Delete 0.3.1 version code

Dockerfile

-FROM alpine
-MAINTAINER xRain <xrain@simcu.com>
-RUN apk add --update openssh sshpass python py-mysqldb py-psutil py-crypto && \
-	rm -rf /var/cache/apk/* 
-COPY . /jumpserver
-WORKDIR /jumpserver
-RUN python /jumpserver/install/docker/get-pip.py && \
- 	pip install -r /jumpserver/install/docker/piprequires.txt && \
-	 rm -rf /jumpserver/docs && \
- 	cp /jumpserver/install/docker/run.sh /run.sh && \
-  	rm -rf /etc/motd && chmod +x /run.sh && \
-  	rm -rf /jumpserver/keys && \
-  	rm -rf /jumpserver/logs && \
-  	rm -rf /home && \
-  	rm -rf /etc/ssh && \
-  	rm -rf /etc/shadow && \
-  	rm -rf /etc/passwd && \
-  	cp -r /jumpserver/install/docker/useradd /usr/sbin/useradd && \
-  	cp -r /jumpserver/install/docker/userdel /usr/sbin/userdel && \
-  	chmod +x /usr/sbin/useradd && \
-  	chmod +x /usr/sbin/userdel && \
-  	mkdir -p /data/home && \
-  	mkdir -p /data/logs && \
-  	mkdir -p /data/keys && \
-  	mkdir -p /data/ssh && \
-  	cp -r /jumpserver/install/docker/shadow /data/shadow && \
-  	cp -r /jumpserver/install/docker/passwd /data/passwd && \
-  	ln -s /data/logs /jumpserver/logs && \
-  	ln -s /data/keys /jumpserver/keys && \
-  	ln -s /data/home /home && \
-  	ln -s /data/ssh /etc/ssh && \
-  	ln -s /data/passwd /etc/passwd && \
-  	ln -s /data/shadow /etc/shadow && \
-  	chmod -R 777 /jumpserver
-VOLUME /data
-EXPOSE 80 22
-CMD /run.sh

README.md

-## 写在前面
- - 版本号变更 2.0 -> 0.2版本 3.0 -> 0.3版本
-
-#欢迎使用Jumpserver
-**Jumpserver** 是一款由python编写开源的跳板机(堡垒机)系统，实现了跳板机应有的功能。基于ssh协议来管理，客户端无需安装agent。
-支持常见系统:
- 1. CentOS, RedHat, Fedora, Amazon Linux
- 2. Debian
- 3. SUSE, Ubuntu
- 4. FreeBSD
- 5. 其他ssh协议硬件设备
-
-###截图：
-
-首页
- 
-![webterminal](https://github.com/ibuler/static/raw/master/jumpserver3/index.jpg)
-
-WebTerminal:
-
-![webterminal](https://github.com/ibuler/static/raw/master/jumpserver3/webTerminal.gif)
-
-Web批量执行命令
-
-![WebExecCommand](https://github.com/ibuler/static/raw/master/jumpserver3/webExec.gif)
-
-录像回放
-
-![录像](https://github.com/ibuler/static/raw/master/jumpserver3/record.gif)
-
-跳转和批量命令
-
-![跳转](https://github.com/ibuler/static/raw/master/jumpserver3/connect.gif)
-
-命令统计
-
-![跳转](https://github.com/ibuler/static/raw/master/jumpserver3/command.jpg)
-
-### 文档
-
-* [访问wiki](https://github.com/jumpserver/jumpserver/wiki)
-* [概览](https://github.com/jumpserver/jumpserver/wiki/%E6%A6%82%E8%A7%88)
-* [名词解释](https://github.com/jumpserver/jumpserver/wiki/%E5%90%8D%E8%AF%8D%E8%A7%A3%E9%87%8A)
-* [常见问题](https://github.com/jumpserver/jumpserver/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98)
-* 安装基于：[RedHat 的系统](https://github.com/jumpserver/jumpserver/wiki/%E5%9F%BA%E4%BA%8E-RedHat-%E7%9A%84%E7%B3%BB%E7%BB%9F)，[Debian 的系统](https://github.com/jumpserver/jumpserver/wiki/%E5%9F%BA%E4%BA%8E-Debian-%E7%9A%84%E7%B3%BB%E7%BB%9F)
-* [快速开始](https://github.com/jumpserver/jumpserver/wiki/%E5%BF%AB%E9%80%9F%E5%BC%80%E5%A7%8B)
-* [安装图解](https://github.com/jumpserver/jumpserver/wiki/%E5%AE%89%E8%A3%85%E5%9B%BE%E8%A7%A3)
-* [应用图解](https://github.com/jumpserver/jumpserver/wiki/%E5%BA%94%E7%94%A8%E5%9B%BE%E8%A7%A3)
-
-### 特点
-
-* 完全开源，GPL授权
-* Python编写，容易再次开发
-* 实现了跳板机基本功能，认证、授权、审计
-* 集成了Ansible，批量命令等
-* 支持WebTerminal
-* Bootstrap编写，界面美观
-* 自动收集硬件信息
-* 录像回放
-* 命令搜索
-* 实时监控
-* 批量上传下载
-
-### 其它
-
-[Jumpserver官网](http://www.jumpserver.org)
-
-[论坛](http://bbs.jumpserver.org)
-
-[demo站点](http://demo.jumpserver.org)
-
-交流群: 552054376
-
-### 团队
-
-![](https://github.com/ibuler/static/raw/master/jumpserver3/team.jpg)
-
-
-
-

docker-compose.yaml

-version: '2'
-services:
-  jumpserver:
-    build: .
-    container_name: jumpserver
-    restart: always
-    ports:
-      - "8888:80"
-      - "2222:22"
-    # environment:
-    #   - ENGINE=mysql
-    #   - MYSQL_HOST=192.168.64.5
-    #   - MYSQL_PORT=3306
-    #   - MYSQL_USER=root
-    #   - MYSQL_PASS=love1314
-    #   - MYSQL_NAME=jumpserver
-    #   - MAIL_ENABLED=false

