Open miguelbernadi opened 9 years ago
miguelbernadi
commented
9 years ago Now the jenkins user has /bin/bash as default shell instead of /bin/false, to allow execution of commands by ssh. Also, as requiretty has been deactivated for it in the sudoers file now it can do sudo over ssh without need for a terminal.
The connections to user jenkins should be limited, only allowing ssh Keys login.
prota
commented
9 years ago First level of securization (by local Jenkins database) to the Continuous Integration System. -Only logged-in users can manage options, jobs and launch deployments into development and production. -Not logged-in users can take a look to description of jobs and code but not launch or modify or auto-sign-up. -Sign up is now disabled (new users will be created on demand). -Different users have been created for RD-Connect Developers and Support.
miguelbernadi
commented
9 years ago El 30 de septiembre de 2015 13:56:45 CEST, Joan Protasio notifications@github.com escribió:
First level of securization (by local Jenkins database) to the Continuous Integration System. -Sign up is now disabled (new users will be created on demand). -Different users have been created for RD-Connect Developers and Support.
Reply to this email directly or view it on GitHub: https://github.com/RD-Connect/Infrastracture/issues/21#issuecomment-144374216
Access through
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Right now, anyone can access Jenkins' content and administration. This should be restricted to the actual developers and maybe secured with https.
We could deploy a self-signed SSL certificate for Jenkins and use the internal users database to restrict access to all the data. Also, the plugin https://wiki.jenkins-ci.org/display/JENKINS/Credentials+Binding+Plugin or a similar one could be used to manage the deployment of secrets inside jenkins' jobs.