Archive for the ‘03. 配置笔记’ Category.

Centos8上试用开源堡垒机Jumpserver 1.5.6(三):在Centos8上安装Jumpserver

===================================================================

开源堡垒机Jumpserver安装/配置系列:

1、Centos8上试用开源堡垒机Jumpserver 1.5.6(一):堡垒机概述
2、Centos8上试用开源堡垒机Jumpserver 1.5.6(二):安装Centos8(CentOS-8.1.1911-x86_64-dvd1.iso)
3、Centos8上试用开源堡垒机Jumpserver 1.5.6(三):在Centos8上安装Jumpserver
4、Centos8上试用开源堡垒机Jumpserver 1.5.6(四):添加被管资源与运维帐户权限分配
5、Centos8上试用开源堡垒机Jumpserver 1.5.6(五):通过堡垒机进行运维管理
6、Centos8上试用开源堡垒机Jumpserver 1.5.6(六):试用批量命令和命令过滤功能
7、Centos8上试用开源堡垒机Jumpserver 1.5.6(七):服务器重启后的恢复操作(手工启动jumpserver等程序)
8、Centos8上试用开源堡垒机Jumpserver 1.5.6(八):创建用户时使用密码链接并发邮件给用户功能

===================================================================

目前Jumpserver开源堡垒机的最新版本为1.5.6,本次将按照官方“CentOS 8 安装文档”来进行配置,具体配置如下(root用户登陆):

1、更新软件库

通过以下命令完成更新:

[root@localhost ~]# yum update –y

jumpserver27

2、关闭防火墙和关闭SELinux

Jumpserver需要开放80(nginx)和2222(SSH登陆端口koko)两个端口,后期远程管理也需要开放相应端口,这里直接将防火墙关闭:

[root@localhost ~]# firewall-cmd –state
running
[root@localhost ~]#

关闭firewall,并禁止防火墙开机启动,命令如下:

[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl disable firewalld.service

接着将SELinux关闭,运行如下命令编辑SELINUX配置文件:

[root@localhost ~]# vi /etc/selinux/config

并将SELINUX=enforcing改成SELINUX=disable,如下:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing – SELinux security policy is enforced.
#     permissive – SELinux prints warnings instead of enforcing.
#     disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted – Targeted processes are protected,
#     minimum – Modification of targeted policy. Only selected processes are protected.
#     mls – Multi Level Security protection.
SELINUXTYPE=targeted

jumpserver29

修改完成后,重启机器,重启后运行getenforce命令查看已经关闭SELinux。

3、安装依赖包

安装wget、gcc等依赖包:

[root@localhost ~]# yum -y install wget gcc epel-release git

jumpserver30

4、安装Redis

Jumpserver使用Redis做cache和celery broke,,安装redis,设置为开机启动模式,并启动程序,操作如下:

[root@localhost ~]# yum -y install redis
[root@localhost ~]# systemctl enable redis
Created symlink /etc/systemd/system/multi-user.target.wants/redis.service 鈫/usr/lib/systemd/system/redis.service.
[root@localhost ~]# systemctl start redis
[root@localhost ~]#

jumpserver31

5、安装并配置MySQL数据库

开始安装mysql,开源也叫mariadb,操作如下:

[root@localhost ~]# systemctl enable mariadb
[root@localhost ~]# systemctl enable mariadb
Created symlink /etc/systemd/system/mysql.service 鈫/usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service 鈫/usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service 鈫/usr/lib/systemd/system/mariadb.service.
[root@localhost ~]#
[root@localhost ~]# systemctl start mariadb
[root@localhost ~]#

接着开始创建数据库,并将数据库授权,操作如下:

生成随机数据库密码:

[root@localhost ~]# DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
[root@localhost ~]#
[root@localhost ~]# echo -e “\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m”
  你的数据库密码是 vqMlQ8FhEkhXVCZHGgRatXIp
[root@localhost ~]#
[root@localhost ~]#

jumpserver32

创建jumpserver数据库,如下:

[root@localhost ~]# mysql -uroot -e “create database jumpserver default charset ‘utf8’; grant all on jumpserver.* to ‘jumpserver’@’127.0.0.1’ identified by ‘$DB_PASSWORD’; flush privileges;”
[root@localhost ~]#

到此,数据库创建完成。

6、安装Nginx

由于jumpserver整个软件安装了多个组件,除了jumpserver主站点外,还有koko、guacamole等,通过Nginx来整合各个组件,操作如下:

创建repo文件:

[root@localhost ~]# vi /etc/yum.repos.d/nginx.repo

输入如下内容:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

开始安装nginx,并设置为开机自启动:

[root@localhost ~]# yum -y install nginx
[root@localhost ~]# systemctl enable nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service 鈫/usr/lib/systemd/system/nginx.service.
[root@localhost ~]#

7、安装Python3.6

开始安装:

[root@localhost ~]# yum -y install python36 python36-devel

jumpserver33

配置并进入Python3虚拟环境,首先定义一个虚拟环境名称,本例为py3,如下:

[root@localhost opt]# cd /opt
[root@localhost opt]# python3.6 -m venv py3
[root@localhost opt]#

jumpserver34

接着进入py3虚拟环境,看到py3开头的提示符号代表成功进入,以后运行jumpserver都要先进入py3环境。

[root@localhost opt]# source /opt/py3/bin/activate
(py3) [root@localhost opt]#
(py3) [root@localhost opt]#

jumpserver35

注意:以下开始的步骤都需要在py3环境中执行。

8、安装Jumpserver

下载jumpserver,完成后/opt目录下会产生一个jumpserver的文件夹:

(py3) [root@localhost opt]# git clone –depth=1 https://github.com/jumpserver/jumpserver.git

jumpserver40

安装依据包:

[root@localhost opt]# yum -y install gcc krb5-devel libtiff-devel libjpeg-devel libzip-devel freetype-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mariadb-devel libffi-devel openssh-clients telnet openldap-clients

接着安装Python库依赖包:

(py3) [root@localhost opt]#
(py3) [root@localhost opt]# pip install wheel

(py3) [root@localhost opt]# pip install –upgrade pip

编辑依赖包清单requirements.txt文件,暂时去掉python-gssapi==0.6.4:

(py3) [root@localhost opt]# vi /opt/jumpserver/requirements/requirements.txt

jumpserver42

安装依赖包清单里的软件:

(py3) [root@localhost opt]# pip install -r /opt/jumpserver/requirements/requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

jumpserver43

完成后,将requirements.txt中将python-gssapi-0.6.4的注释去掉,再执行一次安装命令,完成安装。

(py3) [root@localhost opt]# pip install -r /opt/jumpserver/requirements/requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

jumpserver44

9、配置和启动jumpserver

修改jumpserver配置文件,复制一份示例文件:

(py3) [root@localhost opt]# cd jumpserver
(py3) [root@localhost jumpserver]# cp config_example.yml config.yml
(py3) [root@localhost jumpserver]#

jumpserver45

然后对配置文件作如下修改:

(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
(py3) [root@localhost jumpserver]# echo “SECRET_KEY=$SECRET_KEY” >> ~/.bashrc
(py3) [root@localhost jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
(py3) [root@localhost jumpserver]# echo “BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN” >> ~/.bashrc
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]# sed -i “s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g” /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i “s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g” /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i “s/# DEBUG: true/DEBUG: false/g” /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i “s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g” /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i “s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g” /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i “s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g” /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# echo -e “\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m”
  你的SECRET_KEY是 fKk8ZyJlq6UCQZqowD3tOHXoJ86BfEaY6fMVsMfDzY4kTLQLja
(py3) [root@localhost jumpserver]# echo -e “\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m”
  你的BOOTSTRAP_TOKEN是 H4x1afiqgY3MXCiD
(py3) [root@localhost jumpserver]#

修改完成后,检查下配置,特别是以下行中DB_PASSWORD中是否有密码,正常是有刚才随机的密码:

DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: vqMlQ8FhEkhXVCZHGgRatXIp
DB_NAME: jumpserver

最后启动jumpserver,通过./jms start –d命令,如下:

