Fast Deploy Two Open Source Bastion Server Projects - Webterminal and Jumpserver - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Sunday, June 28, 2020

Fast Deploy Two Open Source Bastion Server Projects - Webterminal and Jumpserver

I was looking for a secure way to manage my cloud infrastructure and found those two projects in Guihub. Both provide a web GUI to support major remote management protocols to connect to remote targets.

Bastion server (Jump Server) connects your VMs, your local computers, and cloud resources without exposing them to public network connections. This bastion server or jump server can be treated as a single audit point for logging access to the remote targets. Both jump servers and bastion hosts are considered weak points and careful attention must be given to keep them up to date and monitored.

Webterminal bastion server

Project address: https://jimmy201602.github.io/webterminal/

Webterminal implemented by django. This project focus on DevOps and Continuous Delivery. For now it support almost 90% remote management protocol such as vnc, ssh,rdp,telnet,sftp… It support a possiblity to monitor and recorded user action when user use this project to manage their server!You can also replay the user action such as like a video. Hope you enjoy it.

Run with docker
docker pull webterminal/webterminal
docker run -itd -p 80:80 -p 2100:2100 webterminal/webterminal
Login user & password
username: admin
password: password!23456
Successfully ran it in a VM only has 1vCPU and 1G RAM. Nice!
[node1] (local) [email protected] ~
docker run -itd -p 80:80 -p 2100:2100 webterminal/webterminal
Unable to find image 'webterminal/webterminal:latest' locally
latest: Pulling from webterminal/webterminal
5bed26d33875: Pulling fs layer 
f11b29a9c730: Pulling fs layer 
930bda195c84: Pulling fs layer 
78bf9a5ad49e: Waiting 
40bfa83ccba3: Waiting 
e0c622d8a177: Waiting 
a77fd2b28058: Pulling fs layer 
d23ecd878679: Waiting 
6396b0b41768: Waiting 
a0c3712d46f1: Pull complete 
5cf29e2c162f: Pull complete 
50fa1365dd0e: Pull complete 
df9b9e9a9ef4: Pull complete 
43b940435464: Pull complete 
8f805c3f9ffe: Pull complete 
c4b10cb83cab: Pull complete 
a6945596333f: Pull complete 
1b3ded0589ee: Pull complete 
b09dd8cf0745: Pull complete 
c2d92b59414c: Pull complete 
218a54c37087: Pull complete 
36be31be50c2: Pull complete 
6fcad3ac8e8e: Pull complete 
2eb58f11f849: Pull complete 
f1d9848986dd: Pull complete 
dbc8d56aa423: Pull complete 
199643251bfe: Pull complete 
606c39648549: Pull complete 
938714a329ae: Pull complete 
9db62e071241: Pull complete 
45109cc2cdf6: Pull complete 
f7ebbe9a19f6: Pull complete 
730f510e852c: Pull complete 
e9d93fd1fb19: Pull complete 
Digest: sha256:b7d3e783ec7ba021bf35d5da4dbca2f98319dc458f1b1160b6ef9ad4f62c4fe3
Status: Downloaded newer image for webterminal/webterminal:latest
558ff7acc25f22f0078bb644aad30b26875b3b52fb3c191ed2a37fcbad25e621
[node1] (local) [email protected] ~
Login Page:





Quick Configuration Steps:

1  add new credential


2  Add New Server


3  Add into a server group


4  Add new permission list


5  Connect

6  Check video recording


Saved session media files at this folder: /opt/webterminal/media

[opc@centos7-webterminal ~]$ sudo -i
[root@centos7-webterminal ~]# docker ps
CONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS              PORTS                                        NAMES
d6b4d1d991e9        webterminal/webterminal   "/docker-entrypoint.…"   2 weeks ago         Up 2 weeks          0.0.0.0:80->80/tcp, 0.0.0.0:2100->2100/tcp   charming_leakey
[root@centos7-webterminal ~]# docker exec -it charming_leakey /bin/bash
root@d6b4d1d991e9:/opt/webterminal# find . -type f -size +10000 -exec ls -lh {} \;
-r--r--r--. 1 root root 160M Apr  5 02:38 ./.git/objects/pack/pack-c5eb40daf95c7bcc45e9a967a09f40a577a762c0.pack
-rw-r--r--. 1 root root 8.5M Apr  5 02:38 './helper/Webterminal Helper.deb'
-rw-r--r--. 1 root root 23M Apr  5 02:38 './helper/Webterminal Helper.dmg'
-rwxr-xr-x. 1 root root 6.5M Apr  5 02:38 './helper/Webterminal Helper.exe'
-rw-r--r--. 1 root root 24M Apr  5 02:38 ./screenshots/screenshotsmac.gif
-rw-r--r--. 1 root root 5.5M Apr  5 02:38 ./screenshots/screenshotvnc.gif
-rw-r--r--. 1 root root 5.0M Apr  5 02:38 ./static/plugins/datatables/datatables.js
-rw-------. 1 root root 14M Jul 15 12:04 ./media/2020-7-15/bfe85783-c377-4302-9e86-89c1cabec1d4
-rw-------. 1 root root 14M Jul 15 12:04 ./media/2020-7-15/bfe85783-c377-4302-9e86-89c1cabec1d4.1
root@d6b4d1d991e9:/opt/webterminal# cd ./media/
root@d6b4d1d991e9:/opt/webterminal/media# ls
2020-6-30  2020-7-15  admin
root@d6b4d1d991e9:/opt/webterminal/media# pwd
/opt/webterminal/media
root@d6b4d1d991e9:/opt/webterminal/media#




Jumpserver

Before installation, it will check if your machine has at least 2 vCPU and 4G RAM. That is the minimal requirement.

One-click installation of JumpServer

curl -sSL https://github.com/jumpserver/jumpserver/releases/download/2.0.1/quick_start.sh | sh


Container Deployment Command.
docker run --name jms_all -d \
  -p 80:80 -p 2222:2222 \
  -e SECRET_KEY=$SECRET_KEY \
  -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \
  jumpserver/jms_all:latest
Unfortunately, during my test, I could not access docker's Web site although it was running successfully in Docker.
Default username / password : admin /admin

Dashboard




Configuration Steps:
1  Create Assets - admin users

2  Create Assets - system user

3  Create Assets - Assets

4  Create  Permissions - Asset Permissions

5  RDP / SSH Connections - Sessions - Web terminal

6  Sftp - Sessions - File manager

7  Recording : Sessions - Sessions


YouTube video:


References









No comments:

Post a Comment