V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 50s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 50s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
91
docs/man/TRAP_MECHANISM.md
Normal file
91
docs/man/TRAP_MECHANISM.md
Normal file
@@ -0,0 +1,91 @@
|
||||
---
|
||||
gitea: none
|
||||
include_toc: true
|
||||
---
|
||||
|
||||
# 1. CISS.debian.installer
|
||||
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
|
||||
**Master Version**: 8.00<br>
|
||||
**Build**: V8.00.000.2025.06.17<br>
|
||||
|
||||
# 2. Interplay Between Global Hardening Settings and TRAP Mechanisms
|
||||
|
||||
## 2.1. Overview
|
||||
|
||||
The `CISS.debian.installer` employs a dual-layer resilience model:
|
||||
|
||||
1. **Global Hardening Settings** — impose deterministic shell behaviour, enforce strict error handling, and constrain
|
||||
environment variables.
|
||||
2. **TRAP Handlers** — capture, log, and act upon errors, abnormal terminations, and system signals.
|
||||
|
||||
These mechanisms are not isolated; their effectiveness stems from deliberate interplay, ensuring that failure modes are
|
||||
predictable, traceable, and recoverable.
|
||||
|
||||
## 2.2. Baseline Enforcement via Hardening Settings
|
||||
|
||||
The baseline, established in the global hardening module, guarantees:
|
||||
|
||||
- **Immediate reaction to errors** (`errexit`, `pipefail`, `inherit_errexit`).
|
||||
- **Detection of programming flaws** (`nounset` for undefined variables).
|
||||
- **Safe expansion behavior** (`failglob`, `noclobber`, restricted `IFS`).
|
||||
- **Predictable scope inheritance** (`errtrace`, `functrace`).
|
||||
|
||||
This configuration creates a **fail-fast execution profile**: the moment a violation occurs, execution halts, and control
|
||||
transfers to the relevant TRAP.
|
||||
|
||||
## 2.3. TRAP Handlers in Context
|
||||
|
||||
### 2.3.1. `trap ERR`
|
||||
- Activated immediately upon any command failure due to `errexit`.
|
||||
- Reliant on `errtrace` to ensure it triggers within subshells and functions.
|
||||
- Receives detailed state because `nounset` and `pipefail` ensure error codes reflect genuine failure conditions.
|
||||
|
||||
### 2.3.2. `trap EXIT`
|
||||
- Serves as a final safety net, catching failures that `ERR` does not, notably **unbound variable terminations** that bypass `ERR`.
|
||||
- Its reliability depends on `nounset` enforcing such terminations.
|
||||
|
||||
### 2.3.3. `trap INT`
|
||||
- Intercepts `SIGINT` without premature script exit, preserving installer state.
|
||||
- Functions in harmony with `ignoreeof` to prevent unintended terminations from user input.
|
||||
|
||||
### 2.3.4. `trap DEBUG` (conditional)
|
||||
- Works effectively because `functrace` ensures inheritance into functions and subshells.
|
||||
- Captures every executed command when enabled, providing real-time introspection of an otherwise fail-fast script.
|
||||
|
||||
## 2.4. Synergistic Effects
|
||||
|
||||
| Hardening Setting | TRAP Dependency / Effect |
|
||||
|-----------------------------|---------------------------------------------------------------------------------------------------------------|
|
||||
| `errexit` + `pipefail` | Guarantees `trap ERR` fires on true failure points. |
|
||||
| `errtrace` | Propagates `ERR` handling into all call depths. |
|
||||
| `nounset` | Causes unbound variable exits, which `trap EXIT` can diagnose. |
|
||||
| `functrace` | Propagates `DEBUG` and `RETURN` traps for deep stack inspection. |
|
||||
| `ignoreeof` | Complements `trap INT` by reducing unintended exits from user keystrokes. |
|
||||
| `failglob` | Converts invalid filename expansion into explicit errors, caught by `trap ERR`. |
|
||||
| Restricted `PATH` and `IFS` | Ensures TRAP-logged commands run in a controlled environment, reducing false positives and unsafe expansions. |
|
||||
|
||||
## 2.5. Security and Forensic Benefits
|
||||
|
||||
- **Forensic-grade logging**: The combination of deterministic failure points and TRAP logging (`LOG_ERR`, `LOG_EXT`, `LOG_DBG`, `LOG_TRC`, `LOG_VAR`) yields reproducible incident traces.
|
||||
- **Controlled failure domains**: Failures cannot silently propagate or be masked, which is critical for a secure installation pipeline.
|
||||
- **Debugging precision**: By enabling `DEBUG` or `XTRACE` selectively, the developer can overlay deep tracing atop a hardened baseline without altering its guarantees.
|
||||
|
||||
## 2.6. Best Practices
|
||||
|
||||
1. **Never bypass global settings** in individual modules; scope any exceptions with `set +o` locally and restore settings immediately.
|
||||
2. **Leverage TRAPs consistently** — every critical execution path should either succeed deterministically or trigger a TRAP.
|
||||
3. **Enable DEBUG/XTRACE only when needed**, to avoid excessive logging in production and to preserve the security guarantees of secret masking.
|
||||
4. **Correlate TRAP logs with environment dumps** to reconstruct exact runtime conditions when analyzing failures.
|
||||
|
||||
## 2.7. Summary
|
||||
|
||||
The global hardening settings define the strict operating environment; the TRAP mechanisms serve as reactive observers and
|
||||
chroniclers of any deviation from expected execution. Together, they form a **closed-loop control system**: hardening rules
|
||||
trigger TRAP events, and TRAP handlers document, mitigate, or safely terminate the process. This coupling is the foundation for
|
||||
the `CISS.debian.installer`s reliability, auditability, and resistance to both accidental and malicious disruption.
|
||||
|
||||
---
|
||||
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
|
||||
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
|
||||
Reference in New Issue
Block a user