(py3) [root@localhost /]# cd /opt/jumpserver/
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]# ./jms start -d
2020-02-09 09:32:35 Sun Feb  9 09:32:35 2020
2020-02-09 09:32:35 Jumpserver version 1.5.6, more see https://www.jumpserver.org

– Start Gunicorn WSGI HTTP Server
2020-02-09 09:32:35 Check database connection …
users
  [ ] 0001_initial
  [ ] 0002_auto_20171225_1157_squashed_0019_auto_20190304_1459 (18 squashed migrations)
  [ ] 0020_auto_20190612_1825
  [ ] 0021_auto_20190625_1104
  [ ] 0022_auto_20190625_1105
  [ ] 0023_auto_20190724_1525
  [ ] 0024_auto_20191118_1612
2020-02-09 09:32:41 Database connect success
2020-02-09 09:32:41 Check database structure change …
2020-02-09 09:32:41 Migrate model change to database …
Operations to perform:
   Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_celery_beat, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
   Applying contenttypes.0001_initial… OK
   Applying contenttypes.0002_remove_content_type_name… OK
   Applying auth.0001_initial… OK
   Applying auth.0002_alter_permission_name_max_length… OK
   Applying auth.0003_alter_user_email_max_length… OK
   Applying auth.0004_alter_user_username_opts… OK
   Applying auth.0005_alter_user_last_login_null… OK
   Applying auth.0006_require_contenttypes_0002… OK
   Applying auth.0007_alter_validators_add_error_messages… OK
   Applying auth.0008_alter_user_username_max_length… OK
   Applying users.0001_initial… OK
   Applying admin.0001_initial… OK
   Applying admin.0002_logentry_remove_auto_add… OK
   Applying admin.0003_logentry_add_action_flag_choices… OK
   Applying users.0002_auto_20171225_1157_squashed_0019_auto_20190304_1459… OK
   Applying assets.0001_initial… OK
   Applying perms.0001_initial… OK
   Applying assets.0002_auto_20180105_1807_squashed_0009_auto_20180307_1212… OK
   Applying assets.0010_auto_20180307_1749_squashed_0019_auto_20180816_1320… OK
   Applying perms.0002_auto_20171228_0025_squashed_0009_auto_20180903_1132… OK
   Applying perms.0003_action… OK
   Applying perms.0004_assetpermission_actions… OK
   Applying assets.0020_auto_20180816_1652… OK
   Applying assets.0021_auto_20180903_1132… OK
   Applying assets.0022_auto_20181012_1717… OK
   Applying assets.0023_auto_20181016_1650… OK
   Applying assets.0024_auto_20181219_1614… OK
   Applying assets.0025_auto_20190221_1902… OK
   Applying assets.0026_auto_20190325_2035… OK
   Applying applications.0001_initial… OK
   Applying perms.0005_auto_20190521_1619… OK
   Applying perms.0006_auto_20190628_1921… OK
   Applying perms.0007_remove_assetpermission_actions… OK
   Applying perms.0008_auto_20190911_1907… OK
   Applying assets.0027_auto_20190521_1703… OK
   Applying assets.0028_protocol… OK
   Applying assets.0029_auto_20190522_1114… OK
   Applying assets.0030_auto_20190619_1135… OK
   Applying assets.0031_auto_20190621_1332… OK
   Applying assets.0032_auto_20190624_2108… OK
   Applying assets.0033_auto_20190624_2108… OK
   Applying assets.0034_auto_20190705_1348… OK
   Applying assets.0035_auto_20190711_2018… OK
   Applying assets.0036_auto_20190716_1535… OK
   Applying assets.0037_auto_20190724_2002… OK
   Applying assets.0038_auto_20190911_1634… OK
   Applying perms.0009_remoteapppermission_system_users… OK
   Applying applications.0002_remove_remoteapp_system_user… OK
   Applying applications.0003_auto_20191210_1659… OK
   Applying applications.0004_auto_20191218_1705… OK
   Applying assets.0039_authbook_is_active… OK
   Applying assets.0040_auto_20190917_2056… OK
   Applying assets.0041_gathereduser… OK
   Applying assets.0042_favoriteasset… OK
   Applying assets.0043_auto_20191114_1111… OK
   Applying assets.0044_platform… OK
   Applying assets.0045_auto_20191206_1607… OK
   Applying assets.0046_auto_20191218_1705… OK
   Applying audits.0001_initial… OK
   Applying audits.0002_ftplog_org_id… OK
   Applying audits.0003_auto_20180816_1652… OK
   Applying audits.0004_operatelog_passwordchangelog_userloginlog… OK
   Applying audits.0005_auto_20190228_1715… OK
   Applying audits.0006_auto_20190726_1753… OK
   Applying audits.0007_auto_20191202_1010… OK
   Applying auth.0009_alter_user_last_name_max_length… OK
   Applying authentication.0001_initial… OK
   Applying authentication.0002_auto_20190729_1423… OK
   Applying authentication.0003_loginconfirmsetting… OK
   Applying captcha.0001_initial… OK
   Applying common.0001_initial… OK
   Applying common.0002_auto_20180111_1407… OK
   Applying common.0003_setting_category… OK
   Applying common.0004_setting_encrypted… OK
   Applying common.0005_auto_20190221_1902… OK
   Applying common.0006_auto_20190304_1515… OK
   Applying django_celery_beat.0001_initial… OK
   Applying django_celery_beat.0002_auto_20161118_0346… OK
   Applying django_celery_beat.0003_auto_20161209_0049… OK
   Applying django_celery_beat.0004_auto_20170221_0000… OK
   Applying django_celery_beat.0005_add_solarschedule_events_choices_squashed_0009_merge_20181012_1416… OK
   Applying django_celery_beat.0006_periodictask_priority… OK
   Applying ops.0001_initial… OK
   Applying ops.0002_celerytask… OK
   Applying ops.0003_auto_20181207_1744… OK
   Applying ops.0004_adhoc_run_as… OK
   Applying ops.0005_auto_20181219_1807… OK
   Applying ops.0006_auto_20190318_1023… OK
   Applying ops.0007_auto_20190724_2002… OK
   Applying ops.0008_auto_20190919_2100… OK
   Applying ops.0009_auto_20191217_1713… OK
   Applying ops.0010_auto_20191217_1758… OK
   Applying orgs.0001_initial… OK
   Applying orgs.0002_auto_20180903_1132… OK
   Applying orgs.0003_auto_20190916_1057… OK
   Applying users.0020_auto_20190612_1825… OK
   Applying users.0021_auto_20190625_1104… OK
   Applying users.0022_auto_20190625_1105… OK
   Applying users.0023_auto_20190724_1525… OK
   Applying users.0024_auto_20191118_1612… OK
   Applying perms.0010_auto_20191218_1705… OK
   Applying sessions.0001_initial… OK
   Applying settings.0001_initial… OK
   Applying terminal.0001_initial… OK
   Applying terminal.0002_auto_20171228_0025_squashed_0009_auto_20180326_0957… OK
   Applying terminal.0010_auto_20180423_1140… OK
   Applying terminal.0011_auto_20180807_1116… OK
   Applying terminal.0012_auto_20180816_1652… OK
   Applying terminal.0013_auto_20181123_1113… OK
   Applying terminal.0014_auto_20181226_1441… OK
   Applying terminal.0015_auto_20190923_1529… OK
   Applying terminal.0016_commandstorage_replaystorage… OK
   Applying terminal.0017_auto_20191125_0931… OK
   Applying terminal.0018_auto_20191202_1010… OK
   Applying terminal.0019_auto_20191206_1000… OK
   Applying terminal.0020_auto_20191218_1721… OK
   Applying tickets.0001_initial… OK
2020-02-09 09:34:58 Collect static files
2020-02-09 09:35:03 Collect static files done

