summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAchilleas Pipinellis <axil@gitlab.com>2019-07-16 07:02:21 +0000
committerAchilleas Pipinellis <axil@gitlab.com>2019-07-16 07:02:21 +0000
commit38aa79de0623cd197769adea9a22ae6762a3b638 (patch)
tree970e38de0e9241d214646e211008c52a2c7d841c
parent6b301c43ec01cc9968f1297dc69399c565331101 (diff)
parent698864df12c3388d5728332d1186734a16a984e2 (diff)
downloadgitlab-ce-38aa79de0623cd197769adea9a22ae6762a3b638.tar.gz
Merge branch 'docs/security-follow-up' into 'master'
Clean-up some confusing info from security docs See merge request gitlab-org/gitlab-ce!29495
-rw-r--r--doc/security/information_exclusivity.md1
-rw-r--r--doc/security/password_length_limits.md30
-rw-r--r--doc/security/rack_attack.md1
-rw-r--r--doc/security/reset_root_password.md1
-rw-r--r--doc/security/ssh_keys_restrictions.md1
-rw-r--r--doc/security/two_factor_authentication.md1
-rw-r--r--doc/security/unlock_user.md47
-rw-r--r--doc/security/user_email_confirmation.md1
-rw-r--r--doc/security/user_file_uploads.md1
-rw-r--r--doc/security/webhooks.md1
10 files changed, 56 insertions, 29 deletions
diff --git a/doc/security/information_exclusivity.md b/doc/security/information_exclusivity.md
index 62a20d3f257..749ccf924b5 100644
--- a/doc/security/information_exclusivity.md
+++ b/doc/security/information_exclusivity.md
@@ -1,6 +1,7 @@
---
type: concepts
---
+
# Information exclusivity
Git is a distributed version control system (DVCS). This means that everyone
diff --git a/doc/security/password_length_limits.md b/doc/security/password_length_limits.md
index d78293c75c6..9909ef4a8e4 100644
--- a/doc/security/password_length_limits.md
+++ b/doc/security/password_length_limits.md
@@ -1,19 +1,31 @@
---
type: reference, howto
---
+
# Custom password length limits
-If you want to enforce longer user passwords you can create an extra Devise
-initializer with the steps below.
+The user password length is set to a minimum of 8 characters by default.
+To change that for installations from source:
+
+1. Edit `devise_password_length.rb`:
+
+ ```sh
+ cd /home/git/gitlab
+ sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
+ sudo -u git -H editor config/initializers/devise_password_length.rb
+ ```
+
+1. Change the new password length limits:
+
+ ```ruby
+ config.password_length = 12..128
+ ```
-If you do not use the `devise_password_length.rb` initializer the password
-length is set to a minimum of 8 characters in `config/initializers/devise.rb`.
+ In this example, the minimum length is 12 characters, and the maximum length
+ is 128 characters.
-```bash
-cd /home/git/gitlab
-sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
-sudo -u git -H editor config/initializers/devise_password_length.rb # inspect and edit the new password length limits
-```
+1. [Restart GitLab](../administration/restart_gitlab.md#installations-from-source)
+ for the changes to take effect.
<!-- ## Troubleshooting
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md
index 1b75798013d..1e5678ec47c 100644
--- a/doc/security/rack_attack.md
+++ b/doc/security/rack_attack.md
@@ -1,6 +1,7 @@
---
type: reference, howto
---
+
# Rack Attack
[Rack Attack](https://github.com/kickstarter/rack-attack), also known as Rack::Attack, is a Ruby gem
diff --git a/doc/security/reset_root_password.md b/doc/security/reset_root_password.md
index a58d70f0ff2..6a6c5262179 100644
--- a/doc/security/reset_root_password.md
+++ b/doc/security/reset_root_password.md
@@ -1,6 +1,7 @@
---
type: howto
---
+
# How to reset your root password
To reset your root password, first log into your server with root privileges.
diff --git a/doc/security/ssh_keys_restrictions.md b/doc/security/ssh_keys_restrictions.md
index ae4cc44519e..4c60daf77f4 100644
--- a/doc/security/ssh_keys_restrictions.md
+++ b/doc/security/ssh_keys_restrictions.md
@@ -1,6 +1,7 @@
---
type: reference, howto
---
+
# Restrict allowed SSH key technologies and minimum length
`ssh-keygen` allows users to create RSA keys with as few as 768 bits, which
diff --git a/doc/security/two_factor_authentication.md b/doc/security/two_factor_authentication.md
index 6251f8e2f66..b08d9ffa26e 100644
--- a/doc/security/two_factor_authentication.md
+++ b/doc/security/two_factor_authentication.md
@@ -1,6 +1,7 @@
---
type: howto
---
+
# Enforce Two-factor Authentication (2FA)
Two-factor Authentication (2FA) provides an additional level of security to your
diff --git a/doc/security/unlock_user.md b/doc/security/unlock_user.md
index 2e14e631d68..d34826c853c 100644
--- a/doc/security/unlock_user.md
+++ b/doc/security/unlock_user.md
@@ -2,37 +2,44 @@
type: howto
---
-# How to unlock a locked user
+# How to unlock a locked user from the command line
-To unlock a locked user, first log into your server with root privileges.
+After six failed login attempts a user gets in a locked state.
-Start a Ruby on Rails console with this command:
+To unlock a locked user:
-```bash
-gitlab-rails console production
-```
+1. SSH into your GitLab server.
+1. Start a Ruby on Rails console:
-Wait until the console has loaded.
+ ```sh
+ ## For Omnibus GitLab
+ sudo gitlab-rails console production
-There are multiple ways to find your user. You can search for email or username.
+ ## For installations from source
+ sudo -u git -H bundle exec rails console RAILS_ENV=production
+ ```
-```bash
-user = User.where(id: 1).first
-```
+1. Find the user to unlock. You can search by email or ID.
-or
+ ```ruby
+ user = User.find_by(email: 'admin@local.host')
+ ```
-```bash
-user = User.find_by(email: 'admin@local.host')
-```
+ or
-Unlock the user:
+ ```ruby
+ user = User.where(id: 1).first
+ ```
-```bash
-user.unlock_access!
-```
+1. Unlock the user:
-Exit the console, the user should now be able to log in again.
+ ```ruby
+ user.unlock_access!
+ ```
+
+1. Exit the console with <kbd>Ctrl</kbd>+<kbd>d</kbd>
+
+The user should now be able to log in.
<!-- ## Troubleshooting
diff --git a/doc/security/user_email_confirmation.md b/doc/security/user_email_confirmation.md
index f0af0a7ac6a..7ba50acbb06 100644
--- a/doc/security/user_email_confirmation.md
+++ b/doc/security/user_email_confirmation.md
@@ -1,6 +1,7 @@
---
type: howto
---
+
# User email confirmation at sign-up
GitLab can be configured to require confirmation of a user's email address when
diff --git a/doc/security/user_file_uploads.md b/doc/security/user_file_uploads.md
index f34528a6e05..9fc8f7ec985 100644
--- a/doc/security/user_file_uploads.md
+++ b/doc/security/user_file_uploads.md
@@ -1,6 +1,7 @@
---
type: reference
---
+
# User File Uploads
Images that are attached to issues, merge requests, or comments
diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md
index d4fa088cb15..1194234a295 100644
--- a/doc/security/webhooks.md
+++ b/doc/security/webhooks.md
@@ -1,6 +1,7 @@
---
type: concepts, reference, howto
---
+
# Webhooks and insecure internal web services
If you have non-GitLab web services running on your GitLab server or within its