开源堡垒机GateOne的安装、配置笔记

因为内部临时需要这么一套系统，所以搜搜查查，搞定了系统部署，使用pam认证的配置。

系统初始化是使用CentOS 6.5 Mini x64版本。

 

首先exports http_proxy和https_proxy，做好上网准备。

 

其次查看下安装需求。

http://liftoff.github.io/GateOne/About/index.html#prerequisites

 

这里有相关的包下载：

https://github.com/liftoff/GateOne/downloads

 

yum install -y http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

yum update -y

 

yum install -y python-devel gcc dtach python-pip python-imaging python-kerberos

yum install -y https://github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm

cd /usr/local/src

git clone https://github.com/liftoff/GateOne.git

 

cd GateOne

python setup.py isntall

 

service gateone start

service gateone stop

 

vi /etc/gateone/conf.d/10server.conf

 

origins = ["x.x.x.x"]

address = "x.x.x.x"

https_redirect = True

 

vi /etc/gateone/conf.d/20authentication.conf

auth = "pam"

pam_realm = "AccessGateway1"

pam_service = "gateone"

 

vi /etc/sysconfig/iptables

增加80和443端口

service iptables reload

 

nohup python gateone.py &

 

在Safari下无法使用，报错如下：

The WebSocket connection was closed. Will attempt to reconnect every 5 seconds...

NOTE: Some web proxies do not work properly with WebSockets.

 

PC和Android中的Chrome正常。

 

vi /etc/pam.d/gateone

#%PAM-1.0

# Login using a htpasswd file

#@include common-sessionauth

required pam_pwdfile.so          pwdfile=/etc/gateone/passwd

required pam_permit.so

 

auth = "pam"

pam_realm = "AccessGateway1"

pam_service = "gateone"

 

https://github.com/liftoff/GateOne/issues/118

这里提到是PyPAM，别安装错了。

yum install git pam-devel pam PyPAM pam-devel

git https://github.com/tiwe-de/libpam-pwdfile.git

make && make install

ln /lib/security/pam_pwdfile.so /lib64/security/pam_pwdfile.so

 

密码生成用在线工具就行，记得选择Crypt方式：http://tool.oschina.net/htpasswd

将生成的信息加入密码文件就行。

vi /etc/gateone/passwd

[Go]

cry:Wk463N25YHOqs

[Esc]

[:wq]