– Start Celery as Distributed Task Queue: Ansible

– Start Celery as Distributed Task Queue: Celery

– Start Beat as Periodic Task Scheduler

– Start Flower as Task Monitor

– Start Daphne ASGI WS Server
gunicorn is running: 1353
celery_ansible is running: 1364
celery_default is running: 1372
beat is running: 1383
flower is running: 1388
daphne is running: 1402
(py3) [root@localhost jumpserver]#

jumpserver46


如上,完成了jumpserver的启动。

10、部署koko和guacamole

koko和guacamole用于远程管理LINUX或WINDOWS主机时使用的连接组件,有本地安装和docker两种方式,本次和官网文档相同,使用docker,不过不使用docker软件,使用podman,原理基本相同。

首先安装podman:

(py3) [root@localhost jumpserver]# yum install -y podman-docker

jumpserver47

修改别名,这样可以使用docker开头的命令,符合使用习惯:

(py3) [root@localhost jumpserver]# alias docker=podman
(py3) [root@localhost jumpserver]# echo “alias docker=podman” >> ~/.bashrc

配置podman镜像源,编辑/etc/containers/registries.conf文件,将

registries = [‘registry.access.redhat.com’, ‘registry.fedoraproject.org’, ‘registry.centos.org’, ‘docker.io’]

修改为

registries = [‘dockerhub.azk8s.cn’, ‘docker.mirrors.ustc.edu.cn’, ‘docker.io’]

获取服务器IP地址并输入koko和guacamole镜像:

(py3) [root@localhost jumpserver]# Server_IP=`ip addr | grep ‘state UP’ -A2 | grep inet | egrep -v ‘(127.0.0.1|inet6|docker)’ | awk ‘{print $2}’ | tr -d “addr:” | head -n 1 | cut -d / -f1`
(py3) [root@localhost jumpserver]# echo -e “\033[31m 你的服务器IP是 $Server_IP \033[0m”
  你的服务器IP是 192.168.10.216
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]# docker run –name jms_koko -d -p 2222:2222 -p 127.0.0.1:5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN wojiushixiaobai/jms_koko:1.5.6
Trying to pull dockerhub.azk8s.cn/wojiushixiaobai/jms_koko:1.5.6…
Getting image source signatures
Copying blob c6b215e57460 done
Copying blob 2f770ee5b9cf done
Copying blob ab5ef0e58194 done
Copying blob 5192265494e0 done
Copying config 2561f13977 done
Writing manifest to image destination
Storing signatures
769148c0cec1cc8a6b227e9946f48613e3670c33b347862ae07e53d6b2e1ac99
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]# docker run –name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN wojiushixiaobai/jms_guacamole:1.5.6
Trying to pull dockerhub.azk8s.cn/wojiushixiaobai/jms_guacamole:1.5.6…
Getting image source signatures
Copying blob ab5ef0e58194 skipped: already exists
Copying blob 7e663ccfc7bd done
Copying blob 923a0bfa2671 done
Copying blob 9391bafc9b01 done
Copying config af71674d07 done
Writing manifest to image destination
Storing signatures
9107b7603bf25c48bb939907882591cee524e22bd5c399781694863152fae72f
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]# docker ps
CONTAINER ID  IMAGE                                                   COMMAND          CREATED         STATUS             PORTS                                             NAMES
9107b7603bf2  dockerhub.azk8s.cn/wojiushixiaobai/jms_guacamole:1.5.6  ./entrypoint.sh  21 minutes ago  Up 21 minutes ago  127.0.0.1:8081->8080/tcp                          jms_guacamole
769148c0cec1  dockerhub.azk8s.cn/wojiushixiaobai/jms_koko:1.5.6       ./entrypoint.sh  25 minutes ago  Up 25 minutes ago  0.0.0.0:2222->2222/tcp, 127.0.0.1:5000->5000/tcp  jms_koko
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]# docker images
REPOSITORY                                         TAG     IMAGE ID       CREATED      SIZE
dockerhub.azk8s.cn/wojiushixiaobai/jms_guacamole   1.5.6   af71674d07a4   7 days ago   678 MB
dockerhub.azk8s.cn/wojiushixiaobai/jms_koko        1.5.6   2561f1397767   7 days ago   367 MB
(py3) [root@localhost jumpserver]#

jumpserver48

11、安装WEB Terminal

(py3) [root@localhost jumpserver]# cd /opt
(py3) [root@localhost opt]# wget https://github.com/jumpserver/luna/releases/download/1.5.6/luna.tar.gz
(py3) [root@localhost opt]#
(py3) [root@localhost opt]# tar xf luna.tar.gz
(py3) [root@localhost opt]#
(py3) [root@localhost opt]# ls
jumpserver  luna  luna.tar.gz  py3
(py3) [root@localhost opt]#
(py3) [root@localhost opt]# chown -R root:root luna
(py3) [root@localhost opt]#

jumpserver49

12、配置并运行Nginx

通过NGINX来整合之前安装的各种组件,确保统一访问路径,操作如下:

(py3) [root@localhost opt]# rm -rf /etc/nginx/conf.d/default.conf
(py3) [root@localhost opt]#
(py3) [root@localhost opt]# vi /etc/nginx/conf.d/jumpserver.conf

添加如下内容:

server {
     listen 80;
     # server_name _;

    client_max_body_size 100m;  # 录像及文件上传大小限制

    location /luna/ {
         try_files $uri / /index.html;
         alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
     }

    location /media/ {
         add_header Content-Encoding gzip;
         root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
     }

    location /static/ {
         root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
     }

    location /koko/ {
         proxy_pass       http://localhost:5000;
         proxy_buffering off;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection “upgrade”;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         access_log off;
     }

    location /guacamole/ {
         proxy_pass       http://localhost:8081/;
         proxy_buffering off;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $http_connection;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         access_log off;
     }

    location /ws/ {
         proxy_pass http://localhost:8070;
         proxy_http_version 1.1;
         proxy_buffering off;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection “upgrade”;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         access_log off;
     }

    location / {
         proxy_pass http://localhost:8080;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         access_log off;
     }
}

完成后开始运行Nginx,先运行nginx -t查看,确保配置没有问题:

(py3) [root@localhost opt]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
(py3) [root@localhost opt]#
(py3) [root@localhost opt]#

jumpserver50

没问题后运行nginx:

(py3) [root@localhost opt]# systemctl start nginx
(py3) [root@localhost opt]#
(py3) [root@localhost opt]# systemctl status nginx
鈼[0m nginx.service – nginx – high performance web server
    Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disable>
    Active: active (running) since Sun 2020-02-09 10:36:28 CST; 6s ago
      Docs: http://nginx.org/en/docs/
   Process: 3559 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0>
  Main PID: 3560 (nginx)
     Tasks: 2 (limit: 26213)
    Memory: 2.3M
    CGroup: /system.slice/nginx.service
            鈹溾攢3560 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
            鈹斺攢3561 nginx: worker process

Feb 09 10:36:28 localhost.localdomain systemd[1]: Starting nginx – high performance web s>
Feb 09 10:36:28 localhost.localdomain systemd[1]: Started nginx – high performance web se>

(py3) [root@localhost opt]#

jumpserver51

完成后,打开浏览器,输入http://192.168.10.216,出现登陆界面,用户名密码默认都为admin,如下图,

jumpserver53

jumpserver54

进入后,打开“会话管理”->“终端管理”,由于装了KOKO和guacamole,故正常情况下会有两个终端设备,如下,若没有出现,则koko和guacamole可能安装没成功,如下图所示。

jumpserver55

至此,jumpserver在centos8上的部署已完成 ,下步就需要添加用户和设备资源,使jumpserver可以远程管理相应设备或系统。

参考文章:
1、CentOS 8 安装文档
https://jumpserver.readthedocs.io/zh/master/setup_by_centos8.html

2、Docker 使用说明
https://jumpserver.readthedocs.io/zh/master/faq_docker.html

3、pip install -r /opt/jumpserver/requirements/requirements.txt 安装python-gssapi-0.6.4报错
https://blog.csdn.net/a13568hki/article/details/103259532

4、Jumpserver单机快速部署前的准备工作及部署流程

Centos8上试用开源堡垒机Jumpserver 1.5.6(二):安装Centos8(CentOS-8.1.1911-x86_64-dvd1.iso)

