On November 21, 2022, the JumpServer open source bastion machine officially released version v2.28.0. In this version, the deployment of JumpServer supports the use of Redis sentinel cluster as the back-end cache database, making the system more robust and highly available. In terms of operation log auditing, support for viewing resource change information has been added. When resources are added, updated, deleted, etc., you can view the detailed information before and after the change in the operation log.

In terms of the X-Pack enhanced package, in the synchronization cloud asset module, JumpServer not only supports Alibaba Cloud, Tencent Cloud, Tencent Cloud (lightweight application server), Huawei Cloud, Baidu Cloud, JD Cloud, AWS (China), AWS (International) , Azure (China), Azure (International), Google Cloud, VMware, Qingyun Private Cloud, Huawei Private Cloud, Tianyi Private Cloud, OpenStack, Nutanix, Fusion Compute, LAN and other cloud platforms, new support for Kingsoft Cloud asset synchronization, and Supports the selection of IP types (private IP or public IP) to meet the actual needs of enterprises in multi-cloud asset management, and assist users to achieve unified management of private cloud and public cloud assets.

In this version, JumpServer also adds support for the management, connection, operation and auditing functions of the ClickHouse database. The database types currently supported by JumpServer include: MySQL, MariaDB, MongoDB, Redis, Oracle (in the X-Pack enhanced package), PostgreSQL (in the X-Pack enhanced package), SQL Server (in the X-Pack enhanced package) and ClickHouse ( X-Pack enhancement package). In addition, in this version, JumpServer has also increased the function of retrieving user passwords through mobile phone text messages.

new features

1. Deployment supports the use of Redis sentinel mode

In the JumpServer v2.28.0 version, support for using the Redis sentinel cluster as the back-end cache database is added in the deployment process. Users need to set sentinel mode parameters in “config.txt”:REDIS_SENTINEL_HOSTS, REDIS_SENTINEL_PASSWORDas well asREDIS_PASSWORD.

The main functions of Redis sentinel mode include:

■ Monitor whether the master server and the slave server are running normally;

■ Automatically convert a slave server to a master server in the event of a master server failure.

JumpServer deployment supports the use of Redis sentinel clusters as the back-end cache database, and its biggest advantage is to make the system more robust and highly available. When the Master node of Redis goes down, the Redis Sentry monitors, detects and votes on the server, and then automatically switches from master to slave, so as to achieve high availability and avoid the situation that the entire JumpServer service is unavailable due to Redis downtime.

Edit the configuration file and add Redis sentinel parameters, as follows:

# 编辑配置文件vim /opt/jumpserver/config/config.txt  # 配置Redis 哨兵模式配置REDIS_SENTINEL_HOSTS=mymaster/哨兵1:26379,哨兵2:26380,哨兵3:26381 REDIS_SENTINEL_PASSWORD=xxxxfrthnjggdrthdfREDIS_PASSWORD=qwertysdftgyhjfggs

2. Support viewing resource change information in the operation log

In JumpServer v2.28.0, support for viewing resource change information in the operation log has been added.

The administrator/auditor selects “Audit Desk” → “Log Audit” → “Operation Log”, and clicks the “View” button of an operation log to view the information before and after the resource change. If the user group information of the user is updated, we can view the user group information before the change and the user group information after the change in the operation log.

▲Figure 1 Click the “View” button in the operation log to view the information before and after the resource change

3. Added support for the sync cloud assets module to manage Kingsoft Cloud (inside the X-Pack enhancement package)

In the JumpServer v2.28.0 version, the sync cloud asset module supports Kingsoft Cloud sync.

Currently, the cloud platforms supported by JumpServe include Alibaba Cloud, Tencent Cloud, Tencent Cloud (lightweight application server), Huawei Cloud, Baidu Cloud, JD Cloud, AWS (China), AWS (International), Azure (China), Azure (International ), Google Cloud, VMware, Qingyun Private Cloud, Huawei Private Cloud, Tianyi Private Cloud, OpenStack, Nutanix, Fusion Compute, and local area network, it also supports Kingsoft Cloud Synchronization, which meets the actual needs of enterprises in multi-cloud asset management and assists users Realize the unified management of private cloud and public cloud assets.

At the same time, in this version, asset cloud synchronization also supports the selection of IP type, you can choose private IP or public IP.

The administrator can create a Kingsoft Cloud account and create a Kingsoft Cloud synchronization task by selecting “Asset List” → “Cloud Synchronization”, and then the IP that meets the rules can be synchronized to JumpServer for unified management.

▲Figure 2 In the “Cloud Synchronization” module, click to create a “Kingsoft Cloud” account

▲Figure 3 Create Kingsoft Cloud asset synchronization task

▲Figure 4 Cloud synchronization adds support for selecting IP types

4. Support to manage ClickHouse database (in X-Pack enhanced package)

The JumpServer v2.28.0 version supports the management, connection, operation and audit of the ClickHouse database.

The databases currently supported by JumpServer include: MySQL, MariaDB, MongoDB, Redis, Oracle (in the X-Pack enhanced package), PostgreSQL (in the X-Pack enhanced package), SQL Server (in the X-Pack enhanced package), and ClickHouse (in the X-Pack enhanced package). -Pack enhancement package).

▲Figure 5 The administrator can create a ClickHouse database in the “Database” menu

▲Figure 6 Authorize the ClickHouse database, and connect to the ClickHouse database through the Web Terminal test

5. Support mobile phone text messages to retrieve user passwords (inside the X-Pack enhancement package)

In the JumpServer v2.28.0 version, it supports SMS to retrieve the user password. The administrator needs to enable SMS authentication, and the user information needs to be configured with a mobile phone number. The user can reset the password by clicking the “Forgot Password” link on the login page and selecting SMS verification according to the prompt.

▲Figure 7 The user fills in the correct mobile phone number and chooses to send the verification code

▲Figure 8 The user fills in the correct SMS verification code and can jump to the reset password page

Function optimization

■ Support custom MFA multi-factor authentication logic;

■ Support global setting of the default resolution of connected graphical assets;

■ Optimize the default effective time of asset and application authorization application work orders in the system settings, and support setting by days and hours;

■ Opened the batch deletion function of some resources, such as tag list, domain list, command filter, etc.;

■ Optimize the platform field of assets that can be displayed when connecting to KoKo through the SSH terminal;

■ Support batch encryption of database applications through the network domain gateway (inside the X-Pack enhanced package);

■ Users with super work order permissions can submit work order applications for other users (inside the X-Pack enhancement package).

Bug fixes

■ Fixed the issue that after updating a third-party user, the user would be redirected to the update password page when logging in;

■ Fixed the problem that the maximized display was incomplete when connecting to Windows assets through the Web Terminal;

■ Fix the problem of time display time zone error in Celery task;

■ Fix the problem that the database cannot be deleted due to the limitation of the number of ports;

■ Fix the problem that the internal publish and subscribe mechanism fails when the Redis service is restarted separately, for example, the modification of system settings does not take effect;

■ Fixed the problem of occasionally failing to send encrypted emails when deploying multiple nodes (inside the X-Pack enhancement package);

■ Fixed the problem that the window title displayed Chinese garbled characters when connecting to Windows assets through the RDP client (inside the X-Pack enhancement package).