长亭百川云 - 文章详情

长亭百川云

技术讨论漏洞库IP 威胁情报在线工具

RASP | 从0到1给企业安装JRASP

RASP安全技术

83

2024-07-13

原文链接

**1.系统安装
**

    jrasp系统各个组件,均提供一键部署的脚本,免去各种复杂环境配置,降低运维安装压力。全部安装过程大约耗时30分钟

## jdk8安装

http://www.jrasp.com/developer/software.html 

## 安装zookeeper集群

节点1: 10.8.0.4(内网) 4c8g30g 节点2: 10.8.0.5(`内网`) 4c8g30g 节点3: 10.8.0.6(`内网`) 4c8g30g

一键安装脚本

`## 下载解压``mkdir -p /opt/zookeeper;``mkdir -p /tmp/zookeeper;` `wget https://repo.huaweicloud.com/apache/zookeeper/zookeeper-3.7.0/apache-zookeeper-3.7.0-bin.tar.gz;``tar -zxvf apache-zookeeper-3.7.0-bin.tar.gz -C /opt/zookeeper;`       `mkdir -p /opt/zookeeper;``mkdir -p /tmp/zookeeper;`        `## 配置zoo.cfg``cat << EOF > /opt/zookeeper/apache-zookeeper-3.7.0-bin/conf/zoo.cfg;``tickTime=2000``initLimit=10``syncLimit=5``dataDir=/tmp/zookeeper``clientPort=2181``server.1=10.8.0.4:2888:3888``server.2=10.8.0.5:2888:3888``server.3=10.8.0.6:2888:3888``EOF``## myid``cat << EOF > /tmp/zookeeper/myid;``1``EOF``##  自动拉起与开启启动`       `cat << EOF > /usr/lib/systemd/system/zookeeper.service;``[Unit]``Description=Zookeeper server manager``   ``[Service]``Type=forking``Environment=JAVA_HOME=/usr/local/java/jdk1.8.0_181``ExecStart=/opt/zookeeper/apache-zookeeper-3.7.0-bin/bin/zkServer.sh start``ExecStop=/opt/zookeeper/apache-zookeeper-3.7.0-bin/bin/zkServer.sh stop``ExecReload=/opt/zookeeper/apache-zookeeper-3.7.0-bin/bin/zkServer.sh restart``Restart=always``   ``[Install]``WantedBy=multi-user.target``EOF``   ``systemctl daemon-reload``systemctl enable zookeeper``systemctl start zookeeper``systemctl stop zookeeper``systemctl restart zookeeper``systemctl status zookeeper`

(复制上面的命令在终端执行即可)

  • 需要注意的是:/tmp/zookeeper/myid文件的节点编号每个节点不一样,依次为

    1、2、3

  • 安装结果验证:观察 /opt/zookeeper/apache-zookeeper-3.7.0-bin/logs/zookeeper--server-{机器名称}.log  是否有错误日志,没有就是安装成功。

**## 安装kafka集群(与zk在同一机器上)
**

`## 下载解压``mkdir -p /opt/kafka;`        `wget https://repo.huaweicloud.com/apache/kafka/2.8.0/kafka_2.13-2.8.0.tgz;``tar -zxvf kafka_2.13-2.8.0.tgz -C /opt/kafka;``## 配置server.properties``cat << EOF > /opt/kafka/kafka_2.13-2.8.0/config/server.properties;``broker.id=1``listeners=PLAINTEXT://10.8.0.4:9092``advertised.listeners=PLAINTEXT://{公网ip}:9092``num.network.threads=3``num.io.threads=8``socket.send.buffer.bytes=102400``socket.receive.buffer.bytes=102400``socket.request.max.bytes=104857600``log.dirs=/tmp/kafka-logs``num.partitions=1``num.recovery.threads.per.data.dir=1``offsets.topic.replication.factor=1``transaction.state.log.replication.factor=1``transaction.state.log.min.isr=1``log.retention.hours=168``log.segment.bytes=1073741824``log.retention.check.interval.ms=300000``zookeeper.connect=10.8.0.4:2181,10.8.0.5:2181,10.8.0.6:2181``zookeeper.connection.timeout.ms=18000``group.initial.rebalance.delay.ms=0``EOF``##  自动拉起与开启启动`       `cat << EOF > /usr/lib/systemd/system/kafka.service;``[Unit]``Description=kafka service``   ``[Service]``Type=simple``Environment=JAVA_HOME=/usr/local/java/jdk1.8.0_181``ExecStart=/opt/kafka/kafka_2.13-2.8.0/bin/kafka-server-start.sh /opt/kafka/kafka_2.13-2.8.0/config/server.properties``ExecStop=/opt/kafka/kafka_2.13-2.8.0/bin/kafka-server-stop.sh``Restart=always``   ``[Install]``WantedBy=multi-user.target``EOF``   ``systemctl daemon-reload``systemctl enable kafka``systemctl stop kafka`        `systemctl start kafka``systemctl status kafka`

执行上面的脚本前,请修改broker.id、listeners、advertised.listeners、zookeeper.connect为对应zk节点信息

  • broker.id 是节点编号依次为1、2、3

  • listeners 是该节点的内网地址

  • advertised.listeners 是该节点的外网地址

  • zookeeper.connect 是zk集群的节点内网地址

安装验证:查看各个节点的日志是否有错误信息:/opt/kafka/kafka_2.13-2.8.0/logs/server.log

创建 jrasp-daemon、jrasp-agent、jrasp-module 三个 topic

`### topic 创建``./kafka-topics.sh --zookeeper 10.8.0.4:2181,10.8.0.5:2181,10.8.0.6:2181 --create --topic jrasp-daemon --partitions 3 --replication-factor 3``./kafka-topics.sh --zookeeper 10.8.0.4:2181,10.8.0.5:2181,10.8.0.6:2181 --create --topic jrasp-agent --partitions 3 --replication-factor 3``./kafka-topics.sh --zookeeper 10.8.0.4:2181,10.8.0.5:2181,10.8.0.6:2181 --create --topic jrasp-module --partitions 3 --replication-factor 3`