===================================================================

开源堡垒机Jumpserver安装/配置系列:

1、Centos8上试用开源堡垒机Jumpserver 1.5.6(一):堡垒机概述
2、Centos8上试用开源堡垒机Jumpserver 1.5.6(二):安装Centos8(CentOS-8.1.1911-x86_64-dvd1.iso)
3、Centos8上试用开源堡垒机Jumpserver 1.5.6(三):在Centos8上安装Jumpserver
4、Centos8上试用开源堡垒机Jumpserver 1.5.6(四):添加被管资源与运维帐户权限分配
5、Centos8上试用开源堡垒机Jumpserver 1.5.6(五):通过堡垒机进行运维管理
6、Centos8上试用开源堡垒机Jumpserver 1.5.6(六):试用批量命令和命令过滤功能
7、Centos8上试用开源堡垒机Jumpserver 1.5.6(七):服务器重启后的恢复操作(手工启动jumpserver等程序)
8、Centos8上试用开源堡垒机Jumpserver 1.5.6(八):创建用户时使用密码链接并发邮件给用户功能

===================================================================

Jumpserver部署于LINUX环境中,支持多种版本,如下所示:

jumpserver02

本次中选择最新的CentOS8,选择1911版本,在VMware虚拟化平台中创建与运行,具体创建步骤如下:

1、下载并上传CentOS-8.1.1911-x86_64-dvd1.iso镜像

安装最新版本CentOS8:1911版本。下载地址

完成镜像的下载后,上传至VMware虚拟化平台中,以方便后期安装,由于镜像文件超过4T大小,用vCenter上传会出错,需进入ESXi完成上传,选择“存储”->“数据存储浏览器”,如下图:

jumpserver10

选择“上传”,选择刚才下载的镜像文件CentOS-8.1.1911-x86_64-dvd1.iso,完成上传。

jumpserver11

2、创建CentOS8虚拟机

在VMware vSphere6.7中创建,如下:

jumpserver03

选择“新建虚拟机”,在弹出的对话框中选择“创建虚拟机”,如下图

jumpserver04

输入虚拟机名称,如上图,并指定虚拟机创建位置

jumpserver05

选择虚拟机所创建的位置,这里只有一台ESXI主机192.168.10.80,选择这台主机

jumpserver06

选择虚拟机存储空间

jumpserver07

新的CD/DVD驱动器中选择“数据存储ISO文件”,如下

jumpserver08

选择刚才上传的

jumpserver09

选择好后,在“打开电源时连接”上打钩,如下图,完成整个设置。

jumpserver12

3、安装CentOS8

选择刚才新建的虚拟机开机,再选择“启动Romote Console”(需提前安装vmrc)按扭,如下图

jumpserver14

点击下图中的三角按扭,启动虚拟机

jumpserver15

出现CentOS8安装界面,开始安装

jumpserver16

默认英文

jumpserver17

完成相关设置,包括时区、安装选项等,如下图

jumpserver19

IP地址配置

jumpserver18

开始安装,设置root密码

jumpserver20

安装完成后重启

jumpserver21

同意许可,完成配置,如下图

jumpserver22

jumpserver23

启动完成

jumpserver25

4、连接并远程管理创建好的虚拟机CentOS8(192.168.10.216)

安装时已经设置好IP地址,故启动完成后,直接使用SecureCRT连接192.168.10.216即可,使用root用户登陆,如下图。

jumpserver26

至此,CentOS8安装完成,下步开始部署jumpserver。

Centos8上试用开源堡垒机Jumpserver 1.5.6(一):堡垒机及Jumpserver概述

===================================================================

开源堡垒机Jumpserver安装/配置系列:

1、Centos8上试用开源堡垒机Jumpserver 1.5.6(一):堡垒机概述
2、Centos8上试用开源堡垒机Jumpserver 1.5.6(二):安装Centos8(CentOS-8.1.1911-x86_64-dvd1.iso)
3、Centos8上试用开源堡垒机Jumpserver 1.5.6(三):在Centos8上安装Jumpserver
4、Centos8上试用开源堡垒机Jumpserver 1.5.6(四):添加被管资源与运维帐户权限分配
5、Centos8上试用开源堡垒机Jumpserver 1.5.6(五):通过堡垒机进行运维管理
6、Centos8上试用开源堡垒机Jumpserver 1.5.6(六):试用批量命令和命令过滤功能
7、Centos8上试用开源堡垒机Jumpserver 1.5.6(七):服务器重启后的恢复操作(手工启动jumpserver等程序)
8、Centos8上试用开源堡垒机Jumpserver 1.5.6(八):创建用户时使用密码链接并发邮件给用户功能

===================================================================

堡垒机,又称运维安全审计,当信息系统越来越复杂,设备系统和运维管理的人增多,通过堡垒机,可以实现分用户、分设备进行权限分配,并对运维人员的运维行为进行录屏或命令记录,方便后期审计。同时整个信息系统也要配置成各设备系统只能堡垒机来管,运维人员不能直接管理相关设备或系统,才能更好发挥堡垒机的作用,体现效果。

目前堡垒机商业品牌包括奇志、思福迪等,以及安全大厂商如天融信、网御星云等都有相关产品。最近知道Jumpserver这款基于GPL开源协议的开源堡垒机,看功能介绍很丰富,是FIT2CLOUD飞致云旗下产品,所以也可以购买软件订阅服务,获得开源版本没有的企业版功能和技术支持,或者购买Jumpserver一体机,软硬件结合,买来直接用。

【官方演示体验入口】 【GITHUB】  【文档】

jumpserver01

目前最新版本为Jumpserver1.5.6,符合4A机制的堡垒机,功能介绍:

用户管理
用户管理模块,负责添加修改删除用户,把用户划分不同的用户组,方便将来授权主机.

资产管理
资产管理模块,负责管理各类资产,采纳资产数方便组织和授权.

授权管理
授权管理模块,以资产树方式授权资产,效率高

日志审计
日志审计模块,监控用户操作,统计用户操作记录,可中断用户不良危险操作.

VMware vSphere 6.7.0 U3b发布

VMware vSphere 6.7.0 U3b已发布,试用版下载

Syslog记录软件

之前写过在Linux中记录syslog的方法,若急用,也可以使用软件来实现。Syslog Watcher就是这样一款在WINDOWS下使用的软件(下载地址,提取码:jw8k)。

运行主程序后,在Listen状态下即能监控syslog数据包,如下图:

syslog03

点击上图中的Settings,进行相应设置,如考虑若每天的日志量很大,可以设置为每天生成一个日志文件;并设置日志存放的路径,如下图所示。

syslog04

CentOS7中,利用rsyslog搭建日志服务器(采集syslog日志),并使用loganalyzer实现日志图形化管理

Rsyslog是一个syslogd的多线程增强版,在syslog的基础上扩展了很多其他功能,如数据库支持(MySQL, PostgreSQL、Oracle等)、日志内容筛选、定义日志格式模板等。除了默认的udp协议外,rsyslog还支持tcp协议来接收日志。

交换机、路由器、防火墙、上网行为管理等设备都支持syslog日志标准输出,网络中如有日志审计设备,即可将日志输出至日志审计设备中,实现日志记录,等保中网内设备日志的记录也是最基本的要求。

若没有专用日志审计设备,可通过相关日志管理软件实现,本文将介绍通过Linux自带的Rsyslog来记录外部日志,并通过loganalyzer实现日志图形化管理。

一、在CentOS7(1804)中配置Rsyslog

1、安装 CentOS

在虚拟化平台中完成CentOS操作系统的安装,准备存放日志的/或/var目录空间相对配置大些,用于存放日志。

2、关闭防火墙

通过systemctl status firewalld.service命令查看防火墙正在运行,如下图:

[root@localhost ~]# systemctl status firewalld.service
鈼[0m firewalld.service – firewalld – dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-09-13 22:43:44 CST; 16h ago
     Docs: man:firewalld(1)
  Main PID: 802 (firewalld)
    Tasks: 2
   CGroup: /system.slice/firewalld.service
           鈹斺攢802 /usr/bin/python -Es /usr/sbin/firewalld –nofork –nopid

