Download as
Browse Code »

Commit be9dab3af9e7c9ef71df96b4771e6e89db536ddc

Authored by Jacob Vosmaer
1 parent a03de3da
Exists in master and in 13 other branches 6-8-stable, 6-8-stable-ee, 6-9-stable, 6-9-stable-ee, 7-0-stable, 7-0-stable-ee, 7-0-stable-spb, 7-1-stable, 7-1-stable-ee, 7-2-stable, 7-2-stable-ee, branch_test, nginx_ssl_tweaks

Add basic security measures for build machines

Showing 1 changed file with 20 additions and 0 deletions   Show diff stats
doc/build.md
  Diff comments   View file @be9dab3
... ... @@ -6,6 +6,17 @@ Preparing the build machine requires sudo access.
6 6 ## Ubuntu 12.04
7 7  
8 8 ```shell
  9 +# Get the latest OS updates
  10 +sudo apt-get update
  11 +sudo apt-get upgrade
  12 +
  13 +# Set up the firewall to only allow inbound SSH traffic
  14 +sudo ufw allow ssh
  15 +sudo ufw enable
  16 +
  17 +# Check for SSH password logins; they should be disabled
  18 +grep '^[^#]*PasswordAuthentication' /etc/ssh/sshd_config
  19 +
9 20 # Install dependencies
10 21 sudo apt-get install ruby1.9.1 ruby1.9.1-dev git build-essential
11 22 sudo gem install --no-ri --no-rdoc bundler
... ... @@ -38,6 +49,15 @@ the steps to build gitlab with omnibus on Debian 7.4 are equal to the ones to bu
38 49 ## Centos 6.5
39 50  
40 51 ```shell
  52 +# Update OS packages
  53 +sudo yum update
  54 +
  55 +# Set up the firewall to only allow inbound SSH traffic
  56 +sudo lokkit -s ssh
  57 +
  58 +# Check for SSH password logins; they should be disabled
  59 +grep '^[^#]*PasswordAuthentication' /etc/ssh/sshd_config
  60 +
41 61 sudo yum groupinstall 'Development Tools'
42 62 # Install RedHat Software Collections to get Ruby 1.9.3
43 63 sudo yum install centos-release-SCL
... ...