Welcome to mirror list, hosted at ThFree Co, Russian Federation.

hardening.md « security « doc - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/security/hardening.md
blob: 45146fb071531a942c1441314306bf8d3e926d46 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

---
type: reference, howto
stage: Govern
group: Authentication
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

# GitLab Hardening Recommendations **(FREE SELF)**

This documentation is for GitLab instances where the overall system can be "hardened"
against common and even not-so-common attacks. It is not designed to completely
eradicate attacks, but to provide strong mitigation thereby reducing overall risk. Some
of the techniques apply to any GitLab deployment, such as SaaS or self-managed, while other
techniques apply to the underlying OS.

These techniques are a work in progress, and have not been tested at scale
(such as a large environments with many users). They have been tested on a self-managed
single instance running a Linux package installation, and while many of the techniques can
translated to other deployment types, they may not all work or apply.

Most of the listed recommendations provide specific recommendations or
reference choices one can make based upon the general documentation.
Through hardening, there may be impact to certain features your users may specifically
want or depend on, so you should communicate with users and do a phased rollout of hardening
changes.

The hardening instructions are in five categories for easier
understanding. They are listed in the following section.

## GitLab hardening general concepts

This details information on hardening as an approach to security and some of the larger
philosophies. For more information, see [hardening general concepts](hardening_general_concepts.md).

## GitLab application settings

Application settings made using the GitLab GUI to the application itself. For more information, see
[application recommendations](hardening_application_recommendations.md).

## GitLab CI/CD settings

CI/CD is a core component of GitLab, and while application of security principles
are based upon needs, there are several things you can do to make your CI/CD more secure.
For more information, see [CI/CD Recommendations](hardening_cicd_recommendations.md).

## GitLab configuration settings

Configuration file settings used to control and configure the
application (such as `gitlab.rb`) are documented separately. For more information, see the
[configuration recommendations](hardening_configuration_recommendations.md).

## Operating System settings

You can adjust the underlying operating system to increase overall security. For more information, see the
[operating system recommendations](hardening_operating_system_recommendations.md).

<!-- ## Troubleshooting

Include any troubleshooting steps that you can foresee. If you know beforehand what issues
one might have when setting this up, or when something is changed, or on upgrading, it's
important to describe those, too. Think of things that may go wrong and include them here.
This is important to minimize requests for support, and to avoid doc comments with
questions that you know someone might ask.

Each scenario can be a third-level heading, for example `### Getting error message X`.
If you have none to add when creating a doc, leave this section in place
but commented out to help encourage others to add to it in the future. -->
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 05:41:11 +0300