Add basic security measures for build machines

Jacob Vosmaer
1 parent a03de3da
Showing 1 changed file with 20 additions and 0 deletions Show diff stats
doc/build.md
@@ -6,6 +6,17 @@ Preparing the build machine requires sudo access.
 ## Ubuntu 12.04
 ```shell
+# Get the latest OS updates
+sudo apt-get update
+sudo apt-get upgrade
+
+# Set up the firewall to only allow inbound SSH traffic
+sudo ufw allow ssh
+sudo ufw enable
+
+# Check for SSH password logins; they should be disabled
+grep '^[^#]*PasswordAuthentication' /etc/ssh/sshd_config
+
 # Install dependencies
 sudo apt-get install ruby1.9.1 ruby1.9.1-dev git build-essential
 sudo gem install --no-ri --no-rdoc bundler
@@ -38,6 +49,15 @@ the steps to build gitlab with omnibus on Debian 7.4 are equal to the ones to bu
 ## Centos 6.5
 ```shell
+# Update OS packages
+sudo yum update
+
+# Set up the firewall to only allow inbound SSH traffic
+sudo lokkit -s ssh
+
+# Check for SSH password logins; they should be disabled
+grep '^[^#]*PasswordAuthentication' /etc/ssh/sshd_config
+
 sudo yum groupinstall 'Development Tools'
 # Install RedHat Software Collections to get Ruby 1.9.3
 sudo yum install centos-release-SCL
	@@ -6,6 +6,17 @@ Preparing the build machine requires sudo access.		@@ -6,6 +6,17 @@ Preparing the build machine requires sudo access.
6	## Ubuntu 12.04	6	## Ubuntu 12.04
7		7
8	```shell	8	```shell
		9	+# Get the latest OS updates
		10	+sudo apt-get update
		11	+sudo apt-get upgrade
		12	+
		13	+# Set up the firewall to only allow inbound SSH traffic
		14	+sudo ufw allow ssh
		15	+sudo ufw enable
		16	+
		17	+# Check for SSH password logins; they should be disabled
		18	+grep '^[^#]*PasswordAuthentication' /etc/ssh/sshd_config
		19	+
9	# Install dependencies	20	# Install dependencies
10	sudo apt-get install ruby1.9.1 ruby1.9.1-dev git build-essential	21	sudo apt-get install ruby1.9.1 ruby1.9.1-dev git build-essential
11	sudo gem install --no-ri --no-rdoc bundler	22	sudo gem install --no-ri --no-rdoc bundler
	@@ -38,6 +49,15 @@ the steps to build gitlab with omnibus on Debian 7.4 are equal to the ones to bu		@@ -38,6 +49,15 @@ the steps to build gitlab with omnibus on Debian 7.4 are equal to the ones to bu
38	## Centos 6.5	49	## Centos 6.5
39		50
40	```shell	51	```shell
		52	+# Update OS packages
		53	+sudo yum update
		54	+
		55	+# Set up the firewall to only allow inbound SSH traffic
		56	+sudo lokkit -s ssh
		57	+
		58	+# Check for SSH password logins; they should be disabled
		59	+grep '^[^#]*PasswordAuthentication' /etc/ssh/sshd_config
		60	+
41	sudo yum groupinstall 'Development Tools'	61	sudo yum groupinstall 'Development Tools'
42	# Install RedHat Software Collections to get Ruby 1.9.3	62	# Install RedHat Software Collections to get Ruby 1.9.3
43	sudo yum install centos-release-SCL	63	sudo yum install centos-release-SCL