User Tools
сервис_tacacs
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_tacacs [2018/03/27 09:42] val [FreeBSD/Ubuntu] |
сервис_tacacs [2025/04/26 10:17] (current) val [Docker] |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| * [[http://www.shrubbery.net/tac_plus/|TACACS+ daemon]] | * [[http://www.shrubbery.net/tac_plus/|TACACS+ daemon]] | ||
| * [[https://habrahabr.ru/post/194750/|Другой tacacs+]] | * [[https://habrahabr.ru/post/194750/|Другой tacacs+]] | ||
| + | |||
| ===== Установка TACACS+ сервера ===== | ===== Установка TACACS+ сервера ===== | ||
| - | ==== FreeBSD ==== | + | ==== Ubuntu<11/Debian<20 ==== |
| - | <code> | + | |
| - | [server:~] # pkg install tac_plus | + | |
| - | + | ||
| - | [server:~] # pkg_add -r tac_plus | + | |
| - | + | ||
| - | [server:~] # cd /usr/local/etc/ | + | |
| - | </code> | + | |
| - | + | ||
| - | ==== Ubuntu/Debian ==== | + | |
| <code> | <code> | ||
| root@server:~# apt install tacacs+ | root@server:~# apt install tacacs+ | ||
| - | |||
| - | root@server:~# cd /etc/tacacs+/ | ||
| </code> | </code> | ||
| - | ==== CentOS/SL ==== | + | ==== Docker образ ==== |
| + | |||
| + | * [[https://www.nixcraft.com/t/ubuntu-server-20-04-installing-tacacs/3452|Ubuntu Server 20.04 Installing TACACS+]] | ||
| + | * [[Технология Docker]] | ||
| + | * [[https://hub.docker.com/r/lfkeitel/tacacs_plus|TACACS+ Docker Image]] | ||
| - | * [[Управление ПО в Linux#Работа с исходными текстами]] | + | !!! Можно использовать базовый ораз |
| - | * Необходимые пакеты: flex bison libwrap0-dev | + | |
| <code> | <code> | ||
| - | root@server:~# apt-get install flex bison libwrap0-dev | + | # mkdir tacacs_server |
| - | root@server:~# cd /usr/src | + | # cd tacacs_server/ |
| - | root@server:/usr/src# wget ftp://ftp.shrubbery.net/pub/tac_plus/tacacs+-F4.0.4.26.tar.gz | + | # cat Dockerfile |
| - | root@server:/usr/src# tar -xvzf tacacs+-F4.0.4.26.tar.gz | + | </code><code> |
| - | root@server:/usr/src# cd tacacs+-F4.0.4.26 | + | FROM openswitch/tacacs_server |
| - | root@server:/usr/src/tacacs+-F4.0.4.26# ./configure --prefix=/usr/local/tac_plus | + | RUN printf "%s\n%s" '#!/bin/sh' "/usr/local/bin/tac_plus -G -C /etc/tacacs/tac_plus.conf" > /start.sh && chmod +x /start.sh |
| - | root@server:/usr/src/tacacs+-F4.0.4.26# make install clean | + | #RUN echo -e '#!/bin/sh\n/usr/local/bin/tac_plus -G -C /etc/tacacs/tac_plus.conf' > /start.sh && chmod +x /start.sh |
| + | |||
| + | ENTRYPOINT ["/start.sh"] | ||
| + | </code><code> | ||
| + | # docker build -t corp/tacacs_server . | ||
| - | root@server:/usr/src/tacacs+-F4.0.4.26# cd /etc | + | # mkdir /etc/tacacs+/ |
| </code> | </code> | ||
| Line 50: | Line 47: | ||
| ... | ... | ||
| - | # :> tac_plus.conf | + | # cat /etc/tacacs+/tac_plus.conf |
| - | + | ||
| - | # cat tac_plus.conf | + | |
| </code><code> | </code><code> | ||
| key = tackey123 | key = tackey123 | ||
| Line 58: | Line 53: | ||
| accounting file = /var/log/tac_plus.acct | accounting file = /var/log/tac_plus.acct | ||
| - | user=user1 { | + | user=root { |
| default service = permit | default service = permit | ||
| - | login = des "DWRr6OSzYvMH." | + | login = des "hPkKtADs9JXn2" |
| - | service = exec { | + | service = exec { |
| priv-lvl = 15 | priv-lvl = 15 | ||
| + | } | ||
| + | } | ||
| + | |||
| + | user=user1 { | ||
| + | default service = permit | ||
| + | login = des "DWRr6OSzYvMH." | ||
| + | service = exec { | ||
| + | priv-lvl = 1 | ||
| } | } | ||
| } | } | ||
| Line 69: | Line 72: | ||
| ===== Запуск ===== | ===== Запуск ===== | ||
| - | ==== FreeBSD ==== | + | * [[https://manpages.ubuntu.com/manpages/trusty/man8/tac_plus.8.html]] |
| - | <code> | + | |
| - | # /usr/local/etc/rc.d/tac_plus rcvar | + | |
| - | + | ||
| - | # /usr/local/etc/rc.d/tac_plus start | + | |
| - | Starting tac_plus. | + | |
| - | </code> | + | |
| ==== Ubuntu/Debian ==== | ==== Ubuntu/Debian ==== | ||
| <code> | <code> | ||
| Line 82: | Line 78: | ||
| </code> | </code> | ||
| - | ==== CentOS/SL ==== | + | ==== Docker ==== |
| <code> | <code> | ||
| - | root@server:~# cat /etc/rc.local | + | # docker run --name tacacs_server -d -p 49:49 -v /etc/tacacs+/:/etc/tacacs/ -v /var/log/:/var/log/ --restart=always corp/tacacs_server |
| - | </code><code> | + | |
| - | ... | + | |
| - | /usr/local/tac_plus/bin/tac_plus -C /etc/tac_plus.conf | + | |
| - | exit 0 | + | либо, из базового образа (-d не работает, выводит максимальный debug) |
| - | </code><code> | + | |
| - | root@server:~# /usr/local/tac_plus/bin/tac_plus -C /etc/tac_plus.conf | + | |
| + | # docker run -d --name tacacs_server -p 49:49 -v /etc/tacacs+/:/etc/tacacs/ -v /var/log/:/var/log/ --restart=always openswitch/tacacs_server /usr/local/bin/tac_plus -G -C /etc/tacacs/tac_plus.conf -d 65536 | ||
| + | или | ||
| + | # docker run -d --name tacacs_server -p 49:49 -v /etc/tacacs+/:/etc/tacacs/ -v /var/log/:/var/log/ --entrypoint /usr/local/bin/tac_plus --restart=always openswitch/tacacs_server -G -C /etc/tacacs/tac_plus.conf -d 65536 | ||
| </code> | </code> | ||
| ===== Мониторинг ===== | ===== Мониторинг ===== | ||
| + | |||
| <code> | <code> | ||
| + | !!! Файл появится в результате действий пользователя в CLI | ||
| # tail -f /var/log/tac_plus.acct | # tail -f /var/log/tac_plus.acct | ||
| + | |||
| + | # tail -f /var/log/tac_plus.log | ||
| + | ... | ||
| + | все пароли | ||
| + | ... | ||
| + | |||
| + | все, что нужно, есть в tac_plus.acct | ||
| + | # rm /var/log/tac_plus.log; ln -s /dev/null /var/log/tac_plus.log | ||
| </code> | </code> | ||
| Line 102: | Line 108: | ||
| <code> | <code> | ||
| - | # cat /etc/tac_plus.conf | + | # cat tac_plus.conf |
| </code><code> | </code><code> | ||
| key = tackey123 | key = tackey123 | ||
сервис_tacacs.1522132959.txt.gz · Last modified: 2018/03/27 09:42 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
