msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m24s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-13 17:40:19 +01:00
parent 628fc1c29e
commit 4e90eb96a3
24 changed files with 46 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
func/cdi_4000_debootstrap/4015_check_usr_merge.sh
View File

@@ -39,14 +39,14 @@ check_usr_merge() {
test -L /bin && test $(readlink -f /bin) = '/usr/bin' && echo 'MERGED:/bin' >> ${var_logfile} || echo 'UNMERGED:/bin' >> ${var_logfile} test -L /bin && test $(readlink -f /bin) = '/usr/bin' && echo 'MERGED:/bin' >> ${var_logfile} || echo 'UNMERGED:/bin' >> ${var_logfile}
test -L /sbin && test $(readlink -f /sbin) = '/usr/sbin' && echo 'MERGED:/sbin' >> ${var_logfile} || echo 'UNMERGED:/sbin' >> ${var_logfile} test -L /sbin && test $(readlink -f /sbin) = '/usr/sbin' && echo 'MERGED:/sbin' >> ${var_logfile} || echo 'UNMERGED:/sbin' >> ${var_logfile}
test -L /lib && test $(readlink -f /lib) = '/usr/lib' && echo 'MERGED:/lib' >> ${var_logfile} || echo 'UNMERGED:/lib' >> ${var_logfile} test -L /lib && test $(readlink -f /lib) = '/usr/lib' && echo 'MERGED:/lib' >> ${var_logfile} || echo 'UNMERGED:/lib' >> ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
if [[ "${architecture}" == "amd64" ]]; then if [[ "${architecture}" == "amd64" ]]; then
# shellcheck disable=SC2312 # shellcheck disable=SC2312
chroot_script "${var_target}" " chroot_script "${var_target}" "
test -L /lib64 && test $(readlink -f /lib64) = '/usr/lib64' && echo 'MERGED:/lib64' >> ${var_logfile} || echo 'UNMERGED:/lib64' >> ${var_logfile} test -L /lib64 && test $(readlink -f /lib64) = '/usr/lib64' && echo 'MERGED:/lib64' >> ${var_logfile} || echo 'UNMERGED:/lib64' >> ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
fi fi

6
func/cdi_4100_base/4110_update_sources.sh
View File

@@ -39,7 +39,7 @@ update_sources() {
### Update generated sources. ### Update generated sources.
# shellcheck disable=SC2312 # shellcheck disable=SC2312
chroot_script "${var_target}" "apt-get update 2>&1 | tee -a ${var_logfile}; echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}" chroot_script "${var_target}" "apt-get update 2>&1 | tee -a ${var_logfile}; echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}"
do_log "info" "file_only" "4110() Sources lists: updated successfully." do_log "info" "file_only" "4110() Sources lists: updated successfully."
@@ -49,7 +49,7 @@ update_sources() {
chroot_script "${var_target}" " chroot_script "${var_target}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
do_log "info" "file_only" "4110() The update policy was set at installation time to: '${apt_updates_policy}'." do_log "info" "file_only" "4110() The update policy was set at installation time to: '${apt_updates_policy}'."
@@ -58,7 +58,7 @@ update_sources() {
chroot_script "${var_target}" " chroot_script "${var_target}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
# shellcheck disable=SC2016 # shellcheck disable=SC2016

2
func/cdi_4100_base/4120_installation_kernel.sh
View File

@@ -49,7 +49,7 @@ installation_kernel() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${image} initramfs-tools 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests ${image} initramfs-tools 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
do_log "info" "file_only" "4120() Kernel image: '${image}' installed successfully." do_log "info" "file_only" "4120() Kernel image: '${image}' installed successfully."

2
func/cdi_4100_base/4130_installation_toolset.sh
View File

@@ -97,7 +97,7 @@ installation_toolset() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
fi fi

2
func/cdi_4100_base/4131_installation_systemd.sh
View File

@@ -36,7 +36,7 @@ installation_systemd() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
else else

4
func/cdi_4100_base/4140_installation_microcode.sh
View File

@@ -57,7 +57,7 @@ installation_microcode() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
else else
@@ -65,7 +65,7 @@ installation_microcode() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests --only-upgrade ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests --only-upgrade ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
fi fi

2
func/cdi_4100_base/4145_installation_firmware.sh
View File

@@ -295,7 +295,7 @@ installation_firmware() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${ary_pkgs_resolved[*]} 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests ${ary_pkgs_resolved[*]} 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
guard_dir && return 0 guard_dir && return 0

4
func/cdi_4100_base/4150_installation_chrony.sh
View File

@@ -50,7 +50,7 @@ installation_chrony() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests chrony 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests chrony 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
if [[ ! -e "${TARGET}/etc/systemd/system/multi-user.target.wants/chrony.service" ]]; then if [[ ! -e "${TARGET}/etc/systemd/system/multi-user.target.wants/chrony.service" ]]; then
@@ -71,7 +71,7 @@ installation_chrony() {
do_log "debug" "file_only" "4150() Executing: [chroot_script ${TARGET} chronyd -Q -f /etc/chrony/chrony.conf]." do_log "debug" "file_only" "4150() Executing: [chroot_script ${TARGET} chronyd -Q -f /etc/chrony/chrony.conf]."
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
chronyd -Q -f /etc/chrony/chrony.conf 2>&1 | tee -a ${var_logfile} chronyd -Q -f /etc/chrony/chrony.conf 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
do_log "info" "file_only" "4150() Chrony NTPsec client installed." do_log "info" "file_only" "4150() Chrony NTPsec client installed."