docs/README.md

-快速安装
-------
-####环境
-	CentOS 6.x x86_64
-	iptables stop
-	selinux disable
-	
-	
-####开始
-**1. 安装git**
-    
-> yum -y install git
-	 
-**2. 下载jumpserver**
-	
-> git clone https://github.com/ibuler/jumpserver.git
-
-**3. 执行快速安装脚本**
-
-> cd jumpserver/install && python install.py
-
-
- *根据提示输入相关信息，完成安装，完成安装后，请访问web，继续查看后续文档*
-
-
-
-名词解释
-------
-
-
-* **用户** 用户是授权和登陆的主体，将来为每个员工建立一个账户，用来登录跳板机，
-  将资产授权给该用户，查看用户登陆记录命令历史等
-
-* **用户组** 多个用户可以组合成用户组，为了方便进行授权，可以将一个部门或几个用户
-  组建成用户组，在授权中使用组授权，该组中的用户拥有所有授权的主机权限
-
-* **资产** 资产通常是我们的服务器、网络设备等，将资产授权给用户，用户则会有权限登
-  录资产，执行命令等
-
-* **管理账户** 添加资产时需要添加一个管理账户，该账户是该资产上已有的有管理权限的用户，
-  如root，或者有 NOPASSWD: ALL sudo权限的用户，该管理账户用来向资产推送系统用户，
-  为系统用户添加sudo，获取资产的一些硬件信息
-
-* **资产组** 同用户组，是资产组成的集合，为了方便授权
-
-* **机房** 又称IDC，不解释
-
-* **Sudo** 这里的sudo其实是Linux中的sudo命令别名，一个sudo别名包含多个命令，
-  系统用户关联sudo就代表该系统用户有权限sudo执行这些命令
-
-* **系统用户** 系统用户是服务器上建立的一些真实存在的可以ssh登陆的用户,如 dev,
-  sa, dba等，系统用户可使用jumpserver推送到服务器上，也可以利用自己公司
-  的工具进行推送，授权时将用户、资产、系统用户关联起来则表明用户有权限登陆该资产的
-  这个系统用户 如：用户 **小明** 以 **dev** 系统用户登陆 **172.16.1.1**资产
-  
-* **授权规则** 授权规则是将 **资产** **系统用户** 和 **用户** 关联起来，用来完成授权。
-  这样用户就可以以某个系统用户账号登陆资产
-  
-* **日志审计** 
-	* **在线** 查看当前在线的用户(非web在线)，可以监控用户的命令执行，强制结束用户
-	  登录。
-	* **登录历史** 查看以往用户的登录历史，可以查看用户登陆操作的命令，可以回放用户
-	  执行命令的录像
-	* **命令记录** 查看用户批量执行命令的历史，包含执行命令的主机，执行的命令，执行的结果
-	
-	* **上传下载** 查看用户上传下载文件的记录
-	
-
-快速开始
-------
-
-##### 1. 添加用户
-**用户管理 - 查看用户 - 添加用户** 填写基本信息，完成用户添加
-
-	用户添加完成后，根据提示记住用户账号密码，换个浏览器登录下载key，
-	ssh登录jumpserver测试
-
-##### 2. 添加资产
-**资产管理 - 查看资产 - 添加资产** 填写基本信息，完成资产添加
-
-##### 3. 添加sudo
-**授权管理 - Sudo - 添加别名** 输入别名名称和命令，完成sudo添加
-
-##### 4. 添加系统用户
-**授权管理 - 系统用户 - 添加** 输入基本信息，完成系统用户添加
-
-##### 5. 推送系统用户
-**授权管理 - 推送** - 选择需要推送的资产或资产组完成推送
-
-	推送只支持服务器，使用密钥是指用户从跳板机跳转时使用key，反之使用密码，
-	授权时会检查推送记录，如果没有推送过则无法完成系统用户在该资产上的授权。
-	如果资产时网络设备，请不要选择密码和秘钥，模拟一下推送，目的是为了生成
-	推送记录。
-	
-##### 6. 添加授权规则
-**授权管理 - 授权规则 - 添加规则** 选择刚才添加的用户，资产，系统用户完成授权
-
-##### 7. 测试登录
-**用户下载key** 登录跳板机，会自动运行connect.py，根据提示登录服务器 
-
-**用户登陆web** 查看授权的主机，点击后面的链接，测试是否可以登录服务器
-
-##### 8. 监控和结束会话
-**日志审计 - 在线** 查看当前登录的用户登录情况，点击监控查看用户执行的命令，
-点击阻断，结束用户的会话
-
-##### 9. 查看历史记录
-**日志审计 - 登录历史** 查看登录历史,点击统计查看命令历史，点击回放查看录像
-
-##### 10. 执行命令
-同7 测试命令的执行，命令记录查看 批量执行命令的日志
-
-##### 11. 上传下载
-同7 测试文件的上传下载，日志审计 - 上传下载 查看上传下载记录
-
-
-
-
-
-
-
-
-
-
-
-
-	
\ No newline at end of file

docs/nginx-with-ssl-configuration.md

-# 使用Nginx搭建SSL配置
-
-跳板机是所有服务器的入口，所以，它的安全至关重要。因此，建议把`Jumpserver`搭建在内网环境中，并且加上SSL证书，保证数据传输的安全。
-
-## nginx的安装
-
-不同的操作系统及版本，安装方法都不太一样。我们以`Debian`为例。
-
-```
-apt-get update
-apt-get install -y nginx
-```
-
-更多安装示例请参考 [Nginx官方安装指南](https://www.nginx.com/resources/wiki/start/topics/tutorials/install/)
-
-## Nginx中的SSL的配置
-
-* 编辑 `/etc/nginx/sites-enabled/default` 或者指定的`Jumpserver`的配置文件
-
-* 示例如下
-
-```
-server {
-  listen              443;
-  listen              80;
-  server_name         YOUR_DOMAIN;
-  ssl_certificate     YOUR_DOMAIN_CRT;
-  ssl_certificate_key YOUR_DOMAIN_KEY;
-  ssl_protocols	TLSv1 TLSv1.1 TLSv1.2;
-  ssl_ciphers	HIGH:!aNULL:!MD5;
-  ssl_prefer_server_ciphers on;
-  ssl on ;
-
-  if ($ssl_protocol = "") {
-    rewrite ^ https://$host$request_uri? permanent;
-  }
-
-  location / {
-    proxy_set_header Connection "";
-    proxy_http_version 1.1;
-    proxy_pass      http://JUMPSERVER_HOST:WEB_PORT;
-  }
-
-  location /_ws/ {
-    keepalive_timeout 600s;
-    send_timeout 600s;
-    proxy_connect_timeout 7d;
-    proxy_send_timeout 7d;
-    proxy_read_timeout 7d;
-    rewrite ^/_ws(/.*)$ $1 break;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_pass      http://JUMPSERVER_HOST:WS_PORT;
-  }
-}
-
-```
-
-* 请替换如下表格的关键字
-
-
-关键字  		 		| 示例          					| 说明
-------------- 		| -------------					|-------
-`YOUR_DOMAIN`  		|  example.com 					| `Jumpserver`的域名
-`YOUR_DOMAIN_CRT`  	| /etc/nginx/certs/example.crt	| SSL证书的CRT文件
-`YOUR_DOMAIN_KEY`  	| /etc/nginx/certs/example.key	| SSL证书的KEY文件
-`JUMPSERVER_HOST`  	| 127.0.0.1						| `Jumpserver`服务器IP
-`WEB_PORT ` 		| 80							| `Jumpserver`网页监听端口
-`WS_PORT `  		| 3000							| websocket端口，`Jumpserver` 默认为3000
-
-* 此配置会强制使用`https`, 建议加上(即if判断的那三行)。
\ No newline at end of file

init.sh

-#!/bin/sh
-#
-
-trap '' SIGINT
-base_dir=$(dirname $0)
-
-export LANG='zh_CN.UTF-8'
-python $base_dir/connect.py
-
-exit

