Last active
August 12, 2020 18:31
-
-
Save peterjenkins1/8f8bdbc82669314f7a2cc392f48be6a0 to your computer and use it in GitHub Desktop.
Harden Jenkins with groovy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Harden Jenkins and remove all the nagging warnings in the web interface | |
| import jenkins.model.Jenkins | |
| import jenkins.security.s2m.* | |
| Jenkins jenkins = Jenkins.getInstance() | |
| // Disable remoting | |
| jenkins.getDescriptor("jenkins.CLI").get().setEnabled(false) | |
| // Enable Agent to master security subsystem | |
| jenkins.injector.getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false); | |
| // Disable jnlp | |
| jenkins.setSlaveAgentPort(-1); | |
| // Disable old Non-Encrypted protocols | |
| HashSet<String> newProtocols = new HashSet<>(jenkins.getAgentProtocols()); | |
| newProtocols.removeAll(Arrays.asList( | |
| "JNLP3-connect", "JNLP2-connect", "JNLP-connect", "CLI-connect" | |
| )); | |
| jenkins.setAgentProtocols(newProtocols); | |
| jenkins.save() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment