-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbasic-security.groovy
42 lines (32 loc) · 1.35 KB
/
basic-security.groovy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!groovy
// - Harden Jenkins - since we skipping wizard for container build
// - this is just for testing - dont mind the pwd/user
import jenkins.model.*
import hudson.security.*
import jenkins.security.s2m.*
import hudson.security.csrf.DefaultCrumbIssuer
//set default admin user
def instance = Jenkins.getInstance()
println "--> creating local user 'admin'"
//disable CLI remoting mode
instance.getDescriptor("jenkins.CLI").get().setEnabled(false)
//set CSRF protection
instance.setCrumbIssuer(new DefaultCrumbIssuer(true))
//set agent/ master subsystem
instance.injector.getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false);
// Disable old Non-Encrypted protocols
HashSet<String> newProtocols = new HashSet<>(instance.getAgentProtocols());
newProtocols.removeAll(Arrays.asList(
"JNLP3-connect", "JNLP2-connect", "JNLP-connect", "CLI-connect"
));
instance.setAgentProtocols(newProtocols);
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount('admin','admin1')
instance.setSecurityRealm(hudsonRealm)
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
strategy.setAllowAnonymousRead(false)
instance.setAuthorizationStrategy(strategy)
def strategyMatrix = new GlobalMatrixAuthorizationStrategy()
strategyMatrix.add(Jenkins.ADMINISTER, "admin")
instance.setAuthorizationStrategy(strategyMatrix)
instance.save()