install/developer_doc.txt

-# coding: utf8
-
-Jumpserver开发者文档
-
-开发规范：
-  1. 遵守PE8规范  1) 命名规范  2) 导入模块规范 3) 空行规范 4) 长度规范
-  2. 缩进统一4个空格
-  3. 变量命名明了易懂多个单词下划线隔开
-  4. 注释到位
-
-
-框架说明：
-  1. 项目名称 Jumpserver
-  2. APP:
-       juser 			用户管理
-       jasset 			资产管理(设备管理)
-       jpermission 		授权管理
-       jlog				日志管理
-  3. connect.py 		用户登录入口程序
-  4. logs        		日志保存目录
-  5. jumpserver.conf 	配置文件
-  6. docs               文档目录
-  7. static             静态文件目录
-  8. templates          模板目录
-
-
-connect.py逻辑说明：
-  用户登录系统，运行该脚本，p调用get_user_host函数查看有权限的服务器ip
-  输入部分IP，verify_connect匹配该部分ip,如果是匹配到多个，就显示ip
-                                      匹配到0了就显示没有权限或者主机，
-                                      匹配到1个则继续
-  查询该服务器是否支持ldap 如果是，获得ldap用户密码登陆
-                         如果否，查询授权表，查看该服务器授权的系统用户，并返回对应账号密码，登陆
-  connect函数是登陆函数，采用paramiko 使用channel登陆，posix_shell 来完成交互，并记录日志
-  signal模块来完成窗口改变导致的tty大小随之改变
-  PyCrypt是对称加密类
\ No newline at end of file

install/docker/config_tmpl.conf

-[base]
-url = 
-key = 941enj9neshd1wes
-ip = 0.0.0.0
-port = 80
-log = debug
-
-[db]
-engine = __ENGINE__
-host = __MYSQL_HOST__
-port = __MYSQL_PORT__
-user = __MYSQL_USER__
-password = __MYSQL_PASS__
-database = __DATEBASE__
-
-[mail]
-mail_enable = __MAIL_ENABLED__
-email_host = __MAIL_HOST__
-email_port = __MAIL_PORT__
-email_host_user = __MAIL_USER__
-email_host_password = __MAIL_PASS__
-email_use_tls = __MAIL_USE_TLS__
-
-[connect]
-nav_sort_by = ip

install/docker/passwd

-root:x:0:0:root:/root:/bin/ash
-bin:x:1:1:bin:/bin:/sbin/nologin
-daemon:x:2:2:daemon:/sbin:/sbin/nologin
-adm:x:3:4:adm:/var/adm:/sbin/nologin
-lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
-sync:x:5:0:sync:/sbin:/bin/sync
-shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
-halt:x:7:0:halt:/sbin:/sbin/halt
-mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
-news:x:9:13:news:/usr/lib/news:/sbin/nologin
-uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
-operator:x:11:0:operator:/root:/bin/sh
-man:x:13:15:man:/usr/man:/sbin/nologin
-postmaster:x:14:12:postmaster:/var/spool/mail:/sbin/nologin
-cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
-ftp:x:21:21::/var/lib/ftp:/sbin/nologin
-sshd:x:22:22:sshd:/dev/null:/sbin/nologin
-at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
-squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
-xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
-games:x:35:35:games:/usr/games:/sbin/nologin
-postgres:x:70:70::/var/lib/postgresql:/bin/sh
-nut:x:84:84:nut:/var/state/nut:/sbin/nologin
-cyrus:x:85:12::/usr/cyrus:/sbin/nologin
-vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
-ntp:x:123:123:NTP:/var/empty:/sbin/nologin
-smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
-guest:x:405:100:guest:/dev/null:/sbin/nologin
-nobody:x:65534:65534:nobody:/:/sbin/nologin
\ No newline at end of file

install/docker/piprequires.txt

-#sphinx-me==0.3
-django==1.6
-#pycrypto==2.4.1
-paramiko==1.16.0
-ecdsa==0.13
-#MySQL-python==1.2.5
-#django-uuidfield==0.5.0
-#psutil==3.3.0
-xlsxwriter==0.7.7
-xlrd==0.9.4
-django-bootstrap-form==3.2
-tornado==4.3
-ansible==1.9.4
-pyinotify==0.9.6
-passlib==1.6.5
-argparse==1.4.0
-django-crontab==0.6.0
-django-smtp-ssl==1.0
-pyte==0.5.2

install/docker/run.sh

-#!/bin/sh
-cp -r /jumpserver/install/docker/config_tmpl.conf /jumpserver/jumpserver.conf
-if [ ! -n "${USE_MYSQL}" ]; then
-sed -i "s/__USE_MYSQL__/false/" /jumpserver/jumpserver.conf
-else
-sed -i "s/__USE_MYSQL__/true/" /jumpserver/jumpserver.conf
-sed -i "s/__MYSQL_HOST__/${MYSQL_HOST}/" /jumpserver/jumpserver.conf
-sed -i "s/__MYSQL_PORT__/${MYSQL_PORT}/" /jumpserver/jumpserver.conf
-sed -i "s/__MYSQL_USER__/${MYSQL_USER}/" /jumpserver/jumpserver.conf
-sed -i "s/__MYSQL_PASS__/${MYSQL_PASS}/" /jumpserver/jumpserver.conf
-sed -i "s/__MYSQL_NAME__/${MYSQL_NAME}/" /jumpserver/jumpserver.conf
-fi
-
-if [ ! -n "${MAIL_ENABLED}" ]; then
-sed -i "s/__MAIL_ENABLED__/false/" /jumpserver/jumpserver.conf
-else
-sed -i "s/__MAIL_ENABLED__/${MAIL_ENABLED}/" /jumpserver/jumpserver.conf
-sed -i "s/__MAIL_HOST__/${MAIL_HOST}/" /jumpserver/jumpserver.conf
-sed -i "s/__MAIL_PORT__/${MAIL_PORT}/" /jumpserver/jumpserver.conf
-sed -i "s/__MAIL_USER__/${MAIL_USER}/" /jumpserver/jumpserver.conf
-sed -i "s/__MAIL_PASS__/${MAIL_PASS}/" /jumpserver/jumpserver.conf
-fi
-if [ ! -n "${MAIL_USE_TLS}" ]; then
-sed -i "s/__MAIL_USE_TLS__/false/" /jumpserver/jumpserver.conf
-else
-sed -i "s/__MAIL_USE_TLS__/${MAIL_USE_TLS}/" /jumpserver/jumpserver.conf
-fi
-
-if [ ! -f "/etc/ssh/sshd_config" ]; then
-	cp -r /jumpserver/install/docker/sshd_config /etc/ssh/sshd_config
-fi
-if [ ! -f "/etc/ssh/ssh_host_rsa_key" ]; then
-  ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
-fi
-if [ ! -f "/etc/ssh/ssh_host_dsa_key" ]; then
-  ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
-fi
-if [ ! -f "/etc/ssh/ssh_host_ecdsa_key" ]; then
-  ssh-keygen -t ecdsa -b 521 -f /etc/ssh/ssh_host_ecdsa_key -N ''
-fi
-if [ ! -f "/etc/ssh/ssh_host_ed25519_key" ]; then
-  ssh-keygen -t ed25519 -b 1024 -f /etc/ssh/ssh_host_ed25519_key -N ''
-fi
-
-/usr/sbin/sshd -E /data/logs/jumpserver.log
-python /jumpserver/manage.py syncdb --noinput
-if [ ! -f "/home/init.locked" ]; then
-	python manage.py loaddata install/initial_data.yaml
-	date > /home/init.locked
-fi
-python /jumpserver/run_server.py >> /data/logs/jumpserver.log &
-chmod -R 777 /data/logs/jumpserver.log
-tail -f /data/logs/jumpserver.log

