English · 中文(简体)
OneTerm is a simple, lightweight, and flexible enterprise-level bastion host product. Based on the 4A concept: Authentication, Authorization, Account, and Audit, it ensures system security and compliance through strict access control and monitoring functions.
- Official Website: v1ops.com
- Product Documentation: veops.cn/docs/en/docs/oneterm/Onterm_design
- Online Demo: oneterm.v1ops.com
- Username: demo or admin
- Password: 123456
- Note: The
mainbranch may be in an unstable state during development. Please obtain the latest stable version through releases.
-
Access Control: OneTerm acts as an intermediary site, restricting direct access to critical systems. Users must first authenticate through OneTerm before accessing other servers or systems.
-
Security Audit: OneTerm can record user logins and activities, providing audit logs for investigation when security incidents occur. This helps ensure that every user's behavior is traceable and auditable.
-
Jump Server Access: OneTerm provides a jump server approach where users can connect to other internal servers through OneTerm. This approach helps reduce the risk of directly exposing internal servers, as only OneTerm needs to be externally accessible.
-
Password Management: OneTerm can implement enhanced password policies and centrally manage passwords through a single entry point. This helps improve the password security of the entire system.
-
Session Recording: OneTerm can record user sessions with servers, which is very useful for monitoring and investigating privileged user activities. If security incidents occur, session recordings can be replayed to understand detailed operations.
-
Prevent Direct Attacks: Since OneTerm is the only entry point to systems and resources, it can become the main barrier for attackers. This helps reduce the risk of direct attacks on internal systems.
-
Unified Access: OneTerm provides a single entry point through which users can access different systems without having to remember multiple login credentials. This improves user convenience and work efficiency.
-
Authentication and Authorization: OneTerm features powerful and flexible authentication and authorization mechanisms. This includes support for multi-factor authentication, ensuring that only authorized users can access internal network resources, and providing fine-grained user permission management.
-
Secure Communication: OneTerm supports secure communication protocols and encryption technologies to protect data transmission between users and internal servers. This helps prevent man-in-the-middle attacks and data leaks.
-
Audit and Monitoring: OneTerm has powerful audit and monitoring capabilities, recording user activities and generating audit logs. This helps track security events, identify potential threats, and meet compliance requirements.
-
Remote Management and Session Isolation: OneTerm supports remote management, enabling administrators to securely manage internal servers. At the same time, it features session isolation to ensure that access between users is mutually isolated, preventing lateral escalation attacks.
-
Tight Integration with Open Source CMDB: OneTerm is tightly integrated with Veops CMDB (open source), allowing users to import assets from CMDB with one click, ensuring convenient operation and smooth processes.
- Backend: Go
- Frontend: Vue.js
- UI Component Library: Ant Design Vue
Welcome to Star and follow us to get the latest updates!
|
|
|
|
|
|
|
|
|
- Docker Compose Installation
git clone https://github.com/veops/oneterm.git cd oneterm/deploy docker compose up -d
-
For production environments, use the setup script to configure secure passwords:
git clone https://github.com/veops/oneterm.git cd oneterm/deploy ./setup.sh docker compose up -dThe setup script will:
- Generate secure random passwords or let you set custom ones
- Update all configuration files with your passwords
- Create backup files for safety
-
Access
- Open your browser and visit: http://127.0.0.1:8666
- Username: admin
- Password: 123456 (default) or your custom password if using setup.sh
For developers who want to contribute to OneTerm or set up a local development environment:
# Clone repository
git clone https://github.com/veops/oneterm.git
cd oneterm/deploy
# Frontend development (live editing)
./dev-start.sh frontend
# Backend development (live editing)
./dev-start.sh backend
For complete setup instructions, troubleshooting, and development workflows:
Requirements: Docker, Node.js 14.17.6+, Go 1.21.3+
We welcome all developers to contribute code and improve and extend this project. Please read our Contribution Guide first. Additionally, you can support Veops open source through social media, events, and sharing.
- CMDB: Simple, lightweight, and versatile operational CMDB
- ACL: A general permission control management system.
- messenger: A simple and lightweight message sending service.
- Email: bd@veops.cn