Clean-up some confusing info from security docs
This commit is contained in:
parent
6b301c43ec
commit
698864df12
10 changed files with 56 additions and 29 deletions
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
type: concepts
|
||||
---
|
||||
|
||||
# Information exclusivity
|
||||
|
||||
Git is a distributed version control system (DVCS). This means that everyone
|
||||
|
|
|
@ -1,19 +1,31 @@
|
|||
---
|
||||
type: reference, howto
|
||||
---
|
||||
|
||||
# Custom password length limits
|
||||
|
||||
If you want to enforce longer user passwords you can create an extra Devise
|
||||
initializer with the steps below.
|
||||
The user password length is set to a minimum of 8 characters by default.
|
||||
To change that for installations from source:
|
||||
|
||||
If you do not use the `devise_password_length.rb` initializer the password
|
||||
length is set to a minimum of 8 characters in `config/initializers/devise.rb`.
|
||||
1. Edit `devise_password_length.rb`:
|
||||
|
||||
```bash
|
||||
cd /home/git/gitlab
|
||||
sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
|
||||
sudo -u git -H editor config/initializers/devise_password_length.rb # inspect and edit the new password length limits
|
||||
```
|
||||
```sh
|
||||
cd /home/git/gitlab
|
||||
sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
|
||||
sudo -u git -H editor config/initializers/devise_password_length.rb
|
||||
```
|
||||
|
||||
1. Change the new password length limits:
|
||||
|
||||
```ruby
|
||||
config.password_length = 12..128
|
||||
```
|
||||
|
||||
In this example, the minimum length is 12 characters, and the maximum length
|
||||
is 128 characters.
|
||||
|
||||
1. [Restart GitLab](../administration/restart_gitlab.md#installations-from-source)
|
||||
for the changes to take effect.
|
||||
|
||||
<!-- ## Troubleshooting
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
type: reference, howto
|
||||
---
|
||||
|
||||
# Rack Attack
|
||||
|
||||
[Rack Attack](https://github.com/kickstarter/rack-attack), also known as Rack::Attack, is a Ruby gem
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
type: howto
|
||||
---
|
||||
|
||||
# How to reset your root password
|
||||
|
||||
To reset your root password, first log into your server with root privileges.
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
type: reference, howto
|
||||
---
|
||||
|
||||
# Restrict allowed SSH key technologies and minimum length
|
||||
|
||||
`ssh-keygen` allows users to create RSA keys with as few as 768 bits, which
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
type: howto
|
||||
---
|
||||
|
||||
# Enforce Two-factor Authentication (2FA)
|
||||
|
||||
Two-factor Authentication (2FA) provides an additional level of security to your
|
||||
|
|
|
@ -2,37 +2,44 @@
|
|||
type: howto
|
||||
---
|
||||
|
||||
# How to unlock a locked user
|
||||
# How to unlock a locked user from the command line
|
||||
|
||||
To unlock a locked user, first log into your server with root privileges.
|
||||
After six failed login attempts a user gets in a locked state.
|
||||
|
||||
Start a Ruby on Rails console with this command:
|
||||
To unlock a locked user:
|
||||
|
||||
```bash
|
||||
gitlab-rails console production
|
||||
```
|
||||
1. SSH into your GitLab server.
|
||||
1. Start a Ruby on Rails console:
|
||||
|
||||
Wait until the console has loaded.
|
||||
```sh
|
||||
## For Omnibus GitLab
|
||||
sudo gitlab-rails console production
|
||||
|
||||
There are multiple ways to find your user. You can search for email or username.
|
||||
## For installations from source
|
||||
sudo -u git -H bundle exec rails console RAILS_ENV=production
|
||||
```
|
||||
|
||||
```bash
|
||||
user = User.where(id: 1).first
|
||||
```
|
||||
1. Find the user to unlock. You can search by email or ID.
|
||||
|
||||
or
|
||||
```ruby
|
||||
user = User.find_by(email: 'admin@local.host')
|
||||
```
|
||||
|
||||
```bash
|
||||
user = User.find_by(email: 'admin@local.host')
|
||||
```
|
||||
or
|
||||
|
||||
Unlock the user:
|
||||
```ruby
|
||||
user = User.where(id: 1).first
|
||||
```
|
||||
|
||||
```bash
|
||||
user.unlock_access!
|
||||
```
|
||||
1. Unlock the user:
|
||||
|
||||
Exit the console, the user should now be able to log in again.
|
||||
```ruby
|
||||
user.unlock_access!
|
||||
```
|
||||
|
||||
1. Exit the console with <kbd>Ctrl</kbd>+<kbd>d</kbd>
|
||||
|
||||
The user should now be able to log in.
|
||||
|
||||
<!-- ## Troubleshooting
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
type: howto
|
||||
---
|
||||
|
||||
# User email confirmation at sign-up
|
||||
|
||||
GitLab can be configured to require confirmation of a user's email address when
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
type: reference
|
||||
---
|
||||
|
||||
# User File Uploads
|
||||
|
||||
Images that are attached to issues, merge requests, or comments
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
type: concepts, reference, howto
|
||||
---
|
||||
|
||||
# Webhooks and insecure internal web services
|
||||
|
||||
If you have non-GitLab web services running on your GitLab server or within its
|
||||
|
|
Loading…
Reference in a new issue