install/docker/shadow

-root:::0:::::
-bin:!::0:::::
-daemon:!::0:::::
-adm:!::0:::::
-lp:!::0:::::
-sync:!::0:::::
-shutdown:!::0:::::
-halt:!::0:::::
-mail:!::0:::::
-news:!::0:::::
-uucp:!::0:::::
-operator:!::0:::::
-man:!::0:::::
-postmaster:!::0:::::
-cron:!::0:::::
-ftp:!::0:::::
-sshd:!::0:::::
-at:!::0:::::
-squid:!::0:::::
-xfs:!::0:::::
-games:!::0:::::
-postgres:!::0:::::
-nut:!::0:::::
-cyrus:!::0:::::
-vpopmail:!::0:::::
-ntp:!::0:::::
-smmsp:!::0:::::
-guest:!::0:::::
-nobody:!::0:::::
\ No newline at end of file

install/docker/sshd_config

-#	$OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
-
-# This is the sshd server system-wide configuration file.  See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented.  Uncommented options override the
-# default value.
-
-#Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-# The default requires explicit activation of protocol 1
-#Protocol 2
-
-# HostKey for protocol version 1
-#HostKey /etc/ssh/ssh_host_key
-# HostKeys for protocol version 2
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 1h
-#ServerKeyBits 1024
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-# obsoletes QuietMode and FascistLogging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-#PermitRootLogin prohibit-password
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-
-#RSAAuthentication yes
-#PubkeyAuthentication yes
-PasswordAuthentication no
-ChallengeResponseAuthentication no
-
-# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile	.ssh/authorized_keys
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
-# similar for protocol version 2
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# RhostsRSAAuthentication and HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
-#PermitEmptyPasswords no
-
-# Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-#UsePAM no
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-#X11Forwarding no
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-#PrintMotd yes
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#UsePrivilegeSeparation sandbox
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# override default of no subsystems
-Subsystem	sftp	/usr/lib/ssh/sftp-server
-
-# the following are HPN related configuration options
-# tcp receive buffer polling. disable in non autotuning kernels
-#TcpRcvBufPoll yes
-
-# disable hpn performance boosts
-#HPNDisabled no
-
-# buffer size for hpn to non-hpn connections
-#HPNBufferSize 2048
-
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-#	X11Forwarding no
-#	AllowTcpForwarding no
-#	PermitTTY no
-#	ForceCommand cvs server
\ No newline at end of file

install/docker/useradd

-#!/bin/sh
-adduser $@
\ No newline at end of file

install/docker/userdel

-#!/bin/sh
-deluser --remove-home $3
\ No newline at end of file

install/initial_data.yaml

-- model: juser.user
-  pk: 5000
-  fields:
-    username: admin
-    name: admin
-    password: pbkdf2_sha256$20000$jBIDGPB2j5JT$orxqGgzzjzykColYm1BswPjgHOiERjZkcgkuVIkD2Hc=
-    email: admin@jumpserver.org
-    role: SU
-    is_active: 1

install/next.py

-#!/usr/bin/python
-# coding: utf-8
-
-import sys
-import os
-import django
-from django.core.management import execute_from_command_line
-import shlex
-import urllib
-import socket
-import subprocess
-
-
-jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__)))
-sys.path.append(jms_dir)
-
-os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
-if django.get_version() != '1.6':
-    setup = django.setup()
-
-from juser.user_api import db_add_user, get_object, User
-from install import color_print
-from jumpserver.api import get_mac_address, bash
-
-socket.setdefaulttimeout(2)
-
-
-class Setup(object):
-    """
-    安装jumpserver向导
-    """
-
-    def __init__(self):
-        self.admin_user = 'admin'
-        self.admin_pass = '5Lov@wife'
-
-    @staticmethod
-    def _pull():
-        color_print('开始更新jumpserver', 'green')
-        # bash('git pull')
-        try:
-            mac = get_mac_address()
-            version = urllib.urlopen('http://jumpserver.org/version/?id=%s' % mac)
-        except:
-            pass
-
-    def _input_admin(self):
-        while True:
-            print
-            admin_user = raw_input('请输入管理员用户名 [%s]: ' % self.admin_user).strip()
-            admin_pass = raw_input('请输入管理员密码: [%s]: ' % self.admin_pass).strip()
-            admin_pass_again = raw_input('请再次输入管理员密码: [%s]: ' % self.admin_pass).strip()
-
-            if admin_user:
-                self.admin_user = admin_user
-
-            if not admin_pass_again:
-                admin_pass_again = self.admin_pass
-
-            if admin_pass:
-                self.admin_pass = admin_pass
-
-            if self.admin_pass != admin_pass_again:
-                color_print('两次密码不相同请重新输入')
-            else:
-                break
-            print
-
-    @staticmethod
-    def _sync_db():
-        os.chdir(jms_dir)
-        execute_from_command_line(['manage.py', 'syncdb', '--noinput'])
-
-    def _create_admin(self):
-        user = get_object(User, username=self.admin_user)
-        if user:
-            user.delete()
-        db_add_user(username=self.admin_user, password=self.admin_pass, role='SU', name='admin', groups='',
-                    admin_groups='', email='admin@jumpserver.org', uuid='MayBeYouAreTheFirstUser', is_active=True)
-        cmd = 'id %s 2> /dev/null 1> /dev/null || useradd %s' % (self.admin_user, self.admin_user)
-        shlex.os.system(cmd)
-
-    @staticmethod
-    def _chmod_file():
-        os.chdir(jms_dir)
-        os.chmod('init.sh', 0755)
-        os.chmod('connect.py', 0755)
-        os.chmod('manage.py', 0755)
-        os.chmod('run_server.py', 0755)
-        os.chmod('service.sh', 0755)
-        os.chmod('logs', 0777)
-        os.chmod('keys', 0777)
-
-    @staticmethod
-    def _run_service():
-        cmd = 'bash %s start' % os.path.join(jms_dir, 'service.sh')
-        shlex.os.system(cmd)
-        print
-        color_print('安装成功，Web登录请访问http://ip:8000, 祝你使用愉快。\n请访问 https://github.com/jumpserver/jumpserver/wiki 查看文档', 'green')
-
-    def start(self):
-        print "开始安装Jumpserver ..."
-        self._pull()
-        self._sync_db()
-        self._input_admin()
-        self._create_admin()
-        self._chmod_file()
-        self._run_service()
-
-
-if __name__ == '__main__':
-    setup = Setup()
-    setup.start()

install/requirements.txt

-#sphinx-me==0.3
-django==1.6
-pycrypto==2.4.1
-paramiko==1.16.0
-ecdsa==0.13
-MySQL-python==1.2.5
-#django-uuidfield==0.5.0
-psutil==3.3.0
-xlsxwriter==0.7.7
-xlrd==0.9.4
-django-bootstrap-form==3.2
-tornado==4.3
-ansible==1.9.4
-pyinotify==0.9.6
-passlib==1.6.5
-argparse==1.4.0
-django-crontab==0.6.0
-django-smtp-ssl==1.0
-pyte==0.5.2

jasset/admin.py

-from django.contrib import admin
-
-# Register your models here.