Sep 13 22:43:42 localhost.localdomain systemd[1]: Starting firewalld – dynami…
Sep 13 22:43:44 localhost.localdomain systemd[1]: Started firewalld – dynamic…
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]#

rsyslog01

通过命令关闭防火墙,并禁用关机启用防火墙:

[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl status firewalld.service
鈼firewalld.service – firewalld – dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Sat 2019-09-14 15:20:48 CST; 6s ago
     Docs: man:firewalld(1)
  Process: 802 ExecStart=/usr/sbin/firewalld –nofork –nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
  Main PID: 802 (code=exited, status=0/SUCCESS)

Sep 13 22:43:42 localhost.localdomain systemd[1]: Starting firewalld – dynamic firew….
Sep 13 22:43:44 localhost.localdomain systemd[1]: Started firewalld – dynamic firewa….
Sep 14 15:20:46 localhost.localdomain systemd[1]: Stopping firewalld – dynamic firew….
Sep 14 15:20:48 localhost.localdomain systemd[1]: Stopped firewalld – dynamic firewa….
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]#

如上,通过systemctl stop firewalld.service关闭防火墙功能,通过systemctl disable firewalld.service关闭自启动模式。

3、关闭SELINUX

执行如下命令,将SELINUX关闭。

[root@localhost ~]# sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g’ /etc/selinux/config
[root@localhost ~]# more /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing – SELinux security policy is enforced.
#     permissive – SELinux prints warnings instead of enforcing.
#     disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted – Targeted processes are protected,
#     minimum – Modification of targeted policy. Only selected processes are protected.
#     mls – Multi Level Security protection.
SELINUXTYPE=targeted

[root@localhost ~]# reboot

完成 后reboot重启服务器。

4、配置并启动Rsyslog

rsyslog一般是预先就安装于linux系统的发行版上的,使用如下命令检查下是否已安装Rsyslog:

[root@localhost ~]# rpm -qa | grep rsyslog
rsyslog-8.24.0-16.el7.x86_64
[root@localhost ~]# rsyslogd -v
rsyslogd 8.24.0, compiled with:
        PLATFORM:                               x86_64-redhat-linux-gnu
        PLATFORM (lsb_release -d):
        FEATURE_REGEXP:                         Yes
        GSSAPI Kerberos 5 support:              Yes
        FEATURE_DEBUG (debug build, slow code): No
         32bit Atomic operations supported:      Yes
        64bit Atomic operations supported:      Yes
        memory allocator:                       system default
        Runtime Instrumentation (slow code):    No
        uuid support:                           Yes
        Number of Bits in RainerScript integers: 64

See http://www.rsyslog.com for more information.
[root@localhost ~]#

如上显示默认已安装rsyslog。

rsyslog后台进程默认不能接受外部信息的,但可以通过配置它的配置文件/etc/rsyslog.conf来使之接受外部日志信息,使其变成一台日志管理服务器。使用vi命令配置/etc/rsyslog.conf文件:

[root@localhost ~]# vi /etc/rsyslog.conf

将四个#字符去除,原为:

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

去除后变为:

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

并在最后添加如下内容(目前如下日志文件名称的写法是第天会生成一个log日志文件,若希望一直是一个日志文件,则可以将年月日变量去除,修改为syslog_%FROMHOST-IP%.log即可):

$template RemoteLogs,”/var/log/syslog/%HOSTNAME%/syslog_%$YEAR%-%$MONTH%-%$DAY%_%FROMHOST-IP%.log”
*.* ?RemoteLogs
& ~
fromhost-ip, !isequal, “127.0.0.1”
?Remote
& ~

完成后wq!保存退出。

重启rsyslog进程,并加入开机启动:

[root@localhost ~]# systemctl restart rsyslog
[root@localhost ~]# systemctl enable rsyslog
[root@localhost ~]#

然后查看rsyslog进程是否在运行,514端口是否在侦听:

[root@localhost ~]# systemctl status rsyslog
鈼[0m rsyslog.service – System Logging Service
    Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-09-14 21:57:02 CST; 16s ago
     Docs: man:rsyslogd(8)
           http://www.rsyslog.com/doc/
  Main PID: 5651 (rsyslogd)
   CGroup: /system.slice/rsyslog.service
           鈹斺攢5651 /usr/sbin/rsyslogd -n

Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: action ‘isequal,’ treated as ‘…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: action ‘127’ treated as ‘:omus…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]:  Could not find template 1 ‘Re…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: warning: ~ action is deprecate…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during config processing…]
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# netstat -antup | grep 514
tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      5651/rsyslogd      
tcp6       0      0 :::514                  :::*                    LISTEN      5651/rsyslogd      
udp        0      0 0.0.0.0:514             0.0.0.0:*                           5651/rsyslogd      
udp6       0      0 :::514                  :::*                                5651/rsyslogd      
[root@localhost ~]#

至此rsyslog配置结束,接着配置一台华为5720交换机,配置成将syslog日志传输至本服务器上(192.168.10.209):

[center-s5700]info-center enable
[center-s5700]info-center loghost 192.168.10.209

完成后进入日志服务器的/var/log/syslog目录,生成了一个center-5700的文件夹,进入后,有一个syslog_2019-09-14_192.168.10.253.log日志文件,如下:

rsyslog02

[root@localhost xxx-center-s5700]# cd ..
[root@localhost syslog]# ls
xxx-center-s5700  localhost
[root@localhost syslog]#
[root@localhost syslog]# cd xxx-center-s5700/
[root@localhost xxx-center-s5700]# ls
syslog_2019-09-14_192.168.10.253.log
[root@localhost xxx-center-s5700]# ^C
[root@localhost xxx-center-s5700]#

如上,说明日志文件已经生成,使用more syslog_2019-09-14_192.168.10.253.log查看日志内容

[root@localhost xxx-center-s5700]# more syslog_2019-09-14_192.168.10.253.log
Nov  6 03:17:11 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[0]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”info-center loghost 192.168.10.209″)
Nov  6 03:17:12 xxx-center-s5700 DS/4/DATASYNC_CFGCHANGE: OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 1, the change loo
p count is 0, and the maximum number of records is 4095.
Nov  6 03:17:55 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[1]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”quit”)
Nov  6 03:17:56 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[2]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”quit”)
Nov  6 03:17:56 xxx-center-s5700 %%01SHELL/5/LOGOUT(s)[3]: The user succeeded in log
ging out of VTY0. (UserType=Telnet, UserName=, Ip=192.168.10.66, VpnName=)
Nov  6 03:17:56 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[4]: Recorded command infor
mation. (Task=VT0, Ip=**, VpnName=, User=**, AuthenticationMethod=”Null”, Command=”undo
debugging all”)
Nov  6 03:18:03 xxx-center-s5700 %%01SHELL/5/LOGIN(s)[5]: The user succeeded in logg
ing in to VTY0. (UserType=Telnet, UserName=, AuthenticationMethod=”Password”, Ip=192.168
.10.66, VpnName=)
Nov  6 03:18:04 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[6]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”system-view”)

说明5700交换机日志可以传输至日志服务器上,至此rsyslog配置完成。

但目前只能通过文件的方式来查看日志的内容,不能直观的查看,故下面将介绍结合使用loganalyzer来实现图形化的管理。

二、安装及配置loganalyzer

loganalyzer是一款日志分析工具,配合rsyslog使用,rsyslog用于搜集日志,loganalyzer根据rsyslog搜集到的数据进行分析与图形化展示,并能生成相应报表等功能。

1、安装mariadb(mysql)、httpd(apache)、php

利用yum安装LAMP运行环境,包括mysql、php、httpd等,如下:

[root@localhost /]# yum -y install httpd mariadb-server mariadb php php-mysql mysql-devel
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
  * base: mirrors.163.com
  * extras: mirrors.huaweicloud.com
  * updates: mirrors.163.com
base                                                             | 3.6 kB  00:00:00    
extras                                                           | 3.4 kB  00:00:00    
updates                                                          | 3.4 kB  00:00:00  

…………………………………..

Installed:
  httpd.x86_64 0:2.4.6-89.el7.centos.1          mariadb.x86_64 1:5.5.60-1.el7_5       
  mariadb-devel.x86_64 1:5.5.60-1.el7_5         php.x86_64 0:5.4.16-46.el7            
  php-mysql.x86_64 0:5.4.16-46.el7            

Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7_4.1                apr-util.x86_64 0:1.5.2-6.el7           
  httpd-tools.x86_64 0:2.4.6-89.el7.centos.1  keyutils-libs-devel.x86_64 0:1.5.8-3.el7
  krb5-devel.x86_64 0:1.15.1-37.el7_6         libcom_err-devel.x86_64 0:1.42.9-13.el7 
  libkadm5.x86_64 0:1.15.1-37.el7_6           libselinux-devel.x86_64 0:2.5-14.1.el7  
  libsepol-devel.x86_64 0:2.5-10.el7          libverto-devel.x86_64 0:0.2.5-4.el7     
  libzip.x86_64 0:0.10.1-8.el7                mailcap.noarch 0:2.1.41-2.el7           
  openssl-devel.x86_64 1:1.0.2k-16.el7_6.1    pcre-devel.x86_64 0:8.32-17.el7         
  php-cli.x86_64 0:5.4.16-46.el7              php-common.x86_64 0:5.4.16-46.el7       
  php-pdo.x86_64 0:5.4.16-46.el7              zlib-devel.x86_64 0:1.2.7-18.el7        

Dependency Updated:
  e2fsprogs.x86_64 0:1.42.9-13.el7           e2fsprogs-libs.x86_64 0:1.42.9-13.el7     
  krb5-libs.x86_64 0:1.15.1-37.el7_6         libcom_err.x86_64 0:1.42.9-13.el7         
  libselinux.x86_64 0:2.5-14.1.el7           libselinux-python.x86_64 0:2.5-14.1.el7   
  libselinux-utils.x86_64 0:2.5-14.1.el7     libsepol.x86_64 0:2.5-10.el7              
  libss.x86_64 0:1.42.9-13.el7               mariadb-libs.x86_64 1:5.5.60-1.el7_5      
  openssl.x86_64 1:1.0.2k-16.el7_6.1         openssl-libs.x86_64 1:1.0.2k-16.el7_6.1   
  zlib.x86_64 0:1.2.7-18.el7               

Complete!
[root@localhost /]#

如下,完成安装。启动apache和mysql:

[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@localhost ~]# systemctl start mariadb.service
[root@localhost ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@localhost ~]#

使用如下命令查看服务是否启动:

[root@localhost rsyslog-8.24.0]# ss -naplt | grep httpd
LISTEN     0      128         :::80                      :::*                   users:((“httpd”,pid=12789,fd=4),(“httpd”,pid=12788,fd=4),(“httpd”,pid=12787,fd=4),(“httpd”,pid=2433,fd=4),(“httpd”,pid=2432,fd=4),(“httpd”,pid=2431,fd=4),(“httpd”,pid=2430,fd=4),(“httpd”,pid=2429,fd=4),(“httpd”,pid=2426,fd=4))
[root@localhost rsyslog-8.24.0]# ss -naplt | grep mysqld
LISTEN     0      50           *:3306                     *:*                   users:((“mysqld”,pid=12580,fd=13))
[root@localhost rsyslog-8.24.0]#

2、测试PHP

进入html目录,新建index.php文件,如下

[root@localhost www]# cd html     
[root@localhost html]# vi index.php

      在index.php文件中写入如下内容:

<?php
    phpinfo()
?>

      保存退出。
浏览器打开服务器地址http://192.168.10.209,出现如下界面,PHP则运行正常。

rsyslog03

3、安装rsyslog连接数据库模块插件,并导入rsyslog自带的sql脚本

安装rsyslog日志软件连接mysql插件:

[root@localhost ~]# yum -y install rsyslog-mysql

完成安装后,开始导入脚本,首先设置mariadb的root帐号密码,密码为syslog123,如下:

[root@localhost rsyslog-8.24.0]# mysqladmin -u root password syslog123
[root@localhost rsyslog-8.24.0]#

然后进入/usr/share/doc/rsyslog-8.24.0目录,执行mysql-createDB.sql脚本,如下:

[root@localhost rsyslog-8.24.0]#
[root@localhost rsyslog-8.24.0]# pwd
/usr/share/doc/rsyslog-8.24.0
[root@localhost rsyslog-8.24.0]# ls
AUTHORS  ChangeLog  COPYING  COPYING.ASL20  COPYING.LESSER  mysql-createDB.sql
[root@localhost rsyslog-8.24.0]# mysql -u root -p < mysql-createDB.sql
Enter password:
[root@localhost rsyslog-8.24.0]#
[root@localhost rsyslog-8.24.0]#
[root@localhost rsyslog-8.24.0]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> show databases;
+——————–+
| Database           |
+——————–+
| information_schema |
| Syslog             |
| mysql              |
| performance_schema |
| test               |
+——————–+
5 rows in set (0.00 sec)

MariaDB [(none)]> use syslog;
ERROR 1049 (42000): Unknown database ‘syslog’
MariaDB [(none)]> use Syslog;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [Syslog]> show tables;
+————————+
| Tables_in_Syslog       |
+————————+
| SystemEvents           |
| SystemEventsProperties |
+————————+
2 rows in set (0.00 sec)

MariaDB [Syslog]>

如上所示,导入后没有错误产生,查询有SystemEvents、SystemEventsProperties两张表,说明导入脚本成功。

4、创建数据库用户,并使支持rsyslog-mysql模块

库和表已经创建完成,开始创建一个数据库用户,能够写入syslog数据表中,进行如下操作:

MariaDB [Syslog]> grant all on Syslog.* to rsyslog@’localhost’ identified by ‘syslog123’;
Query OK, 0 rows affected (0.01 sec)

MariaDB [Syslog]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [Syslog]> exit
Bye
[root@localhost rsyslog-8.24.0]#

完成后,开始配置rsyslog.conf配置文件,使支持rsyslog-mysql模块:

[root@localhost rsyslog-8.24.0]# vi /etc/rsyslog.conf

将#$ModLoad immark  # provides –MARK– message capability语句的#号去除,并添加如下内容:

$Modload ommysql
*.* :ommysql:localhost,Syslog,rsyslog,syslog123

最终变成:

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
$ModLoad immark  # provides –MARK– message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

$Modload ommysql
*.* :ommysql:localhost,Syslog,rsyslog,syslog123

#### GLOBAL DIRECTIVES ####

rsyslog04

完成修改后,wq!保存退出,并重启rsyslog进程:

[root@localhost rsyslog-8.24.0]# systemctl restart rsyslog.service

5、安装并配置loganalyzer

从官网下载安装包,解压并复制至 /var/www/html目录下:

[root@localhost home]# wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.7.tar.gz
[root@localhost home]# tar -zxvf loganalyzer-4.1.7.tar.gz
[root@localhost home]# ls
aa  loganalyzer-4.1.7  loganalyzer-4.1.7.tar.gz
[root@localhost home]# cd loganalyzer-4.1.7/
[root@localhost loganalyzer-4.1.7]# ls
ChangeLog  contrib  COPYING  doc  INSTALL  src
[root@localhost loganalyzer-4.1.7]# cd src
[root@localhost src]# ls
admin               convert.php  favicon.ico  js                   search.php
asktheoracle.php    cron         images       lang                 statistics.php
BitstreamVeraFonts  css          include      login.php            templates
chartgenerator.php  details.php  index.php    reportgenerator.php  themes
classes             export.php   install.php  reports.php          userchange.php
[root@localhost src]# cd ..
[root@localhost loganalyzer-4.1.7]# ls
ChangeLog  contrib  COPYING  doc  INSTALL  src
[root@localhost loganalyzer-4.1.7]# cp -a ./src/* /var/www/html/
cp: overwrite 鈥var/www/html/index.php鈥 y
[root@localhost loganalyzer-4.1.7]# cp -a ./contrib/* /var/www/html/
[root@localhost loganalyzer-4.1.7]#
[root@localhost loganalyzer-4.1.7]#

