msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-08-08 17:54:25 +02:00
parent 166186a8f0
commit 06c093e0a1
26 changed files with 156 additions and 2050 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
includes/target/etc/skel/.bashrc
View File

@@ -25,34 +25,63 @@ export PATH
trap ' "${SHELL}" "${HOME}/.ciss/clean_logout.sh" ' 0
. "${HOME}/.ciss/alias"
. "${HOME}/.ciss/f2bchk.sh"
. "${HOME}/.ciss/shortcuts"
. "${HOME}/.ciss/scan_libwrap"
. "${HOME}/.ciss/shortcuts"
### Preferred editor for local and remote sessions.
export EDITOR="nano"
### History-Settings
# -'ignoreboth' Do not put duplicate lines or lines starting with space in the history.
# -'erasedups' Causes all previous lines matching the current line to be removed from the history list before that line is saved.
export HISTCONTROL="erasedups"
# The name of the file in which command history is saved. The default value is ~/.bash_history. If unset, the command history is
# not saved when a shell exits.
# -'erasedups' Causes all previous lines matching the current line to be removed from the history before that line is saved.
export HISTCONTROL='ignoreboth:erasedups'
# The name of the file in which command history is saved. The default value is ~/.bash_history. If unset, the command history
# is not saved when a shell exits.
export HISTFILE=~/.bash_history
# The maximum number of lines contained in the history file.
export HISTFILESIZE="16384"
# The number of commands to remember in the command history. If the value is 0, commands are not saved in the history list.
# Numeric values less than zero result in every command being saved on the history list (there is no limit).
export HISTSIZE="16384"
# If this variable is set, time stamps are written to the history file, so they may be preserved across shell sessions.
export HISTTIMEFORMAT='%F %T '
export HISTTIMEFORMAT='%F %T %z '
# Optional, cautious filters (avoids trivial leaks, but not foolproof). Caution: HISTIGNORE is coarse-grained, don't overdo it.
export HISTIGNORE='*PASS*:*pass*:*secret*:*token*:*API_KEY*'
# With only histappend, entries can be lost or merge with each other in the event of a crash or multiple sessions.
# "-a": Appends new entries from RAM to the file.
# "-c": Then empties only the RAM buffer. Not used here for performance reasons.
# "-r": Loads the file back into RAM.
__ciss_hist_pc__='history -a; history -n'
if [[ ${PROMPT_COMMAND-} != *"history -a; history -n"* ]]; then
PROMPT_COMMAND="${PROMPT_COMMAND:+${PROMPT_COMMAND}; }${__ciss_hist_pc__}"
fi
unset __ciss_hist_pc__
export PROMPT_COMMAND
# Check the window size after each command and, if necessary, update the values of "LINES" and "COLUMNS".
shopt -s checkwinsize
# Append to the history file, don't overwrite it.
shopt -s histappend
# If set, the pattern "**" used in a pathname expansion context will match all files and zero or more directories and subdirectories.
shopt -s globstar
# Multi-line entries (line breaks using \ or via PS2) are stored in the history as a single entry.
shopt -s cmdhist
# Works in addition to cmdhist: Multi-line commands are stored in the history with real newlines, i.e., in their original format.
shopt -s lithist
# Check History permissions.
[[ -f "${HISTFILE}" ]] && chmod 0600 "${HISTFILE}"
### Define colors for bash prompt.
export CRED='\033[1;91m'
export CGRE='\033[1;92m'
@@ -91,12 +120,12 @@ printf "\n"
printf "\n"
#printf "\n"
#printf "%s🔐 Coresecret Channel Established. %s%s" "${CRED}" "${CRES}" "${NL}"
#printf "%s✅ Welcome back %s " "${CGRE}" "${CRES}"
#printf "%s'%s'%s" "${CMAG}" "${USER}" "${CRES}"
#printf "%s! Type%s " "${CGRE}" "${CRES}"
#printf "%s'celp'%s " "${CMAG}" "${CRES}"
#printf "%sfor shortcuts. %s%s" "${CGRE}" "${CRES}" "${NL}"
#printf "%b🔐 Coresecret Channel Established. %b%b" "${CRED}" "${CRES}" "${NL}"
#printf "%b✅ Welcome back %b " "${CGRE}" "${CRES}"
#printf "%b'%s'%b" "${CMAG}" "${USER}" "${CRES}"
#printf "%b! Type%b " "${CGRE}" "${CRES}"
#printf "%b'celp'%b " "${CMAG}" "${CRES}"
#printf "%bfor shortcuts. %b%b" "${CGRE}" "${CRES}" "${NL}"
#printf "\n"
#printf "\n"