2
func/cdi_4100_base/4160_installation_eza.sh
View File

@@ -51,7 +51,7 @@ EOF
export INITRD=No export INITRD=No
apt-get update apt-get update
apt-get install -y --no-install-recommends --no-install-suggests eza 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests eza 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
guard_dir && return 0 guard_dir && return 0

2
func/cdi_4100_base/4170_installation_lynis.sh
View File

@@ -51,7 +51,7 @@ EOF
export INITRD=No export INITRD=No
apt-get update apt-get update
apt-get install -y --no-install-recommends --no-install-suggests lynis 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests lynis 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
guard_dir && return 0 guard_dir && return 0

6
func/cdi_4200_boot/4230_installation_grub.sh
View File

@@ -78,7 +78,7 @@ installation_grub() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends grub2-common grub-efi-amd64 grub-efi-amd64-bin 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends grub2-common grub-efi-amd64 grub-efi-amd64-bin 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
;; ;;
@@ -86,7 +86,7 @@ installation_grub() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends grub2-common grub-efi-arm64 grub-efi-arm64-bin 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends grub2-common grub-efi-arm64 grub-efi-arm64-bin 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
;; ;;
@@ -101,7 +101,7 @@ installation_grub() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends grub2-common grub-pc grub-pc-bin 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends grub2-common grub-pc grub-pc-bin 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
fi fi

8
func/cdi_4300_network/4300_installation_network.sh
View File

@@ -46,19 +46,19 @@ installation_network() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get purge -y dhcpcd isc-dhcp-client 2>&1 | tee -a ${var_logfile} apt-get purge -y dhcpcd isc-dhcp-client 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-suggests dhcpcd-base ifupdown 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-suggests dhcpcd-base ifupdown 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
systemctl disable systemd-networkd NetworkManager 2>/dev/null | tee -a ${var_logfile} || true systemctl disable systemd-networkd NetworkManager 2>/dev/null | tee -a ${var_logfile} || true
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
mkdir -p "${TARGET}/etc/network/interfaces.d" mkdir -p "${TARGET}/etc/network/interfaces.d"
@@ -230,7 +230,7 @@ EOF
### Check dhcpcd connectivity. ### Check dhcpcd connectivity.
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
dhcpcd -T ${VAR_FINAL_NIC} | tee -a ${var_logfile} dhcpcd -T ${VAR_FINAL_NIC} | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
guard_dir && return 0 guard_dir && return 0

2
func/cdi_4300_network/4305_installation_netsec.sh
View File

@@ -30,7 +30,7 @@ installation_netsec() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-suggests fail2ban ufw 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-suggests fail2ban ufw 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
guard_dir && return 0 guard_dir && return 0

6
func/cdi_4300_network/4320_update_initramfs.sh
View File

@@ -32,18 +32,18 @@ update_initramfs() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
update-grub 2>&1 | tee -a ${var_logfile} update-grub 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
depmod -a ${var_kernel} 2>&1 | tee -a ${var_logfile} depmod -a ${var_kernel} 2>&1 | tee -a ${var_logfile}
update-initramfs -c -v -k all 2>&1 | tee -a ${var_logfile} update-initramfs -c -v -k all 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
update-grub 2>&1 | tee -a ${var_logfile} update-grub 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
chmod 0400 "${TARGET}/boot/grub/grub.cfg" chmod 0400 "${TARGET}/boot/grub/grub.cfg"

2
func/cdi_4400_hardening/4480_hardening_usb.sh
View File

@@ -31,7 +31,7 @@ hardening_usb() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests usbguard 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests usbguard 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
touch /tmp/rules.conf touch /tmp/rules.conf
usbguard generate-policy >| /tmp/rules.conf usbguard generate-policy >| /tmp/rules.conf

2
func/cdi_4400_hardening/4490_hardening_virus.sh
View File

@@ -30,7 +30,7 @@ hardening_virus() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests rkhunter 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests rkhunter 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
guard_dir && return 0 guard_dir && return 0

2
func/cdi_4500_user/4500_accounts_preparation.sh
View File

@@ -31,7 +31,7 @@ accounts_preparation() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests bash-completion fzf 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests bash-completion fzf 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
mkdir -p "${TARGET}/etc/skel/.ciss" mkdir -p "${TARGET}/etc/skel/.ciss"

2
func/cdi_4500_user/4510_accounts_hardening.sh
View File

@@ -34,7 +34,7 @@ accounts_hardening() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${ary_security_pkgs[*]} 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests ${ary_security_pkgs[*]} 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
### Preparing 2fa hardening. ### Preparing 2fa hardening.

