Securing Jenkins Build Server
The very basic thing needs to be understood here is that to secure the Jenkins because it is open. Anyone can make use of the URL for accessing the Jenkins and perform the tasks of all kinds available in Jenkins. Hence, this needs to be secured. As a best practice, it is recommended to always secure Jenkins and then configure the global security. The best way is to use Jenkins by configuring to our own local database.
Below are the steps to be followed in order to secure Jenkins:
- Deploy the Jenkins.war and start the server.
- Open the Jenkins home page and click on Manage Jenkins.
- In the Manage Jenkins page, click on Setup Security button.
- In the next page, select the enable security check box.
- Here, the very first thing to be done is to set the security realm. The easiest way to do this is to have Jenkins with our own database. To achieve this, select the option Jenkins own user database. Also, ensure that Allow users to sign up checkbox is also checked. Save the configuration.
- Now a link Sign up will be available. Click on the same and fill the form to sign up. Once successful, log in with the account created.
You can see the details in the Navbar, once you are logged in.
- Now click on the Manage Jenkins & select Configure Global Security. Under the security realm section, uncheck the option Allow users to sign up. This will ensure that no new users can be created with your permission.
- Now, we need to configure the authentication for the accounts. The 2 best options preferred are Matrix-based security & Project-base project authorization strategy. This enables you to set per user for the actions which they can perform. Here, I have considered Matrix-based security
- Save the form. Logout and login again.
- A login page will be displayed and login with the created account.