GitLab Linux Onboarding 101
Welcome to the GitLab Linux Community
While MacBooks are the primary device choice for most of our members, we do offer the option for technical team members to use Linux. We expect all of our Linux users to be familiar with the platform and to be self-sufficient in setting up their work environments, while also staying compliant with our security policies. However, we also want to make sure that everyone who joins our team is able to get set-up with the basic tools needed to get started without any issues. As such, this guide is designed to address common issues that users encountered when setting up their new machines.
NOTE: We generally do not provide in-depth technical support for Linux, but we can assist with making sure that users can log into Okta.
Table of Contents
- Before You Begin
- Security Requirements
- Initial Installation and Disk Encryption
- Initial Okta Login
- Device Management and Endpoint Security
- Additional Resources
Before You Begin
To get set up on your new Linux laptop, you will need to have the following:
- Your GitLab-provided Dell laptop
- A boot-capable USB drive (At least 8GB)
- An up-to-date iOS or Android device with a camera OR a YubiKey
- The Okta activation email sent to your personal email on your first day
Security Requirements
Note: We use Ubuntu as our preferred distribution. While it may be possible to use other distributions, this guide assumes the use of Ubuntu. We may also restrict other distributions depending on our ever-evolving security needs.
Before being able to log into Okta, a number of security requirements must be met
- Disk encryption must be enabled
- The laptop’s hostname must match our standard naming convention
- Fleet Device Management must be installed
- Endpoint Security (CrowdStrike Falcon OR SentinelOne (Germany,the Netherlands, Italy, and Austria only)) must be installed
Initial Installation and Disk Encryption
The default version of Ubuntu that ships on Linux does not have disc encryption enabled. While it may be possible to encrypt a disk after an OS has been set up, it is not recommended and will likely result in further issues. As such, you will need to reinstall the OS before continuing.
- Download the latest Ubuntu LTS release here
- Create a bootable USB drive using balenaEtcher or similar
- Follow this guide to erase the disk and install a fresh copy of Ubuntu.
- Install third-party for graphics and Wi-Fi
- Make sure to select
Use LVM and encryptionwhen prompted - Complete the installation and boot into your desktop
- Enable the firewall:
- Open the terminal and run
sudo ufw status - If the response is
Status: inactiverunsudo ufw enable - If ufw is not installed, run
sudo apt install ufwfirst.
- Open the terminal and run
- Update your system:
- Open the terminal and run
sudo apt update && sudo apt upgrade
- Open the terminal and run
- Enable fingerprint verification for fast logins - Log in with a fingerprint
- Additional resources: fprint
Initial Okta Login
IMPORTANT: As a new-hire, you will be able to perform your initial Okta login without all security requirements being met. However, all required steps must be completed on your first day or you will no longer be able log in.
Complete all required steps here before continuing.
Device Management and Endpoint Security
We utilize Fleet to manage all of our Linux devices. Fleet will enable you to access Okta, provides a central repository for some of our most commonly used applications (e.g. Zoom), and will let you know about any potential security issues on your laptop.
Please use this page for the installation files and guide.
Enrolling your laptop in Fleet will also automatically install CrowdStrike Falcon, on your machine unless you are based in Germany, the Netherlands, Italy, or Austria.
SentinelOne Installation - Germany, the Netherlands, Italy, and Austria Only
As CrowdStrike has not yet been approved for the above regions, users there will need to manually install SentinelOne Endpoint security in addition to Fleet.
Please click here for the necessary files and set-up instructions.
Additional Resources
- Linux tools and tips
- CrowdStrike - Endpoint Detection and Response
- YubiKey Self-Service Purchasing Guide
- 1Password for Linux
- #linux in Slack for questions and discussions
Need Help?
If you need further assistance with setting up your laptop please join our weekly onboarding call scheduled every Tuesday (Check your Calendar!) or reach out to us in Slack in the #it_help channel or via it-help@gitlab.com.
975729d2)
