Hello Stephen, Thanks a lot for your reply. I understand that the weakest link is the source code in the SCM. But assuming that the code coming from SCM is trusted in the main branch of project, as multiple people review the code before it gets pushed to the master.
One thing that I've observed that the Jenkins users with Administer/Run_Scripts permissions get to have way more rights than they should. For example- 1. They can change the Jenkins configuration or the Global Security Configuration 2. Get the SSH keys that Master uses to communicate with Slaves. This will potentially lead to a malicious actor getting access into the build machine. 3. Decrypt and print the credentials stored in the Jenkins home Directory Can we have any security policy that is imposed from outside the Jenkins to prevent such actions to be taken. Eg: OS level hardening that prevent Jenkins users from changing certain parameters in the home directory? Regards, Rahul Katneni On Thursday, July 31, 2014 3:36:41 PM UTC-7, Stephen Connolly wrote: > > > > On Thursday, 31 July 2014, Rahul Harikrishna <rahul.ha...@gmail.com > <javascript:>> wrote: > >> Hello Jenkins Users !! >> >> I'm a Jenkins Newbie and from a security background... >> >> 1. I'm wondering what kind of System-level hardening must be done on >> Jenkins Masters server instances? Also on the slaves machines ? >> > > In general you want both master and slaves to be at an equivalent level of > trust. > > The slaves will be running builds, ie code, that comes from SCM... So you > have the potential that they could run untrusted code... Or to put it > another way, your slaves are at best only as secure as your SCM... Unless > you sandbox your builds somehow. > > In general though, slaves can be configured to at most have one in-bound > port open (SSH) or even be behind a NAT router if connecting over JNLP > > >> >> 2. Can an admin of Jenkins CI get SSH keys for the communication with >> slaves using the jenkins script console? >> >> > Yes, anyone who has RUN_SCRIPTS can extract any file accessible by the > user running Jenkins from the master and thus can potentially extract any > secret stored on the master. This is why things like the Script Security > plugin can help where you need to use groovy but don't want to leave a > gaping hole. > > >> 3. Is there any good blog/book/article on Jenkins best practices for >> keeping them secure. >> > > The weakest point is typically the SCM... If a developers machine is > compromised their credentials can be used to commit a vector to compromise > the slave&/master > > >> >> > > > > > > > > > > > > > >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to jenkinsci-users+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > Sent from my phone > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
