   42G  14% /var/lib/containers/storage/overlay/f5ed548523b62468418ed179dad78ae2b5c29b3182473c3ed64a04bf00259219/merged

———- 任务结束 ———-
Task ops.tasks.run_command_execution[578268d7-7a59-474f-8f4a-f0fac574bcbb] succeeded in 3.988194374000159s: None

jumpserver0221_29

2、命令过滤功能

在维护Linux主机时,有一些命令不希望运维工程师执行,如reboot、rm –rf等高危险命令,就可以通过jumpserver自带的命令过滤功能来实现。

在管理界面中,进入“资产管理”->“命令过滤”,选择创建命令过滤器,如下:

jumpserver0221_30

输入名称,完成创建

jumpserver0221_31

点击刚才创建的过滤器名称,如下图

jumpserver0221_32

点击“规则”,再点击“创建规则”,如下图

jumpserver0221_33

类型选择命令,内容中输入需要过滤的命令,这里为

reboot
rm -rf
pwd

如下图:

jumpserver0221_34

点提交后,

jumpserver0221_35

再点击详情,在系统用户中绑定需要过滤命令的用户,这里选择jumpserver服务器的root用户,如下图,点击确认完成设置。

jumpserver0221_36

完成以上设置后,使用user01重启登陆后,再次打开jumpserver服务器的管理窗口,如下图:

jumpserver0221_37

如下所示,输入pwd、rm -rf、reboot三个命令,提示命令被禁止,说明命令阻止过滤已生效。