RASP | 从0到1给企业安装JRASP
2022-6-3 12:3:2 Author: mp.weixin.qq.com(查看原文) 阅读量:7 收藏

1.系统安装

    jrasp系统各个组件,均提供一键部署的脚本,免去各种复杂环境配置,降低运维安装压力。全部安装过程大约耗时30分钟

## jdk8安装

http://www.jrasp.com/developer/software.html 

## 安装zookeeper集群

节点1: 10.8.0.4(内网) 4c8g30g
节点2: 10.8.0.5(内网) 4c8g30g
节点3: 10.8.0.6(内网) 4c8g30g

一键安装脚本

## 下载解压mkdir -p /opt/zookeeper;mkdir -p /tmp/zookeeper; wget https://repo.huaweicloud.com/apache/zookeeper/zookeeper-3.7.0/apache-zookeeper-3.7.0-bin.tar.gz;tar -zxvf apache-zookeeper-3.7.0-bin.tar.gz -C /opt/zookeeper;       mkdir -p /opt/zookeeper;mkdir -p /tmp/zookeeper;        ## 配置zoo.cfgcat << EOF > /opt/zookeeper/apache-zookeeper-3.7.0-bin/conf/zoo.cfg;tickTime=2000initLimit=10syncLimit=5dataDir=/tmp/zookeeperclientPort=2181server.1=10.8.0.4:2888:3888server.2=10.8.0.5:2888:3888server.3=10.8.0.6:2888:3888EOF## myidcat << EOF > /tmp/zookeeper/myid;1EOF##  自动拉起与开启启动       cat << EOF > /usr/lib/systemd/system/zookeeper.service;[Unit]Description=Zookeeper server manager
[Service]Type=forkingEnvironment=JAVA_HOME=/usr/local/java/jdk1.8.0_181ExecStart=/opt/zookeeper/apache-zookeeper-3.7.0-bin/bin/zkServer.sh startExecStop=/opt/zookeeper/apache-zookeeper-3.7.0-bin/bin/zkServer.sh stopExecReload=/opt/zookeeper/apache-zookeeper-3.7.0-bin/bin/zkServer.sh restartRestart=always
[Install]WantedBy=multi-user.targetEOF
systemctl daemon-reloadsystemctl enable zookeepersystemctl start zookeepersystemctl stop zookeepersystemctl restart zookeepersystemctl status zookeeper

(复制上面的命令在终端执行即可)

  • 需要注意的是:/tmp/zookeeper/myid文件的节点编号每个节点不一样,依次为

    1、2、3

  • 安装结果验证:观察 /opt/zookeeper/apache-zookeeper-3.7.0-bin/logs/zookeeper--server-{机器名称}.log  是否有错误日志,没有就是安装成功。

## 安装kafka集群(与zk在同一机器上)

## 下载解压mkdir -p /opt/kafka;        wget https://repo.huaweicloud.com/apache/kafka/2.8.0/kafka_2.13-2.8.0.tgz;tar -zxvf kafka_2.13-2.8.0.tgz -C /opt/kafka;## 配置server.propertiescat << EOF > /opt/kafka/kafka_2.13-2.8.0/config/server.properties;broker.id=1listeners=PLAINTEXT://10.8.0.4:9092advertised.listeners=PLAINTEXT://{公网ip}:9092num.network.threads=3num.io.threads=8socket.send.buffer.bytes=102400socket.receive.buffer.bytes=102400socket.request.max.bytes=104857600log.dirs=/tmp/kafka-logsnum.partitions=1num.recovery.threads.per.data.dir=1offsets.topic.replication.factor=1transaction.state.log.replication.factor=1transaction.state.log.min.isr=1log.retention.hours=168log.segment.bytes=1073741824log.retention.check.interval.ms=300000zookeeper.connect=10.8.0.4:2181,10.8.0.5:2181,10.8.0.6:2181zookeeper.connection.timeout.ms=18000group.initial.rebalance.delay.ms=0EOF##  自动拉起与开启启动       cat << EOF > /usr/lib/systemd/system/kafka.service;[Unit]Description=kafka service
[Service]Type=simpleEnvironment=JAVA_HOME=/usr/local/java/jdk1.8.0_181ExecStart=/opt/kafka/kafka_2.13-2.8.0/bin/kafka-server-start.sh /opt/kafka/kafka_2.13-2.8.0/config/server.propertiesExecStop=/opt/kafka/kafka_2.13-2.8.0/bin/kafka-server-stop.shRestart=always
[Install]WantedBy=multi-user.targetEOF
systemctl daemon-reloadsystemctl enable kafkasystemctl stop kafka        systemctl start kafkasystemctl status kafka

执行上面的脚本前,请修改broker.id、listeners、advertised.listeners、zookeeper.connect为对应zk节点信息

  • broker.id 是节点编号依次为1、2、3

  • listeners 是该节点的内网地址

  • advertised.listeners 是该节点的外网地址

  • zookeeper.connect 是zk集群的节点内网地址

安装验证:查看各个节点的日志是否有错误信息:/opt/kafka/kafka_2.13-2.8.0/logs/server.log

创建 jrasp-daemon、jrasp-agent、jrasp-module 三个 topic

### topic 创建./kafka-topics.sh --zookeeper 10.8.0.4:2181,10.8.0.5:2181,10.8.0.6:2181 --create --topic jrasp-daemon --partitions 3 --replication-factor 3./kafka-topics.sh --zookeeper 10.8.0.4:2181,10.8.0.5:2181,10.8.0.6:2181 --create --topic jrasp-agent --partitions 3 --replication-factor 3./kafka-topics.sh --zookeeper 10.8.0.4:2181,10.8.0.5:2181,10.8.0.6:2181 --create --topic jrasp-module --partitions 3 --replication-factor 3

误操作时执行:

./kafka-topics.sh --zookeeper 10.8.0.4:2181,10.8.0.5:2181,10.8.0.6:2181 --delete  --topic jrasp-daemon

## nacos 安装

整个公司机器数量在200台左右,单个节点可以支持

wget https://jrasp-daemon-1254321150.cos.ap-shanghai.myqcloud.com/nacos-server-2.0.3.tar.gz;tar -zxvf nacos-server-2.0.3.tar.gz -C /opt/;cd /opt/nacos/bin;sh startup.sh -m standalone

## 管理端安装 (目前不开放,联系我们免费获取)

## mysql 数据库安装初始化 mysql5.7
### 后台安装    springboot+ security
### 前端安装   antd design pro +nginx

## jrasp-agent 安装

## 安装包下载wget  https://jrasp-daemon-1254321150.cos.ap-shanghai.myqcloud.com/2022-05-05/1.0.4/jrasp-1.0.4.tar.gztar -xvf jrasp-1.0.4.tar.gz -C /usr/local/## 配置守护进程        cat << EOF > /usr/lib/systemd/system/jrasp-daemon.service[Unit]Description=jrasp-daemon service
[Service]Type=simpleWorkingDirectory=/usr/local/jrasp/binExecStart=/usr/local/jrasp/bin/startup.shExecStop=/usr/local/jrasp/bin/shutdown.shRestart=always
[Install]WantedBy=multi-user.targetEOF
## 设置开机启动与自动拉起systemctl daemon-reload;systemctl enable jrasp-daemon.service;systemctl stop jrasp-daemon.service;systemctl start jrasp-daemon.service;systemctl status jrasp-daemon.service;

## filebeat 一键安装

## 日志目录logDir=/usr/local/jrasp/logs## fileBeat 安装目录fileBeatHome=/opt/filebeatcd /opt/ && yum install wget -y && wget https://repo.huaweicloud.com/filebeat/7.9.1/filebeat-7.9.1-linux-x86_64.tar.gz;tar -zxvf filebeat-7.9.1-linux-x86_64.tar.gz -C /opt/ && mv filebeat-7.9.1-linux-x86_64 filebeat && rm -rf filebeat-7.9.1-linux-x86_64.tar.gz;cat << EOF > ${fileBeatHome}/filebeat.ymlfilebeat.inputs:- type: log  fields:        kafka_topic: "jrasp-daemon"  paths:    - ${logDir}/jrasp-daemon.log- type: log  fields:        kafka_topic: "jrasp-agent"  paths:    - ${logDir}/jrasp-agent.log- type: log  fields:        kafka_topic: "jrasp-module"  paths:    - ${logDir}/jrasp-module.logfilebeat.config.modules:  path: \${path.config}/modules.d/*.yml  reload.enabled: falsesetup.template.settings:  index.number_of_shards: 1output.kafka:  enabled: true  hosts: ["kafka_ip_1:9092","kafka_ip_2:9092","kafka_ip_3:9092"]  topic: '%{[fields.kafka_topic]}'processors:  - add_host_metadata:      when.not.contains.tags: forwarded  - add_cloud_metadata: ~  - add_docker_metadata: ~  - add_kubernetes_metadata: ~
processors:  - decode_json_fields:      fields: ['message']      target: ''      overwrite_keys: true  - drop_fields:      fields: ["host","agent","log","input","ecs","@timestamp"]
logging.level: infoEOF## systemctlcat << EOF > /usr/lib/systemd/system/filebeat.service[Unit]Description=filebeatWants=network-online.targetAfter=network-online.target[Service]User=rootExecStart=${fileBeatHome}/filebeat -c ${fileBeatHome}/filebeat.ymlRestart=always[Install]WantedBy=multi-user.targetEOFsystemctl daemon-reload && systemctl enable filebeat.service;systemctl stop filebeat.service && systemctl start filebeat.service;systemctl status filebeat.service;

2.管理端配置

安全总览

实例管理

主机详情

 (用户机器配置较高,一台上机器上安装较多服务)

策略配置

插件管理


  • 用户使用的web容器是 undertow,我们临时开发了这个插件 ;

  • 其他插件会陆续上线,增强系统安全能力,值得一提的是,新插件上线无需用户重启服务;

攻击日志

   测试环境目前安装了18台机器,稳定运行,漏洞测试拦截符合预期,用户反馈不错。

申请试用请联系:sear2022,提供技术支持。


文章来源: https://mp.weixin.qq.com/s?__biz=Mzg5MjQ1OTkwMg==&mid=2247484300&idx=1&sn=396f260ae094164471ac66770f4f6698&chksm=c03c8d9df74b048b829cdd7a0f026bd8bb7ee77b1696d6357982fc24882e8247276c068b3fa5&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh