V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/cdi_4100_base/4160_installation_eza.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Install Cisofy Lynis.
+# Globals:
+#   TARGET
+# Arguments:
+#   None
+# Returns:
+#   0: on success
+#######################################
+installation_eza() {
+  ### Declare Arrays, HashMaps, and Variables.
+  declare -r  var_logfile="/root/.ciss/cdi/log/4160_installation_eza.log"
+
+  chroot_logger "${TARGET}${var_logfile}"
+
+  # shellcheck disable=SC2312
+  wget -qO- https://raw.githubusercontent.com/eza-community/eza/main/deb.asc | \
+    gpg --dearmor -o  "${TARGET}/etc/apt/trusted.gpg.d/gierens.gpg"
+
+  insert_header   "${TARGET}/etc/apt/sources.list.d/gierens.sources"
+  insert_comments "${TARGET}/etc/apt/sources.list.d/gierens.sources"
+  cat << 'EOF' >> "${TARGET}/etc/apt/sources.list.d/gierens.sources"
+#------------------------------------------------------------------------------------------------------------------------------#
+#                                                     OFFICIAL GIERENS REPOS                                                   #
+#------------------------------------------------------------------------------------------------------------------------------#
+Types: deb
+URIs: https://deb.gierens.de
+Suites: stable
+Components: main
+Enabled: yes
+Signed-By: /etc/apt/trusted.gpg.d/gierens.gpg
+
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
+EOF
+
+  chroot_script "${TARGET}" "
+    export INITRD=No
+    apt-get update
+    apt-get install -y --no-install-recommends --no-install-suggests eza 2>&1 | tee -a ${var_logfile}
+    echo ExitCode: \$? >> ${var_logfile}
+  "
+
+  guard_dir && return 0
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

func/cdi_4100_base/4170_installation_lynis.sh

@@ -23,7 +23,7 @@ guard_sourcing
 #######################################
 installation_lynis() {
   ### Declare Arrays, HashMaps, and Variables.
-  declare -r  var_logfile="/root/.ciss/cdi/log/4160_installation_lynis.log"
+  declare -r  var_logfile="/root/.ciss/cdi/log/4170_installation_lynis.log"
 
   chroot_logger "${TARGET}${var_logfile}"
 

func/cdi_4500_user/4500_accounts_preparation.sh

@@ -38,6 +38,7 @@ accounts_preparation() {
 
   install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.bashrc" "${TARGET}/etc/skel/.bashrc"
   install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.zshrc" "${TARGET}/etc/skel/.zshrc"
+  install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/theme_eza_ciss.yml" "${TARGET}/etc/skel/.ciss/"
   install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.ciss/alias" "${TARGET}/etc/skel/.ciss/alias"
   install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.ciss/clean_logout.sh" "${TARGET}/etc/skel/.ciss/clean_logout.sh"
   install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.ciss/f2bchk.sh" "${TARGET}/etc/skel/.ciss/f2bchk.sh"

func/cdi_4500_user/4520_accounts_setup.sh

@@ -54,6 +54,7 @@ accounts_setup() {
   install -d -m 0700 -o root -g root "${TARGET}/root/.ssh"
   install -m 0600 -o root -g root /dev/null "${TARGET}/root/.ssh/authorized_keys"
   install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.bashrc" "${TARGET}/root/"
+  install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/theme_eza_ciss.yml" "${TARGET}/root/.ciss/"
 
   if [[ "${user_root_shell}" == "/bin/zsh" ]]; then
 
@@ -189,7 +190,18 @@ EOF
 
   [[ "${user_root_authentication_2fa_tty}" == "true" ]] && pam_access_totp_enable "root" "login"
 
-  ### 7) Final status logging.
+  ### 7) Install eza themes.
+  eza_installer "root"
+
+  ### 8) Double check permissions.
+  ###    Directories: 0700
+  find "${TARGET}/root" -type d -exec chmod 0700 {} +
+  ###    Executable files: 0700 (any x-bit set)
+  find "${TARGET}/root" -type f -perm /111 -exec chmod 0700 {} +
+  ###    Non-executable files: 0600
+  find "${TARGET}/root" -type f ! -perm /111 -exec chmod 0600 {} +
+
+  ### 9) Final status logging.
   do_log "info" "file_only" "4520() User: 'root' updated."
 
 
@@ -247,6 +259,7 @@ EOF
           --shell "${var_shell}" \
           --uid "${var_uid}" \
           "${var_username}"
+        eza_installer "${var_username}"
         ;;
 
       true:false)
@@ -427,6 +440,34 @@ EOF
   guard_dir && return 0
 }
 
+#######################################
+# Install eza CISS theme for the respective user.
+# Globals:
+#   TARGET
+# Arguments:
+#   1: Username
+# Returns:
+#   0: on success
+#######################################
+eza_installer() {
+  ### Declare Arrays, HashMaps, and Variables.
+  declare     var_user="${1}"
+  case "${1}" in
+    root) declare var_base="/root"             ;;
+    *)    declare var_base="/home/${var_user}" ;;
+  esac
+
+  chroot_script "${TARGET}" "
+    cd ${var_base}
+    git clone https://github.com/eza-community/eza-themes.git
+    mkdir -p ${var_base}/.config/eza
+  "
+
+  ln -sf "${TARGET}${var_base}/.ciss/theme_eza_ciss.yml" "${TARGET}${var_base}/.config/eza/theme.yml"
+
+  return 0
+}
+
 #######################################
 # Generates a deterministic TOTP secret based on:
 # Username, FQDN, MFA salt, MFA master seed