From: Thanh Ha <thanh.ha@linuxfoundation.org>
Date: Sat, 9 Jun 2018 17:46:12 +0000 (-0400)
Subject: Add Jenkins Security configuration docs
X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=0918d3be174519f54b460621f3310faa6a544a0f;p=releng%2Fdocs.git

Add Jenkins Security configuration docs

Issue: RELENG-981
Change-Id: I95917b9768a5cf70b39f9c0c5f922239a3881276
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
---

diff --git a/docs/infra/jenkins.rst b/docs/infra/jenkins.rst
index ee48f48..0bed30a 100644
--- a/docs/infra/jenkins.rst
+++ b/docs/infra/jenkins.rst
@@ -65,3 +65,21 @@ Jenkins requires admin level configuration to work with GitHub.
       GitHub client cache size (MB): 20
 
 #. Click ``Re-register hooks for all jobs``
+
+.. _jenkins-security:
+
+Security Configuration
+======================
+
+Security recommendations for Jenkins.
+
+#. Install the `OWASP Markup Formater Plugin
+   <http://wiki.jenkins-ci.org/display/JENKINS/OWASP+Markup+Formatter+Plugin>`_
+#. Navigate to `https://jenkins.example.org/configureSecurity/`
+#. Configure the following:
+
+   * Enable ``CSRF Protection`` with ``Default Crumb Issuer``
+   * Enable ``Agent -> Master Access Control``
+   * Disable ``JNLP Protocol 1 - 3``
+   * Enable ``JNLP Protocol 4``
+   * Set ``Markup Formatter`` to ``Safe HTML``