误操作时执行:

`./kafka-topics.sh --zookeeper 10.8.0.4:2181,10.8.0.5:2181,10.8.0.6:2181 --delete  --topic jrasp-daemon``   `

**## nacos 安装
**

整个公司机器数量在200台左右,单个节点可以支持

`wget https://jrasp-daemon-1254321150.cos.ap-shanghai.myqcloud.com/nacos-server-2.0.3.tar.gz;``tar -zxvf nacos-server-2.0.3.tar.gz -C /opt/;``cd /opt/nacos/bin;``sh startup.sh -m standalone`

## 管理端安装 (目前不开放,联系我们免费获取)

## mysql 数据库安装初始化 mysql5.7
### 后台安装    springboot+ security
### 前端安装   antd design pro +nginx

**## jrasp-agent 安装
**

`## 安装包下载``wget  https://jrasp-daemon-1254321150.cos.ap-shanghai.myqcloud.com/2022-05-05/1.0.4/jrasp-1.0.4.tar.gz``tar -xvf jrasp-1.0.4.tar.gz -C /usr/local/``## 配置守护进程`        `cat << EOF > /usr/lib/systemd/system/jrasp-daemon.service``[Unit]``Description=jrasp-daemon service``   ``[Service]``Type=simple``WorkingDirectory=/usr/local/jrasp/bin``ExecStart=/usr/local/jrasp/bin/startup.sh``ExecStop=/usr/local/jrasp/bin/shutdown.sh``Restart=always``   ``[Install]``WantedBy=multi-user.target``EOF``   ``## 设置开机启动与自动拉起``systemctl daemon-reload;``systemctl enable jrasp-daemon.service;``systemctl stop jrasp-daemon.service;``systemctl start jrasp-daemon.service;``systemctl status jrasp-daemon.service;``   `

**## filebeat 一键安装
**

`## 日志目录``logDir=/usr/local/jrasp/logs``## fileBeat 安装目录``fileBeatHome=/opt/filebeat``cd /opt/ && yum install wget -y && wget https://repo.huaweicloud.com/filebeat/7.9.1/filebeat-7.9.1-linux-x86_64.tar.gz;``tar -zxvf filebeat-7.9.1-linux-x86_64.tar.gz -C /opt/ && mv filebeat-7.9.1-linux-x86_64 filebeat && rm -rf filebeat-7.9.1-linux-x86_64.tar.gz;``cat << EOF > ${fileBeatHome}/filebeat.yml``filebeat.inputs:``- type: log`  `fields:`        `kafka_topic: "jrasp-daemon"`  `paths:`    `- ${logDir}/jrasp-daemon.log``- type: log`  `fields:`        `kafka_topic: "jrasp-agent"`  `paths:`    `- ${logDir}/jrasp-agent.log``- type: log`  `fields:`        `kafka_topic: "jrasp-module"`  `paths:`    `- ${logDir}/jrasp-module.log``filebeat.config.modules:`  `path: \${path.config}/modules.d/*.yml`  `reload.enabled: false``setup.template.settings:`  `index.number_of_shards: 1``output.kafka:`  `enabled: true`  `hosts: ["kafka_ip_1:9092","kafka_ip_2:9092","kafka_ip_3:9092"]`  `topic: '%{[fields.kafka_topic]}'``processors:`  `- add_host_metadata:`      `when.not.contains.tags: forwarded`  `- add_cloud_metadata: ~`  `- add_docker_metadata: ~`  `- add_kubernetes_metadata: ~``   ``processors:`  `- decode_json_fields:`      `fields: ['message']`      `target: ''`      `overwrite_keys: true`  `- drop_fields:`      `fields: ["host","agent","log","input","ecs","@timestamp"]``   ``logging.level: info``EOF``## systemctl``cat << EOF > /usr/lib/systemd/system/filebeat.service``[Unit]``Description=filebeat``Wants=network-online.target``After=network-online.target``[Service]``User=root``ExecStart=${fileBeatHome}/filebeat -c ${fileBeatHome}/filebeat.yml``Restart=always``[Install]``WantedBy=multi-user.target``EOF``systemctl daemon-reload && systemctl enable filebeat.service;``systemctl stop filebeat.service && systemctl start filebeat.service;``systemctl status filebeat.service;``   `

**2.管理端配置
**

安全总览

实例管理

**主机详情
**

 (用户机器配置较高,一台上机器上安装较多服务)

策略配置

插件管理

  • 用户使用的web容器是 undertow,我们临时开发了这个插件 ;

  • 其他插件会陆续上线,增强系统安全能力,值得一提的是,新插件上线无需用户重启服务;

攻击日志

   测试环境目前安装了18台机器,稳定运行,漏洞测试拦截符合预期,用户反馈不错。

申请试用请联系:sear2022,提供技术支持。

相关推荐
热门产品
雷池 WAF 社区版
IP 威胁情报
网站安全监测
百川漏扫服务
云堡垒机
百川云
技术文档
开发工具
漏洞库
网安百科
安全社区
CT STACK 安全社区
雷池社区版
XRAY 扫描工具
长亭科技
长亭科技官网
万众合作伙伴商城
长亭 BBS 论坛
友情链接
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服
Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2