jasset/forms.py

-# coding:utf-8
-from django import forms
-
-from jasset.models import IDC, Asset, AssetGroup
-
-
-class AssetForm(forms.ModelForm):
-
-    class Meta:
-        model = Asset
-
-        fields = [
-            "ip", "other_ip", "hostname", "port", "group", "username", "password", "use_default_auth",
-            "idc", "mac", "remote_ip", "brand", "cpu", "memory", "disk", "system_type", "system_version",
-            "cabinet", "position", "number", "status", "asset_type", "env", "sn", "is_active", "comment",
-            "system_arch"
-        ]
-
-
-class AssetGroupForm(forms.ModelForm):
-    class Meta:
-        model = AssetGroup
-        fields = [
-            "name", "comment"
-        ]
-
-
-class IdcForm(forms.ModelForm):
-    class Meta:
-        model = IDC
-        fields = ['name', "bandwidth", "operator", 'linkman', 'phone', 'address', 'network', 'comment']
-        widgets = {
-            'name': forms.TextInput(attrs={'placeholder': 'Name'}),
-            'network': forms.Textarea(
-                attrs={'placeholder': '192.168.1.0/24\n192.168.2.0/24'})
-        }
-
-

jasset/models.py

-# coding: utf-8
-
-import datetime
-from django.db import models
-from juser.models import User, UserGroup
-
-ASSET_ENV = (
-    (1, U'生产环境'),
-    (2, U'测试环境')
-    )
-
-ASSET_STATUS = (
-    (1, u"已使用"),
-    (2, u"未使用"),
-    (3, u"报废")
-    )
-
-ASSET_TYPE = (
-    (1, u"物理机"),
-    (2, u"虚拟机"),
-    (3, u"交换机"),
-    (4, u"路由器"),
-    (5, u"防火墙"),
-    (6, u"Docker"),
-    (7, u"其他")
-    )
-
-
-class AssetGroup(models.Model):
-    GROUP_TYPE = (
-        ('P', 'PRIVATE'),
-        ('A', 'ASSET'),
-    )
-    name = models.CharField(max_length=80, unique=True)
-    comment = models.CharField(max_length=160, blank=True, null=True)
-
-    def __unicode__(self):
-        return self.name
-
-
-class IDC(models.Model):
-    name = models.CharField(max_length=32, verbose_name=u'机房名称')
-    bandwidth = models.CharField(max_length=32, blank=True, null=True, default='', verbose_name=u'机房带宽')
-    linkman = models.CharField(max_length=16, blank=True, null=True, default='', verbose_name=u'联系人')
-    phone = models.CharField(max_length=32, blank=True, null=True, default='', verbose_name=u'联系电话')
-    address = models.CharField(max_length=128, blank=True, null=True, default='', verbose_name=u"机房地址")
-    network = models.TextField(blank=True, null=True, default='', verbose_name=u"IP地址段")
-    date_added = models.DateField(auto_now=True, null=True)
-    operator = models.CharField(max_length=32, blank=True, default='', null=True, verbose_name=u"运营商")
-    comment = models.CharField(max_length=128, blank=True, default='', null=True, verbose_name=u"备注")
-
-    def __unicode__(self):
-        return self.name
-
-    class Meta:
-        verbose_name = u"IDC机房"
-        verbose_name_plural = verbose_name
-
-
-class Asset(models.Model):
-    """
-    asset modle
-    """
-    ip = models.CharField(max_length=32, blank=True, null=True, verbose_name=u"主机IP")
-    other_ip = models.CharField(max_length=255, blank=True, null=True, verbose_name=u"其他IP")
-    hostname = models.CharField(unique=True, max_length=128, verbose_name=u"主机名")
-    port = models.IntegerField(blank=True, null=True, verbose_name=u"端口号")
-    group = models.ManyToManyField(AssetGroup, blank=True, verbose_name=u"所属主机组")
-    username = models.CharField(max_length=16, blank=True, null=True, verbose_name=u"管理用户名")
-    password = models.CharField(max_length=256, blank=True, null=True, verbose_name=u"密码")
-    use_default_auth = models.BooleanField(default=True, verbose_name=u"使用默认管理账号")
-    idc = models.ForeignKey(IDC, blank=True, null=True,  on_delete=models.SET_NULL, verbose_name=u'机房')
-    mac = models.CharField(max_length=20, blank=True, null=True, verbose_name=u"MAC地址")
-    remote_ip = models.CharField(max_length=16, blank=True, null=True, verbose_name=u'远控卡IP')
-    brand = models.CharField(max_length=64, blank=True, null=True, verbose_name=u'硬件厂商型号')
-    cpu = models.CharField(max_length=64, blank=True, null=True, verbose_name=u'CPU')
-    memory = models.CharField(max_length=128, blank=True, null=True, verbose_name=u'内存')
-    disk = models.CharField(max_length=1024, blank=True, null=True, verbose_name=u'硬盘')
-    system_type = models.CharField(max_length=32, blank=True, null=True, verbose_name=u"系统类型")
-    system_version = models.CharField(max_length=8, blank=True, null=True, verbose_name=u"系统版本号")
-    system_arch = models.CharField(max_length=16, blank=True, null=True, verbose_name=u"系统平台")
-    cabinet = models.CharField(max_length=32, blank=True, null=True, verbose_name=u'机柜号')
-    position = models.IntegerField(blank=True, null=True, verbose_name=u'机器位置')
-    number = models.CharField(max_length=32, blank=True, null=True, verbose_name=u'资产编号')
-    status = models.IntegerField(choices=ASSET_STATUS, blank=True, null=True, default=1, verbose_name=u"机器状态")
-    asset_type = models.IntegerField(choices=ASSET_TYPE, blank=True, null=True, verbose_name=u"主机类型")
-    env = models.IntegerField(choices=ASSET_ENV, blank=True, null=True, verbose_name=u"运行环境")
-    sn = models.CharField(max_length=128, blank=True, null=True, verbose_name=u"SN编号")
-    date_added = models.DateTimeField(auto_now=True, null=True)
-    is_active = models.BooleanField(default=True, verbose_name=u"是否激活")
-    comment = models.CharField(max_length=128, blank=True, null=True, verbose_name=u"备注")
-
-    def __unicode__(self):
-        return self.ip
-
-
-class AssetRecord(models.Model):
-    asset = models.ForeignKey(Asset)
-    username = models.CharField(max_length=30, null=True)
-    alert_time = models.DateTimeField(auto_now_add=True)
-    content = models.TextField(null=True, blank=True)
-    comment = models.TextField(null=True, blank=True)
-
-
-class AssetAlias(models.Model):
-    user = models.ForeignKey(User)
-    asset = models.ForeignKey(Asset)
-    alias = models.CharField(max_length=100, blank=True, null=True)
-
-    def __unicode__(self):
-        return self.alias

jasset/tests.py

-from django.test import TestCase
-
-# Create your tests here.

