260126-堡垒机配置记录

修改ssh端口

# 修改ssh端口
vi /etc/ssh/sshd_config
# 允许SELinux白名单
root@JumpServer:/home/jumpserver# semanage port -a -t ssh_port_t -p tcp 1999
root@JumpServer:/home/jumpserver# semanage port -l | grep ssh
ssh_port_t                     tcp      1999, 22
# 重启sshd
systemctl restart sshd

关闭webconsole

# 关闭Web console
systemctl stop cockpit.socket
systemctl disable cockpit.socket
systemctl mask cockpit.socket
firewall-cmd --permanent --remove-service=cockpit
firewall-cmd --reload

license缺库

sudo ln -s /lib64/ld-linux-x86-64.so.2 /lib64/ld-lsb-x86-64.so.3

配置防火墙

sudo firewall-cmd --list-all
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
sudo firewall-cmd --zone=public --add-port=443/udp --permanent
sudo firewall-cmd --zone=public --add-port=1999/tcp --permanent
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="10.10.10.0/23" port port=27001-27003 protocol=tcp accept' --permanent
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="10.10.10.0/23" port port=28001-28003 protocol=tcp accept' --permanent
sudo firewall-cmd --reload

nginx

修改IP端口，重新设置部分解析