41
includes/target/etc/skel/.zshrc
View File

@@ -10,7 +10,7 @@
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
[[ $- != *i* ]] && return
[[ -o interactive ]] || return
# shellcheck disable=SC2312
if [[ "$(id -u)" -eq 0 ]]; then
@@ -28,7 +28,7 @@ export PATH
export ZSH="${HOME}/.oh-my-zsh"
# Set the name of the theme to load --- if set to "random", it will load a random theme each time Oh My Zsh is loaded, in which
# case, to know which specific one was loaded, run: echo $RANDOM_THEME. See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
# case, to know what specific theme was loaded, run: echo $RANDOM_THEME. See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
export ZSH_THEME="robbyrussell"
# Set the list of themes to pick from when loading at random Setting this variable when ZSH_THEME=random will cause zsh to load
@@ -119,7 +119,7 @@ source ${ZSH}/oh-my-zsh.sh
# alias zshconfig="mate ~/.zshrc"
# alias ohmyzsh="mate ~/.oh-my-zsh"
### Added by CISS.debian.hardening ###
### Added by CISS.debian.hardening-Installer ###
trap ' "${SHELL}" "${HOME}/.ciss/clean_logout.sh" ' 0
. "${HOME}/.ciss/alias"
. "${HOME}/.ciss/shortcuts"
@@ -148,10 +148,29 @@ alias rm='rm -iv'
export EDITOR="nano"
### History
# The name of the file in which command history is saved.
export HISTFILE="${HOME}/.zsh_history"
export HISTSIZE=4294967296
export SAVEHIST=4294967296
# The maximum number of lines contained in the history file.
export HISTSIZE=16384
# The number of commands to remember in the command history.
export SAVEHIST=16384
# Timestamp in the file: epoch:duration;command.
setopt EXTENDED_HISTORY
# Append, do not overwrite.
setopt APPEND_HISTORY
# Append lines immediately to the file.
setopt INC_APPEND_HISTORY
# Reload new lines from other sessions.
setopt SHARE_HISTORY
# Leading space do not log.
setopt HIST_IGNORE_SPACE
# When writing out the history file, older commands that duplicate newer ones are omitted.
setopt HIST_SAVE_NO_DUPS
# Remove superfluous blanks from each command line being added to the history list.
setopt HIST_REDUCE_BLANKS
# Check History permissions.
[[ -f "${HISTFILE}" ]] && chmod 0600 "${HISTFILE}"
### Define Users
if [ "${UID}" -eq 0 ]; then
@@ -166,12 +185,12 @@ RPROMPT='%h|[${USER_COLOR}%*%f]'
### Welcome message after login.
printf "\n"
printf "%s🔐 Coresecret Channel Established. %s%s" "${CRED}" "${CRES}" "${NL}"
printf "%s✅ Welcome back %s " "${CGRE}" "${CRES}"
printf "%s'%s'%s" "${CMAG}" "${USER}" "${CRES}"
printf "%s! Type%s " "${CGRE}" "${CRES}"
printf "%s'celp'%s " "${CMAG}" "${CRES}"
printf "%sfor shortcuts. %s%s" "${CGRE}" "${CRES}" "${NL}"
printf "%b🔐 Coresecret Channel Established. %b%b" "${CRED}" "${CRES}" "${NL}"
printf "%b✅ Welcome back %b " "${CGRE}" "${CRES}"
printf "%b'%b'%b" "${CMAG}" "${USER}" "${CRES}"
printf "%b! Type%b " "${CGRE}" "${CRES}"
printf "%b'celp'%b " "${CMAG}" "${CRES}"
printf "%bfor shortcuts. %b%b" "${CGRE}" "${CRES}" "${NL}"
printf "\n"
printf "\n"

4
includes/target/etc/ssh/sshd_config
View File

@@ -24,8 +24,8 @@ Compression no
LogLevel VERBOSE
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
ListenAddressIPV4 0.0.0.0
ListenAddressIPV6 ::
Port MUST_BE_CHANGED
AllowUsers root
UseDNS no