完成后,打开浏览器,输入http://192.168.10.209,点击HERE开始安装:

rsyslog05

点击next开始下一步

rsyslog06

提供config.sh文件不存在,权限错误,如下图

rsyslog07

运行软件根目录下的configure.sh,如下:

[root@localhost loganalyzer-4.1.7]# cd /var/www/html/
[root@localhost html]# ls
admin               convert.php  images       login.php            templates
asktheoracle.php    cron         include      reportgenerator.php  themes
BitstreamVeraFonts  css          index.php    reports.php          userchange.php
chartgenerator.php  details.php  install.php  search.php
classes             export.php   js           secure.sh
configure.sh        favicon.ico  lang         statistics.php
[root@localhost html]# sh configure.sh
[root@localhost html]#

完成后,点击上图中的ReCheck按扭,错误清除,如下图,继续next进行下一步

rsyslog08

配置数据库,选择YES,数据库名称Syslog,用户名rsyslog,密码是刚才创建用户时的密码,如下图

rsyslog09

创建表

rsyslog10

检查SQL语句

rsyslog11

创建管理员用户

rsyslog12

通过如下创建一个测试日志文件:

[root@localhost log]# echo 1 > /var/log/syslogtest

syslog file中输入syslogtest,如下图:

rsyslog13

完成安装。

rsyslog14

在刚才的syslogtest中添加一些字符,首页即会产生相应显示,则说明loganalyzer运行正常。

rsyslog15

6、在loganalyzer中添加数据源

综上已经完成了loganalyzer的安装工作,下面开始添加数据源,之前在安装rsyslog时已经添加了两台交换机的日志,并已经在/var/log/syslog目录生成了相应的日志文件,如下图所示:

rsyslog16

点击首页的Login按扭,输入刚才创建的admin用户

rsyslog17

选择Admin Center,如下

rsyslog18

选择Sources,数据源,如下

rsyslog19

选择Add new Sources,添加新的数据源,如下

rsyslog20

如下图,完成日志添加的相应信息

rsyslog21

若出现不能添加的问题,如下

rsyslog22

则需要修改/var/log下相关日志文件的权限,设置为777,如下:

[root@localhost log]# chmod -R 777 syslog

完成后,列表中会增加一个huawei5720的条目,如下

rsyslog23

返回首页,右上角Select Source中选择刚才创建的huawei-5720数据源条目

rsyslog24

刷新后,即能看到5720交换机的相关日志信息,如下图。

rsyslog25

到此,rsyslog和LogAnalyzer安装结束,第一次使用和安装,文中难免有逻辑等错误,仅供参考。

参考文章:

1、https://www.linuxidc.com/Linux/2017-10/147693.htm

2、https://www.cnblogs.com/lsdb/articles/8072115.html

3、https://blog.csdn.net/xdnabl/article/details/51120873

4、https://www.cnblogs.com/zhaodahai/p/6824523.html

5、https://loganalyzer.adiscon.com/doc/install.html

6、https://blog.csdn.net/xdnabl/article/details/51120873

7、https://www.jianshu.com/p/0f6cb74a7280

“错误:Cookies因预料之外的输出被阻止。要获取帮助,请参见此文档或访问支持论坛。”错误的解决

本博客wordpress后台不能登陆已经有一段时间了,登陆后台时提示”错误:Cookies因预料之外的输出被阻止。要获取帮助,请参见此文档或访问支持论坛。”,如下图所示:

wordpressloginerror01

后台也一直提示ERROR错误日志,如下所示:

[11-Aug-2019 13:28:39 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) inwp-includes/pluggable.php on line 1223
[11-Aug-2019 13:28:46 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/comment.php on line 529
[11-Aug-2019 13:28:46 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/comment.php on line 530
[11-Aug-2019 13:28:46 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/comment.php on line 531
[11-Aug-2019 13:28:46 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/pluggable.php on line 1223
[11-Aug-2019 13:28:46 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/functions.php on line 1315
[11-Aug-2019 13:31:08 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/feed-rss2-comments.php on line 8
[11-Aug-2019 13:31:09 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) inwp-includes/feed-rss2-comments.php on line 8

如上的错误也导致文章不能更新,最近太忙,今天花了些时间搜索了下,发现可能是由于wp-config.php,使用UE打开,并”另存为“一个新文件,另存为时编码选择”ANSI/ASCII“,如下图所示。

wordpressloginerror02

wordpressloginerror03

完成后,上传wp-config.php覆盖原文件,再次打开后台,发现已经没有cookies错误提示,也能登陆后台管理系统。

在vSphere中手工降低虚拟机的版本(兼容性)

在高版本ESXi上运行的虚拟机vMotion至低版本的ESXi上时会出错,提示不兼容,需要降版本。

目前Esxi6.7的版本为14,Esxi6.5的虚拟机版本为13,如下图,需要手工将虚拟机版本号更改为13。

vmware14_01

打开存储的“数据存储浏览”,如下图

vmware14_03

找到需要降版本的虚拟机文件夹,这里为win2012R,如下图,选中win2012R2.vmx文件,点击下载至本地

vmware14_02

用记事本打开下载的文件,将virtualHW.version = “14”修改为virtualHW.version = “13”,如下图

vmware14_04

完成修改后再上载至原目录,覆盖原文件

vmware14_05

再次启动虚拟机,查看兼容性信息,版本已经修改为13

vmware14_06

现次vMotion,已经没有提示不兼容信息,成功迁移虚拟机。

Zabbix 4.0.2试用(九):在Linux主机中安装zabbix agent并添加该主机(RPM安装,适用于内网无互联网环境)

之前介绍的是用yum源方式安装,前提是主机需要与互联网相通,但有些需监控的客户机可能没有互联网,只有内网环境,就需要使用RPM安装方法,操作如下:

1、关闭防火墙和SELINUX

使用root用户登陆系统:

首先查看防火墙状态

[root@zabbix ~]# firewall-cmd –state
running
[root@zabbix ~]#

关闭firewall,并禁止防火墙开机启动,命令如下:

[root@zabbix ~]# systemctl stop firewalld.service
[root@zabbix ~]# systemctl disable firewalld.service

再次查看,防火墙已不在运行:

[root@zabbix ~]# firewall-cmd –state

安装之前还需将SELINUX关闭,运行如下命令编辑SELINUX配置文件:

[root@zabbix ~]# vi /etc/selinux/config

并将SELINUX=enforcing改成SELINUX=disable,如下:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing – SELinux security policy is enforced.
#     permissive – SELinux prints warnings instead of enforcing.
#     disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted – Targeted processes are protected,
#     minimum – Modification of targeted policy. Only selected processes are protected.
#     mls – Multi Level Security protection.
SELINUXTYPE=targeted

修改完成后,重启机器,运行如下命令查看是否 SELINUX已关闭:

[root@zabbix ~]# getenforce

退回disable即为已关闭。

2、安装Zabbix Agent

由于此centos客户端没有互联网环境,故不能使用YUM等方式安装,将采用RPM安装包进行安装。

首先进入http://repo.zabbix.com,下载http://repo.zabbix.com/zabbix-official-repo.keyhttp://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-agent-4.0.1-1.el7.x86_64.rpm两个文件,然后开始安装:

首先导入repo:

[root@zabbixclient tmp]# rpm –import zabbix-official-repo.key

agentnew001

完成后,开始安装zabbix agent:

[root@zabbixclient tmp]# rpm -ivh zabbix-agent-4.0.1-1.el7.x86_64.rpm
warning: zabbix-agent-4.0.1-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Preparing…                          ################################# [100%]
Updating / installing…
   1:zabbix-agent-4.0.1-1.el7         ################################# [100%]
[root@zabbixclient tmp]#

agentnew002

3、配置Zabbix Agent配置文件zabbix_agentd.conf

使用vi编辑器编辑配置文件,进入/etc/zabbix/目录,使用vi编辑器打开zabbix_agentd.conf

[root@zabbixclient tmp]# cd /etc/zabbix/
[root@zabbixclient zabbix]# ls
zabbix_agentd.conf  zabbix_agentd.d
[root@zabbixclient zabbix]# vi zabbix_agentd.conf