jasset/urls.py

-# coding:utf-8
-from django.conf.urls import patterns, include, url
-from jasset.views import *
-
-urlpatterns = patterns('',
-    url(r'^asset/add/$', asset_add, name='asset_add'),
-    url(r"^asset/add_batch/$", asset_add_batch, name='asset_add_batch'),
-    url(r'^asset/list/$', asset_list, name='asset_list'),
-    url(r'^asset/del/$', asset_del, name='asset_del'),
-    url(r"^asset/detail/$", asset_detail, name='asset_detail'),
-    url(r'^asset/edit/$', asset_edit, name='asset_edit'),
-    url(r'^asset/edit_batch/$', asset_edit_batch, name='asset_edit_batch'),
-    url(r'^asset/update/$', asset_update, name='asset_update'),
-    url(r'^asset/update_batch/$', asset_update_batch, name='asset_update_batch'),
-    url(r'^asset/upload/$', asset_upload, name='asset_upload'),
-    url(r'^group/del/$', group_del, name='asset_group_del'),
-    url(r'^group/add/$', group_add, name='asset_group_add'),
-    url(r'^group/list/$', group_list, name='asset_group_list'),
-    url(r'^group/edit/$', group_edit, name='asset_group_edit'),
-    url(r'^idc/add/$', idc_add, name='idc_add'),
-    url(r'^idc/list/$', idc_list, name='idc_list'),
-    url(r'^idc/edit/$', idc_edit, name='idc_edit'),
-    url(r'^idc/del/$', idc_del, name='idc_del'),
-)
\ No newline at end of file

jlog/admin.py

-from django.contrib import admin
-
-# Register your models here.

jlog/log_api.py

-# coding: utf-8
-
-
-from argparse import ArgumentParser, FileType
-from contextlib import closing
-from io import open as copen
-from json import dumps
-from math import ceil
-import datetime
-import time
-import re
-import os
-from os.path import basename, dirname, exists, join
-from struct import unpack
-from subprocess import Popen
-from sys import platform, prefix, stderr
-from tempfile import NamedTemporaryFile
-
-from jinja2 import FileSystemLoader, Template
-from jinja2.environment import Environment
-
-from jumpserver.api import BASE_DIR, logger
-from jlog.models import Log
-
-
-DEFAULT_TEMPLATE = join(BASE_DIR, 'templates', 'jlog', 'static.jinja2')
-rz_pat = re.compile(r'\x18B\w+\r\x8a(\x11)?')
-
-
-def escapeString(string):
-    string = rz_pat.sub('', string)
-    try:
-        string = string.encode('unicode_escape').decode('utf-8', 'ignore')
-    except (UnicodeEncodeError, UnicodeDecodeError):
-        string = string.decode('utf-8', 'ignore')
-    string = string.replace("'", "\\'")
-    string = '\'' + string + '\''
-    return string
-
-
-def getTiming(timef):
-    timing = None
-    with closing(timef):
-        timing = [l.strip().split(' ') for l in timef]
-        timing = [(int(ceil(float(r[0]) * 1000)), int(r[1])) for r in timing]
-    return timing
-
-
-def scriptToJSON(scriptf, timing=None):
-    ret = []
-
-    with closing(scriptf):
-        scriptf.readline()  # ignore first header line from script file
-        offset = 0
-        for t in timing:
-            dt = scriptf.read(t[1])
-            data = escapeString(dt)
-            # print ('###### (%s, %s)' % (t[1], repr(data)))
-            offset += t[0]
-            ret.append((data, offset))
-    return dumps(ret)
-
-
-def renderTemplate(script_path, time_file_path, dimensions=(24, 80), templatename=DEFAULT_TEMPLATE):
-    with copen(script_path, encoding='utf-8', errors='replace', newline='\r\n') as scriptf:
-    # with open(script_path) as scriptf:
-        with open(time_file_path) as timef:
-            timing = getTiming(timef)
-            json = scriptToJSON(scriptf, timing)
-
-    fsl = FileSystemLoader(dirname(templatename), 'utf-8')
-    e = Environment()
-    e.loader = fsl
-
-    templatename = basename(templatename)
-    rendered = e.get_template(templatename).render(json=json,
-                                                   dimensions=dimensions)
-
-    return rendered
-
-
-def renderJSON(script_path, time_file_path):
-    with copen(script_path, encoding='utf-8', errors='replace', newline='\r\n') as scriptf:
-    # with open(script_path) as scriptf:
-        with open(time_file_path) as timef:
-            timing = getTiming(timef)
-            ret = {}
-            with closing(scriptf):
-                scriptf.readline()  # ignore first header line from script file
-                offset = 0
-                for t in timing:
-                    dt = scriptf.read(t[1])
-                    offset += t[0]
-                    ret[str(offset/float(1000))] = dt.decode('utf-8', 'replace')
-    return dumps(ret)
-
-def kill_invalid_connection():
-    unfinished_logs = Log.objects.filter(is_finished=False)
-    now = datetime.datetime.now()
-    now_timestamp = int(time.mktime(now.timetuple()))
-
-    for log in unfinished_logs:
-        try:
-            log_file_mtime = int(os.stat('%s.log' % log.log_path).st_mtime)
-        except OSError:
-            log_file_mtime = 0
-
-        if (now_timestamp - log_file_mtime) > 3600:
-            if log.login_type == 'ssh':
-                try:
-                    os.kill(int(log.pid), 9)
-                except OSError:
-                    pass
-            elif (now - log.start_time).days < 1:
-                continue
-
-            log.is_finished = True
-            log.end_time = now
-            log.save()
-            logger.warn('kill log %s' % log.log_path)
-