12
func/cdi_4600_packages/4600_installation_packages.sh
View File

@@ -32,26 +32,26 @@ installation_packages() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get update 2>&1 | tee -a ${var_logfile} apt-get update 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
apt-get upgrade -y 2>&1 | tee -a ${var_logfile} apt-get upgrade -y 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
fi fi
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${ARY_PACKAGES[*]} 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests ${ARY_PACKAGES[*]} 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get autoclean -y 2>&1 | tee -a ${var_logfile} apt-get autoclean -y 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
apt-get autopurge -y 2>&1 | tee -a ${var_logfile} apt-get autopurge -y 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
apt-get autoremove -y 2>&1 | tee -a ${var_logfile} apt-get autoremove -y 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
guard_dir && return 0 guard_dir && return 0

2
func/cdi_4600_packages/4610_installation_security.sh
View File

@@ -39,7 +39,7 @@ installation_security() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${ary_fw[*]} 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests ${ary_fw[*]} 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
if [[ ${VAR_SEC_FW} == apparmor ]]; then if [[ ${VAR_SEC_FW} == apparmor ]]; then
systemctl enable apparmor 2>&1 | tee -a ${var_logfile} || true systemctl enable apparmor 2>&1 | tee -a ${var_logfile} || true

12
func/cdi_4600_packages/4620_installation_verification.sh
View File

@@ -34,7 +34,7 @@ install_verification() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests auditd 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests auditd 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
rm -f "${TARGET}/etc/audit/rules.d/audit.rules" rm -f "${TARGET}/etc/audit/rules.d/audit.rules"
@@ -339,14 +339,14 @@ EOF
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
systemctl enable auditd.service 2>&1 | tee -a ${var_logfile} systemctl enable auditd.service 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
### Validate and build audit rules now; fail early if syntax is wrong. ### Validate and build audit rules now; fail early if syntax is wrong.
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
if command -v augenrules >/dev/null 2>&1; then if command -v augenrules >/dev/null 2>&1; then
augenrules --load 2>&1 | tee -a ${var_logfile} augenrules --load 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
else else
### Fallback: build consolidated rules file without loading into the kernel. ### Fallback: build consolidated rules file without loading into the kernel.
if command -v bash >/dev/null 2>&1; then if command -v bash >/dev/null 2>&1; then
@@ -358,7 +358,7 @@ EOF
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests aide aide-common 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests aide aide-common 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
sed -i 's/Checksums = H/Checksums = sha512/' /etc/aide/aide.conf sed -i 's/Checksums = H/Checksums = sha512/' /etc/aide/aide.conf
aideinit > /dev/null 2>> ${var_logfile} aideinit > /dev/null 2>> ${var_logfile}
" "
@@ -366,7 +366,7 @@ EOF
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests debsums 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests debsums 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
if ! debsums -g >> ${var_logfile} 2>> ${var_logfile}; then if ! debsums -g >> ${var_logfile} 2>> ${var_logfile}; then
printf 'Running debsums -g - encountered errors.' >> ${var_logfile} printf 'Running debsums -g - encountered errors.' >> ${var_logfile}
fi fi
@@ -374,7 +374,7 @@ EOF
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
rkhunter --propupd 2>&1 | tee -a ${var_logfile} rkhunter --propupd 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
guard_dir && return 0 guard_dir && return 0

2
func/cdi_5000_recovery/5120_installation_kernel.sh
View File

@@ -49,7 +49,7 @@ installation_kernel_reco() {
chroot_script "${RECOVERY}" " chroot_script "${RECOVERY}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${image} initramfs-tools 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests ${image} initramfs-tools 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
do_log "info" "file_only" "5120() Kernel image: '${image}' installed successfully." do_log "info" "file_only" "5120() Kernel image: '${image}' installed successfully."

2
func/cdi_5000_recovery/5130_installation_toolset.sh
View File

@@ -96,7 +96,7 @@ installation_toolset_reco() {
chroot_script "${RECOVERY}" " chroot_script "${RECOVERY}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
fi fi

2
func/cdi_5000_recovery/5131_installation_systemd.sh
View File

@@ -36,7 +36,7 @@ installation_systemd_reco() {
chroot_script "${RECOVERY}" " chroot_script "${RECOVERY}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile}
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile} echo ExitCode of PIPESTATUS[0]: \${PIPESTATUS[0]} >> ${var_logfile}
" "
else else