V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 50s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 50s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
91
docs/man/TRAP_MECHANISM.md
Normal file
91
docs/man/TRAP_MECHANISM.md
Normal file
@@ -0,0 +1,91 @@
|
|||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
# 1. CISS.debian.installer
|
||||||
|
|
||||||
|
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||||
|
*The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
|
||||||
|
**Master Version**: 8.00<br>
|
||||||
|
**Build**: V8.00.000.2025.06.17<br>
|
||||||
|
|
||||||
|
# 2. Interplay Between Global Hardening Settings and TRAP Mechanisms
|
||||||
|
|
||||||
|
## 2.1. Overview
|
||||||
|
|
||||||
|
The `CISS.debian.installer` employs a dual-layer resilience model:
|
||||||
|
|
||||||
|
1. **Global Hardening Settings** — impose deterministic shell behaviour, enforce strict error handling, and constrain
|
||||||
|
environment variables.
|
||||||
|
2. **TRAP Handlers** — capture, log, and act upon errors, abnormal terminations, and system signals.
|
||||||
|
|
||||||
|
These mechanisms are not isolated; their effectiveness stems from deliberate interplay, ensuring that failure modes are
|
||||||
|
predictable, traceable, and recoverable.
|
||||||
|
|
||||||
|
## 2.2. Baseline Enforcement via Hardening Settings
|
||||||
|
|
||||||
|
The baseline, established in the global hardening module, guarantees:
|
||||||
|
|
||||||
|
- **Immediate reaction to errors** (`errexit`, `pipefail`, `inherit_errexit`).
|
||||||
|
- **Detection of programming flaws** (`nounset` for undefined variables).
|
||||||
|
- **Safe expansion behavior** (`failglob`, `noclobber`, restricted `IFS`).
|
||||||
|
- **Predictable scope inheritance** (`errtrace`, `functrace`).
|
||||||
|
|
||||||
|
This configuration creates a **fail-fast execution profile**: the moment a violation occurs, execution halts, and control
|
||||||
|
transfers to the relevant TRAP.
|
||||||
|
|
||||||
|
## 2.3. TRAP Handlers in Context
|
||||||
|
|
||||||
|
### 2.3.1. `trap ERR`
|
||||||
|
- Activated immediately upon any command failure due to `errexit`.
|
||||||
|
- Reliant on `errtrace` to ensure it triggers within subshells and functions.
|
||||||
|
- Receives detailed state because `nounset` and `pipefail` ensure error codes reflect genuine failure conditions.
|
||||||
|
|
||||||
|
### 2.3.2. `trap EXIT`
|
||||||
|
- Serves as a final safety net, catching failures that `ERR` does not, notably **unbound variable terminations** that bypass `ERR`.
|
||||||
|
- Its reliability depends on `nounset` enforcing such terminations.
|
||||||
|
|
||||||
|
### 2.3.3. `trap INT`
|
||||||
|
- Intercepts `SIGINT` without premature script exit, preserving installer state.
|
||||||
|
- Functions in harmony with `ignoreeof` to prevent unintended terminations from user input.
|
||||||
|
|
||||||
|
### 2.3.4. `trap DEBUG` (conditional)
|
||||||
|
- Works effectively because `functrace` ensures inheritance into functions and subshells.
|
||||||
|
- Captures every executed command when enabled, providing real-time introspection of an otherwise fail-fast script.