主要完成以下几项的修改:

EnableRemoteCommands=1       //来至zabbix服务器的远程命令是否允许被执行
Server=192.168.10.208             //zabbix server地址,用于被动模式,数据获取
ServerActive=192.168.10.208    //主动发送的zabbix server地址主动发送的zabbix server地址,用于主动模式,数据提交
Hostname=zabbix                     //和创建主机时的hostname一致
UnsafeUserParameters=1           //启用自定义key,zabbix监控mysql、tomcat等数据时需要自定义key

完成后保存退出。

3、启动Zabbix Agent服务

配置文件修改完成后,开始启动Agent程序,service zabbix-agent status用来查看启动状态,service zabbix-agent start用来启动服务,具体如下:

[root@zabbixclient zabbix]# service zabbix-agent status
Redirecting to /bin/systemctl status zabbix-agent.service
鈼zabbix-agent.service – Zabbix Agent
   Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@zabbixclient zabbix]# service zabbix-agent start
Redirecting to /bin/systemctl start zabbix-agent.service
[root@zabbixclient zabbix]# service zabbix-agent status
Redirecting to /bin/systemctl status zabbix-agent.service
鈼[0m zabbix-agent.service – Zabbix Agent
   Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2019-03-24 19:58:25 CST; 6s ago
  Process: 20179 ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited, status=0/SUCCESS)
  Main PID: 20182 (zabbix_agentd)
    Tasks: 6
   CGroup: /system.slice/zabbix-agent.service
            鈹溾攢20182 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
           鈹溾攢20184 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
           鈹溾攢20185 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
           鈹溾攢20186 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
            鈹溾攢20187 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
           鈹斺攢20188 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]

Mar 24 19:58:25 zabbixclient systemd[1]: Starting Zabbix Agent…
Mar 24 19:58:25 zabbixclient systemd[1]: Started Zabbix Agent.
[root@zabbixclient zabbix]#

agentnew003

4、开机自启动Zabbix Agent服务

通过chkconfig zabbix-agent on命令来实现开机自动启动:

[root@zabbixclient zabbix]# chkconfig zabbix-agent on
Note: Forwarding request to ‘systemctl enable zabbix-agent.service’.
Created symlink from /etc/systemd/system/multi-user.target.wants/zabbix-agent.service to /usr/lib/systemd/system/zabbix-agent.service.
[root@zabbixclient zabbix]#

5、将主机添加至zabbix server平台

打开zabbix server主界面,选择“配置‘->”主机“,点击右上角的”创建“按扭,创建一台主机,如下图

agentinstall06

输入主机名称,群组选择系统默认的Server hardware,agent代理接口IP设置刚才安装agent的主机192.168.10.209,端口默认10050,如下图:

agentinstall07

再选择”模板“选项栏,链接指示器里选择”Template OS Linux“,点击添加,最后点击蓝底添加按扭,完成添加。

agentinstall08

完成后可以看到列表中已经有刚才不回的主机,过几分钟后,可用性一栏中的ZBX变绿即表示监控正常。

agentinstall09

Zabbix 4.0.2试用(八):在Windows2008R2和2012主机中安装zabbix agent并添加该主机

之前介绍了通过两种不同的安装方式来安装zabbix agent,以使服务器能被监控到,本次介绍在Windows下安装agent,以使能被监控,步骤如下:

1、关闭防火墙

若被监控的Windows主机启用了防火墙,需关闭防火墙,或者在防火中开放TCP和UDP的10050端口。

2、下载agent for windows软件

进入Zabbix Agents下载页面,选择Windows amd64架构的版本,如下:

zabbixwindows01

3、安装agent for windows软件(Windows 2008R2)

下载后,将安装包上心至被监控主机中,然后在C盘目录下新建文件夹zabbix_agent,再将安装包中的zabbix_agentd.exe和zabbix_agentd.win.conf文件复制到c:\zabbix_agent文件夹中,如下图

zabbixwindows02

开始编辑配置文件zabbix_agentd.win.conf,右键选择打开,选择使用记事本打开

zabbixwindows03

主要完成以下几项的修改:

EnableRemoteCommands=1          //来至zabbix服务器的远程命令是否允许被执行
Server=192.168.10.208                //zabbix server地址,用于被动模式,数据获取
ServerActive=192.168.10.208       //主动发送的zabbix server地址,用于主动模式,数据提交
Hostname=WIN-9UI6G0K748R      //和创建主机时的hostname一致
UnsafeUserParameters=1             //启用自定义key,zabbix监控mysql、tomcat等数据时需要自定义key

完成后保存退出。

开始安装,在命令行界面中以服务的形式安装 Zabbix Windows agent,如下:

c:\zabbix_agent>c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -i
zabbix_agentd.exe [4532]: service [Zabbix Agent] installed successfully
zabbix_agentd.exe [4532]: event source [Zabbix Agent] installed successfully

c:\zabbix_agent>

zabbixwindows04

进入WINDOWS服务界面,对Zabbix Agent进行编辑,点击“启动”按扭,启动类型为“自动”,如下图。

zabbixwindows05

4、安装agent for windows软件(Windows 2012)

WINDOWS 2012和2008R2的安装方法基本相同,先关闭防火墙或在防火中上打开TCP和R 10050端口,然后先将安装包中的zabbix_agentd.exe和zabbix_agentd.win.conf文件复制到c:\zabbix_agent文件夹中,如下图:

zabbixwindows08

开始编辑配置文件zabbix_agentd.win.conf,右键选择打开,选择使用记事本打开,主要完成以下几项的修改:

EnableRemoteCommands=1          //来至zabbix服务器的远程命令是否允许被执行
Server=192.168.10.208                //zabbix server地址,用于被动模式,数据获取
ServerActive=192.168.10.208       //主动发送的zabbix server地址,用于主动模式,数据提交
Hostname=WIN-9UI6G0K748R      //和创建主机时的hostname一致
UnsafeUserParameters=1             //启用自定义key,zabbix监控mysql、tomcat等数据时需要自定义key

完成后保存退出。

开始安装,在命令行界面中以服务的形式安装 Zabbix Windows agent,如下:

Microsoft Windows [版本 6.3.9600]
(c) 2013 Microsoft Corporation。保留所有权利。

C:\Users\Administrator>c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -i
zabbix_agentd.exe [3756]: service [Zabbix Agent] installed successfully
zabbix_agentd.exe [3756]: event source [Zabbix Agent] installed successfully

C:\Users\Administrator>

zabbixwindows09

安装、卸载、启动等参数说明:

c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -i
c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -s
c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -x
c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -d

-c:指定配置文件所有位置
-i:安装客户端
-s:启动客户端
-x:停止客户端
-d:卸载客户端

开始启动服务,和WIN2008R2一样,打开2012的服务窗口,在最后找到Zabbix Agent的服务名称,右键属性,启动类型选择“自动”,并点击“启动”按扭,如下:

zabbixwindows10

5、将主机添加至zabbix server平台

首先添加WIN2008R2的主机,打开zabbix server主界面,选择“配置‘->”主机“,点击右上角的”创建“按扭,创建一台主机,如下图

agentinstall06

输入主机名称和可见的名称,群组选择系统默认的Server hardware,agent代理接口IP设置刚才安装agent的主机192.168.10.210,端口默认10050,如下图:

zabbixwindows06

再选择”模板“选项栏,链接指示器里选择”Template OS Windows“,点击添加,最后点击蓝底添加按扭,完成添加。

zabbixwindows07

WIN2012的主机添加方法与2008R2的相同,添加后,等待5分钟左右,即可看到可用性一栏中的ZBX已经变绿,证明监控平台已经监控到两台WINDOWS主机,如下图。

zabbixwindows11

参考文章:https://www.zabbix.com/documentation/4.0/zh/manual/concepts/agent