后臺系統中如何設置系統壁壘？

主機管理+堡壘機系統開發：審計回顧（八）

一、創建用戶并授權

1、創建用戶、設置密碼

[root@localhost CrazyEye]useradd audit

[root@localhost CrazyEye]# passwd audit

Changing password for user audit.

New password:

BAD PASSWORD: The password is shorter than 8 characters

Retype new password:

passwd: all authentication tokens updated successfully.

2、sudoers授權

$cat /etc/sudoers

%crazy_audit ALL=NOPASSWD:ALL #/usr/bin/strace,/usr/bin/python3

3、給文件夾授權

chown -R audit.audit /opt/CrazyEye/

二、安裝必要工具

1、安裝sshpass

curl -O -L http://downloads.sourceforge.net/project/sshpass/sshpass/1.06/sshpass-1.06.tar.gz

tar xvzf sshpass-1.06.tar.gz

cd sshpass-1.06

./configure

make && sudo make install

2、安裝django

[root@localhost CrazyEye]# su audit

[audit@localhost CrazyEye]$ pwd

/usr/local/Python-3.5.3/bin

./pip3 install --upgrade pip

./pip3 install django -i http://pypi.douban.com/simple --trusted-host pypi.douban.com

3、后臺授權機器

三、實戰測試

1、啟動程序

[audit@localhost CrazyEye]$ pwd

/opt/CrazyEye

[audit@localhost CrazyEye]$ python manage.py runserver 0.0.0.0:9000

2、登陸截圖

1、登陸堡壘機

2、連接到目標主機

3、目標主機操作命令

3、部分日志