jlog/models.py

-from django.db import models
-from juser.models import User
-import time
-
-
-class Log(models.Model):
-    user = models.CharField(max_length=20, null=True)
-    host = models.CharField(max_length=200, null=True)
-    remote_ip = models.CharField(max_length=100)
-    login_type = models.CharField(max_length=100)
-    log_path = models.CharField(max_length=100)
-    start_time = models.DateTimeField(null=True)
-    pid = models.IntegerField()
-    is_finished = models.BooleanField(default=False)
-    end_time = models.DateTimeField(null=True)
-    filename = models.CharField(max_length=40)
-    '''
-    add by liuzheng
-    '''
-    # userMM = models.ManyToManyField(User)
-    # logPath = models.TextField()
-    # filename = models.CharField(max_length=40)
-    # logPWD = models.TextField()  # log zip file's
-    # nick = models.TextField(null=True)  # log's nick name
-    # log = models.TextField(null=True)
-    # history = models.TextField(null=True)
-    # timestamp = models.IntegerField(default=int(time.time()))
-    # datetimestamp = models.DateTimeField(auto_now_add=True)
-
-
-    def __unicode__(self):
-        return self.log_path
-
-
-class Alert(models.Model):
-    msg = models.CharField(max_length=20)
-    time = models.DateTimeField(null=True)
-    is_finished = models.BigIntegerField(default=False)
-
-
-class TtyLog(models.Model):
-    log = models.ForeignKey(Log)
-    datetime = models.DateTimeField(auto_now=True)
-    cmd = models.CharField(max_length=200)
-
-
-class ExecLog(models.Model):
-    user = models.CharField(max_length=100)
-    host = models.TextField()
-    cmd = models.TextField()
-    remote_ip = models.CharField(max_length=100)
-    result = models.TextField(default='')
-    datetime = models.DateTimeField(auto_now=True)
-
-
-class FileLog(models.Model):
-    user = models.CharField(max_length=100)
-    host = models.TextField()
-    filename = models.TextField()
-    type = models.CharField(max_length=20)
-    remote_ip = models.CharField(max_length=100)
-    result = models.TextField(default='')
-    datetime = models.DateTimeField(auto_now=True)
-
-
-class TermLog(models.Model):
-    user = models.ManyToManyField(User)
-    logPath = models.TextField()
-    filename = models.CharField(max_length=40)
-    logPWD = models.TextField()  # log zip file's
-    nick = models.TextField(null=True)  # log's nick name
-    log = models.TextField(null=True)
-    history = models.TextField(null=True)
-    timestamp = models.IntegerField(default=int(time.time()))
-    datetimestamp = models.DateTimeField(auto_now_add=True)

jlog/tests.py

-from django.test import TestCase
-
-# Create your tests here.

jlog/urls.py

-# coding:utf-8
-from django.conf.urls import patterns, include, url
-from jlog.views import *
-
-urlpatterns = patterns('',
-                       url(r'^list/(\w+)/$', log_list, name='log_list'),
-                       url(r'^detail/(\w+)/$', log_detail, name='log_detail'),
-                       url(r'^history/$', log_history, name='log_history'),
-                       url(r'^log_kill/', log_kill, name='log_kill'),
-                       url(r'^record/$', log_record, name='log_record'),
-                      )
\ No newline at end of file

jperm/README.md

-# Jperm App
-
----
-
-### 模块 ansible_api 
-
-> 使用说明
-
-+ 依赖rpm安装包： ansible、 sshpass
-+ 依赖pip安装包： passlib
-+ 关于ansible配置： 需要启用配置文件(/etc/ansible/ansible.cfg)的 host_key_checking = False
-

jperm/admin.py

-from django.contrib import admin
-
-# Register your models here.

jperm/models.py

-import datetime
-
-from django.db import models
-from jasset.models import Asset, AssetGroup
-from juser.models import User, UserGroup
-
-
-class PermLog(models.Model):
-    datetime = models.DateTimeField(auto_now_add=True)
-    action = models.CharField(max_length=100, null=True, blank=True, default='')
-    results = models.CharField(max_length=1000, null=True, blank=True, default='')
-    is_success = models.BooleanField(default=False)
-    is_finish = models.BooleanField(default=False)
-
-
-class PermSudo(models.Model):
-    name = models.CharField(max_length=100, unique=True)
-    date_added = models.DateTimeField(auto_now=True)
-    commands = models.TextField()
-    comment = models.CharField(max_length=100, null=True, blank=True, default='')
-
-    def __unicode__(self):
-        return self.name
-
-
-class PermRole(models.Model):
-    name = models.CharField(max_length=100, unique=True)
-    comment = models.CharField(max_length=100, null=True, blank=True, default='')
-    password = models.CharField(max_length=512)
-    key_path = models.CharField(max_length=100)
-    date_added = models.DateTimeField(auto_now=True)
-    sudo = models.ManyToManyField(PermSudo, related_name='perm_role')
-
-    def __unicode__(self):
-        return self.name
-
-
-class PermRule(models.Model):
-    date_added = models.DateTimeField(auto_now=True)
-    name = models.CharField(max_length=100, unique=True)
-    comment = models.CharField(max_length=100)
-    asset = models.ManyToManyField(Asset, related_name='perm_rule')
-    asset_group = models.ManyToManyField(AssetGroup, related_name='perm_rule')
-    user = models.ManyToManyField(User, related_name='perm_rule')
-    user_group = models.ManyToManyField(UserGroup, related_name='perm_rule')
-    role = models.ManyToManyField(PermRole, related_name='perm_rule')
-
-    def __unicode__(self):
-        return self.name
-
-
-class PermPush(models.Model):
-    asset = models.ForeignKey(Asset, related_name='perm_push')
-    role = models.ForeignKey(PermRole, related_name='perm_push')
-    is_public_key = models.BooleanField(default=False)
-    is_password = models.BooleanField(default=False)
-    success = models.BooleanField(default=False)
-    result = models.TextField(default='')
-    date_added = models.DateTimeField(auto_now=True)
-

jperm/playbooks/add_init_users/add_users.yml

----
-
-- hosts: 'add_users_group'
-  gather_facts: no
-  tasks:
-    - name: add SA user
-      command: uname -a
-
-
-
-
-

jperm/playbooks/test.yml

----
-
-- hosts: test
-  gather_facts: no
-  tasks:
-    - name: just for test
-      command: uname -a
-
-

jperm/tests.py

-from django.test import TestCase
-
-# Create your tests here.

jperm/urls.py

-from django.conf.urls import patterns, include, url
-from jperm.views import *
-
-urlpatterns = patterns('jperm.views',
-                       url(r'^rule/list/$', perm_rule_list, name='rule_list'),
-                       url(r'^rule/add/$', perm_rule_add, name='rule_add'),
-                       url(r'^rule/detail/$', perm_rule_detail, name='rule_detail'),
-                       url(r'^rule/edit/$', perm_rule_edit, name='rule_edit'),
-                       url(r'^rule/del/$', perm_rule_delete, name='rule_del'),
-                       url(r'^role/list/$', perm_role_list, name='role_list'),
-                       url(r'^role/add/$', perm_role_add, name='role_add'),
-                       url(r'^role/del/$', perm_role_delete, name='role_del'),
-                       url(r'^role/detail/$', perm_role_detail, name='role_detail'),
-                       url(r'^role/edit/$', perm_role_edit, name='role_edit'),
-                       url(r'^role/push/$', perm_role_push, name='role_push'),
-                       url(r'^role/recycle/$', perm_role_recycle, name='role_recycle'),
-                       url(r'^role/get/$', perm_role_get, name='role_get'),
-                       url(r'^sudo/list/$', perm_sudo_list, name='sudo_list'),
-                       url(r'^sudo/add/$', perm_sudo_add, name='sudo_add'),
-                       url(r'^sudo/del/$', perm_sudo_delete, name='sudo_del'),
-                       url(r'^sudo/edit/$', perm_sudo_edit, name='sudo_edit'),
-                       )

jperm/utils.py

-# -*- coding: utf-8 -*-
-
-import os.path
-import shutil
-from paramiko import SSHException
-from paramiko.rsakey import RSAKey
-from jumpserver.api import mkdir
-from uuid import uuid4
-from jumpserver.api import CRYPTOR
-
-from jumpserver.api import logger
-
-
-from jumpserver.settings import KEY_DIR
-
-
-def get_rand_pass():
-    """
-    get a reandom password.
-    """
-    CRYPTOR.gen_rand_pass(20)
-
-
-def updates_dict(*args):
-    """
-    surport update multi dict
-    """
-    result = {}
-    for d in args:
-        result.update(d)
-    return result
-
-
-def gen_keys(key="", key_path_dir=""):
-    """
-    在KEY_DIR下创建一个 uuid命名的目录，
-    并且在该目录下 生产一对秘钥
-    :return: 返回目录名(uuid)
-    """
-    key_basename = "key-" + uuid4().hex
-    if not key_path_dir:
-        key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
-    private_key = os.path.join(key_path_dir, 'id_rsa')
-    public_key = os.path.join(key_path_dir, 'id_rsa.pub')
-    mkdir(key_path_dir, mode=755)
-    if not key:
-        key = RSAKey.generate(2048)
-        key.write_private_key_file(private_key)
-    else:
-        key_file = os.path.join(key_path_dir, 'id_rsa')
-        with open(key_file, 'w') as f:
-            f.write(key)
-            f.close()
-        with open(key_file) as f:
-            try:
-                key = RSAKey.from_private_key(f)
-            except SSHException, e:
-                shutil.rmtree(key_path_dir, ignore_errors=True)
-                raise SSHException(e)
-    os.chmod(private_key, 0644)
-
-    with open(public_key, 'w') as content_file:
-        for data in [key.get_name(),
-                     " ",
-                     key.get_base64(),
-                     " %s@%s" % ("jumpserver", os.uname()[1])]:
-            content_file.write(data)
-    return key_path_dir
-
-
-def trans_all(str):
-    if str.strip().lower() == "all":
-        return str.upper()
-    else:
-        return str
-
-if __name__ == "__main__":
-    print gen_keys()
-
-

jumpserver.conf

-[base]
-url = http://127.0.0.1
-key = 941enj9neshd1wes
-ip = 0.0.0.0
-port = 8000
-log = debug
-
-[db]
-engine = mysql
-host = 127.0.0.1
-port = 3306
-user = jumpserver
-password = mysql234
-database = jumpserver
-
-[mail]
-mail_enable = 1
-email_host = 
-email_port = 587
-email_host_user = 
-email_host_password = 
-email_use_tls = False
-email_use_ssl = False
-
-[connect]
-nav_sort_by = ip

jumpserver/context_processors.py

-from juser.models import User
-from jasset.models import Asset
-from jumpserver.api import *
-
-
-def name_proc(request):
-    user_id = request.user.id
-    role_id = {'SU': 2, 'GA': 1, 'CU': 0}.get(request.user.role, 0)
-    # role_id = 'SU'
-    user_total_num = User.objects.all().count()
-    user_active_num = User.objects.filter().count()
-    host_total_num = Asset.objects.all().count()
-    host_active_num = Asset.objects.filter(is_active=True).count()
-    request.session.set_expiry(3600)
-
-    info_dic = {'session_user_id': user_id,
-                'session_role_id': role_id,
-                'user_total_num': user_total_num,
-                'user_active_num': user_active_num,
-                'host_total_num': host_total_num,
-                'host_active_num': host_active_num,
-                }
-
-    return info_dic
-

jumpserver/models.py

-# coding: utf-8
-
-from django.db import models
-
-
-class Setting(models.Model):
-    name = models.CharField(max_length=100)
-    field1 = models.CharField(max_length=100, null=True, blank=True)
-    field2 = models.CharField(max_length=100, null=True, blank=True)
-    field3 = models.CharField(max_length=256, null=True, blank=True)
-    field4 = models.CharField(max_length=100, null=True, blank=True)
-    field5 = models.CharField(max_length=100, null=True, blank=True)
-
-    class Meta:
-        db_table = u'setting'
-
-    def __unicode__(self):
-        return self.name

jumpserver/tasks.py

-# -*- coding: utf-8 -*-
-
-from ansible.playbook import PlayBook
-from ansible import callbacks, utils
-
-
-def playbook_run(inventory, playbook, default_user=None, default_port=None, default_pri_key_path=None):
-    stats = callbacks.AggregateStats()
-    playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY)
-    runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY)
-    # run the playbook
-    print default_user, default_port, default_pri_key_path, inventory, playbook
-    if default_user and default_port and default_pri_key_path:
-        playbook = PlayBook(host_list=inventory,
-                            playbook=playbook,
-                            forks=5,
-                            remote_user=default_user,
-                            remote_port=default_port,
-                            private_key_file=default_pri_key_path,
-                            callbacks=playbook_cb,
-                            runner_callbacks=runner_cb,
-                            stats=stats,
-                            become=True,
-                            become_user='root')
-    else:
-        playbook = PlayBook(host_list=inventory,
-                            playbook=playbook,
-                            forks=5,
-                            callbacks=playbook_cb,
-                            runner_callbacks=runner_cb,
-                            stats=stats,
-                            become=True,
-                            become_user='root')
-    results = playbook.run()
-    print results
-    results_r = {'unreachable': [], 'failures': [], 'success': []}
-    for hostname, result in results.items():
-        if result.get('unreachable', 2):
-            results_r['unreachable'].append(hostname)
-            print "%s >>> unreachable" % hostname
-        elif result.get('failures', 2):
-            results_r['failures'].append(hostname)
-            print "%s >>> Failed" % hostname
-        else:
-            results_r['success'].append(hostname)
-            print "%s >>> Success" % hostname
-    return results_r
-

jumpserver/templatetags/__init__.py

-__author__ = 'Hudie'

jumpserver/urls.py

-from django.conf.urls import patterns, include, url
-
-
-urlpatterns = patterns('jumpserver.views',
-    # Examples:
-    url(r'^$', 'index', name='index'),
-    # url(r'^api/user/$', 'api_user'),
-    url(r'^skin_config/$', 'skin_config', name='skin_config'),
-    url(r'^login/$', 'Login', name='login'),
-    url(r'^logout/$', 'Logout', name='logout'),
-    url(r'^exec_cmd/$', 'exec_cmd', name='exec_cmd'),
-    url(r'^file/upload/$', 'upload', name='file_upload'),
-    url(r'^file/download/$', 'download', name='file_download'),
-    url(r'^setting', 'setting', name='setting'),
-    url(r'^terminal/$', 'web_terminal', name='terminal'),
-    url(r'^juser/', include('juser.urls')),
-    url(r'^jasset/', include('jasset.urls')),
-    url(r'^jlog/', include('jlog.urls')),
-    url(r'^jperm/', include('jperm.urls')),
-)

jumpserver/wsgi.py

-"""
-WSGI config for jumpserver project.
-
-It exposes the WSGI callable as a module-level variable named ``application``.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/
-"""
-
-import os
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "jumpserver.settings")
-
-from django.core.wsgi import get_wsgi_application
-application = get_wsgi_application()

juser/admin.py

-from django.contrib import admin
-
-# Register your models here.

logs/README.md

-永远年轻，永远热泪盈眶