Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
698864df
Commit
698864df
authored
Jul 16, 2019
by
Achilleas Pipinellis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Clean-up some confusing info from security docs
parent
6b301c43
Changes
10
Show whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
56 additions
and
29 deletions
+56
-29
doc/security/information_exclusivity.md
doc/security/information_exclusivity.md
+1
-0
doc/security/password_length_limits.md
doc/security/password_length_limits.md
+21
-9
doc/security/rack_attack.md
doc/security/rack_attack.md
+1
-0
doc/security/reset_root_password.md
doc/security/reset_root_password.md
+1
-0
doc/security/ssh_keys_restrictions.md
doc/security/ssh_keys_restrictions.md
+1
-0
doc/security/two_factor_authentication.md
doc/security/two_factor_authentication.md
+1
-0
doc/security/unlock_user.md
doc/security/unlock_user.md
+27
-20
doc/security/user_email_confirmation.md
doc/security/user_email_confirmation.md
+1
-0
doc/security/user_file_uploads.md
doc/security/user_file_uploads.md
+1
-0
doc/security/webhooks.md
doc/security/webhooks.md
+1
-0
No files found.
doc/security/information_exclusivity.md
View file @
698864df
---
type
:
concepts
---
# Information exclusivity
Git is a distributed version control system (DVCS). This means that everyone
...
...
doc/security/password_length_limits.md
View file @
698864df
---
type
:
reference, howto
---
# Custom password length limits
If you want to enforce longer user passwords you can create an extra Devise
initializer with the steps below.
The user password length is set to a minimum of 8 characters by default.
To change that for installations from source:
1.
Edit
`devise_password_length.rb`
:
```
sh
cd
/home/git/gitlab
sudo
-u
git
-H
cp
config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
sudo
-u
git
-H
editor config/initializers/devise_password_length.rb
```
1.
Change the new password length limits:
```
ruby
config
.
password_length
=
12
..
128
```
If you do not use the
`devise_password_length.rb`
initializer the password
length is set to a minimum of 8 characters in
`config/initializers/devise.rb`
.
In this example, the minimum length is 12 characters, and the maximum length
is 128 characters
.
```
bash
cd
/home/git/gitlab
sudo
-u
git
-H
cp
config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
sudo
-u
git
-H
editor config/initializers/devise_password_length.rb
# inspect and edit the new password length limits
```
1.
[
Restart GitLab
](
../administration/restart_gitlab.md#installations-from-source
)
for the changes to take effect.
<!-- ## Troubleshooting
...
...
doc/security/rack_attack.md
View file @
698864df
---
type
:
reference, howto
---
# Rack Attack
[
Rack Attack
](
https://github.com/kickstarter/rack-attack
)
, also known as Rack::Attack, is a Ruby gem
...
...
doc/security/reset_root_password.md
View file @
698864df
---
type
:
howto
---
# How to reset your root password
To reset your root password, first log into your server with root privileges.
...
...
doc/security/ssh_keys_restrictions.md
View file @
698864df
---
type
:
reference, howto
---
# Restrict allowed SSH key technologies and minimum length
`ssh-keygen`
allows users to create RSA keys with as few as 768 bits, which
...
...
doc/security/two_factor_authentication.md
View file @
698864df
---
type
:
howto
---
# Enforce Two-factor Authentication (2FA)
Two-factor Authentication (2FA) provides an additional level of security to your
...
...
doc/security/unlock_user.md
View file @
698864df
...
...
@@ -2,37 +2,44 @@
type
:
howto
---
# How to unlock a locked user
# How to unlock a locked user
from the command line
To unlock a locked user, first log into your server with root privileges
.
After six failed login attempts a user gets in a locked state
.
Start a Ruby on Rails console with this command
:
To unlock a locked user
:
```
bash
gitlab-rails console production
```
1.
SSH into your GitLab server.
1.
Start a Ruby on Rails console:
Wait until the console has loaded.
```
sh
## For Omnibus GitLab
sudo
gitlab-rails console production
There are multiple ways to find your user. You can search for email or username.
## For installations from source
sudo
-u
git
-H
bundle
exec
rails console
RAILS_ENV
=
production
```
```
bash
user
=
User.where
(
id
: 1
)
.first
```
1.
Find the user to unlock. You can search by email or ID.
or
```
ruby
user
=
User
.
find_by
(
email:
'admin@local.host'
)
```
```
bash
user
=
User.find_by
(
email:
'admin@local.host'
)
```
or
Unlock the user:
```
ruby
user
=
User
.
where
(
id:
1
).
first
```
```
bash
user.unlock_access!
```
1.
Unlock the user:
Exit the console, the user should now be able to log in again.
```
ruby
user
.
unlock_access!
```
1.
Exit the console with
<kbd>
Ctrl
</kbd>
+
<kbd>
d
</kbd>
The user should now be able to log in.
<!-- ## Troubleshooting
...
...
doc/security/user_email_confirmation.md
View file @
698864df
---
type
:
howto
---
# User email confirmation at sign-up
GitLab can be configured to require confirmation of a user's email address when
...
...
doc/security/user_file_uploads.md
View file @
698864df
---
type
:
reference
---
# User File Uploads
Images that are attached to issues, merge requests, or comments
...
...
doc/security/webhooks.md
View file @
698864df
---
type
:
concepts, reference, howto
---
# Webhooks and insecure internal web services
If you have non-GitLab web services running on your GitLab server or within its
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment