首页 > 代码库 > 开源堡垒机GateOne的安装、配置笔记

开源堡垒机GateOne的安装、配置笔记

因为内部临时需要这么一套系统,所以搜搜查查,搞定了系统部署,使用pam认证的配置。
系统初始化是使用CentOS 6.5 Mini x64版本。
 
首先exports http_proxy和https_proxy,做好上网准备。
 
其次查看下安装需求。
http://liftoff.github.io/GateOne/About/index.html#prerequisites
 
这里有相关的包下载:
https://github.com/liftoff/GateOne/downloads
 
yum install -y http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum update -y
 
yum install -y python-devel gcc dtach python-pip python-imaging python-kerberos
yum install -y https://github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm
cd /usr/local/src
git clone https://github.com/liftoff/GateOne.git
 
cd GateOne
python setup.py isntall
 
service gateone start
service gateone stop
 
vi /etc/gateone/conf.d/10server.conf
 
origins = ["x.x.x.x"]
address = "x.x.x.x"
https_redirect = True
 
vi /etc/gateone/conf.d/20authentication.conf
auth = "pam"
pam_realm = "AccessGateway1"
pam_service = "gateone"
 
vi /etc/sysconfig/iptables
增加80和443端口
service iptables reload
 
nohup python gateone.py &
 
在Safari下无法使用,报错如下:
The WebSocket connection was closed. Will attempt to reconnect every 5 seconds...
NOTE: Some web proxies do not work properly with WebSockets.
 
PC和Android中的Chrome正常。
 
vi /etc/pam.d/gateone
#%PAM-1.0
# Login using a htpasswd file
#@include common-sessionauth
required pam_pwdfile.so          pwdfile=/etc/gateone/passwd
required pam_permit.so
 
auth = "pam"
pam_realm = "AccessGateway1"
pam_service = "gateone"
 
https://github.com/liftoff/GateOne/issues/118
这里提到是PyPAM,别安装错了。
yum install git pam-devel pam PyPAM pam-devel
git https://github.com/tiwe-de/libpam-pwdfile.git
make && make install
ln /lib/security/pam_pwdfile.so /lib64/security/pam_pwdfile.so
 
密码生成用在线工具就行,记得选择Crypt方式:http://tool.oschina.net/htpasswd
将生成的信息加入密码文件就行。
vi /etc/gateone/passwd
[Go]
cry:Wk463N25YHOqs
[Esc]
[:wq] 

开源堡垒机GateOne的安装、配置笔记