|
||||||
|
|
||||||
|
## 2.4. Synergistic Effects
|
||||||
|
|
||||||
|
| Hardening Setting | TRAP Dependency / Effect |
|
||||||
|
|-----------------------------|---------------------------------------------------------------------------------------------------------------|
|
||||||
|
| `errexit` + `pipefail` | Guarantees `trap ERR` fires on true failure points. |
|
||||||
|
| `errtrace` | Propagates `ERR` handling into all call depths. |
|
||||||
|
| `nounset` | Causes unbound variable exits, which `trap EXIT` can diagnose. |
|
||||||
|
| `functrace` | Propagates `DEBUG` and `RETURN` traps for deep stack inspection. |
|
||||||
|
| `ignoreeof` | Complements `trap INT` by reducing unintended exits from user keystrokes. |
|
||||||
|
| `failglob` | Converts invalid filename expansion into explicit errors, caught by `trap ERR`. |
|
||||||
|
| Restricted `PATH` and `IFS` | Ensures TRAP-logged commands run in a controlled environment, reducing false positives and unsafe expansions. |
|
||||||
|
|
||||||
|
## 2.5. Security and Forensic Benefits
|
||||||
|
|
||||||
|
- **Forensic-grade logging**: The combination of deterministic failure points and TRAP logging (`LOG_ERR`, `LOG_EXT`, `LOG_DBG`, `LOG_TRC`, `LOG_VAR`) yields reproducible incident traces.
|
||||||
|
- **Controlled failure domains**: Failures cannot silently propagate or be masked, which is critical for a secure installation pipeline.
|
||||||
|
- **Debugging precision**: By enabling `DEBUG` or `XTRACE` selectively, the developer can overlay deep tracing atop a hardened baseline without altering its guarantees.
|
||||||
|
|
||||||
|
## 2.6. Best Practices
|
||||||
|
|
||||||
|
1. **Never bypass global settings** in individual modules; scope any exceptions with `set +o` locally and restore settings immediately.
|
||||||
|
2. **Leverage TRAPs consistently** — every critical execution path should either succeed deterministically or trigger a TRAP.
|
||||||
|
3. **Enable DEBUG/XTRACE only when needed**, to avoid excessive logging in production and to preserve the security guarantees of secret masking.
|
||||||
|
4. **Correlate TRAP logs with environment dumps** to reconstruct exact runtime conditions when analyzing failures.
|
||||||
|
|
||||||
|
## 2.7. Summary
|
||||||
|
|
||||||
|
The global hardening settings define the strict operating environment; the TRAP mechanisms serve as reactive observers and
|
||||||
|
chroniclers of any deviation from expected execution. Together, they form a **closed-loop control system**: hardening rules
|
||||||
|
trigger TRAP events, and TRAP handlers document, mitigate, or safely terminate the process. This coupling is the foundation for
|
||||||
|
the `CISS.debian.installer`s reliability, auditability, and resistance to both accidental and malicious disruption.
|
||||||
|
|
||||||
|
---
|
||||||
|
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
|
||||||
|
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
|
||||||
@@ -108,6 +108,8 @@ prepare_mounts() {
|
|||||||
|
|
||||||
do_log "info" "file_only" "4010() Command: [do_in_target ${TARGET} mkdir -p /etc/systemd/system/multi-user.target.wants] successful."
|
do_log "info" "file_only" "4010() Command: [do_in_target ${TARGET} mkdir -p /etc/systemd/system/multi-user.target.wants] successful."
|
||||||
|
|
||||||
|
mkdir -p "${TARGET}/media/cdrom0"
|
||||||
|
|
||||||
# shellcheck disable=SC2034
|
# shellcheck disable=SC2034
|
||||||
declare -gx VAR_CHROOT_ACTIVATED="system"
|
declare -gx VAR_CHROOT_ACTIVATED="system"
|
||||||
do_log "info" "file_only" "4010() Command: [declare -gx VAR_CHROOT_ACTIVATED=system]"
|
do_log "info" "file_only" "4010() Command: [declare -gx VAR_CHROOT_ACTIVATED=system]"
|
||||||
|
|||||||
@@ -177,7 +177,8 @@ EOF
|
|||||||
|
|
||||||
cat << 'EOF' >> "${TARGET}/etc/fstab"
|
cat << 'EOF' >> "${TARGET}/etc/fstab"
|
||||||
|
|
||||||
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
|
/dev/sr0 /media/cdrom0 auto noauto,nofail,ro,user,x-systemd.automount,x-systemd.device-timeout=0 0 0
|
||||||
|
#/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
do_log "info" "file_only" "4200() fstab entry generated: '/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0'."
|
do_log "info" "file_only" "4200() fstab entry generated: '/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0'."
|
||||||
|
|||||||
Reference in New Issue
Block a user