V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-17 06:42:14 +01:00
parent bedd0d3fa5
commit 7d599e8463
71 changed files with 2203 additions and 548 deletions
--- a/includes/target/root/.ciss/alias
+++ b/includes/target/root/.ciss/alias
@@ -10,9 +10,6 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-########################################################################################### Alpha
-alias genkeyfile='haveged -n 1048576 >| /tmp/secure_keyfile_$(date +%s)'
-
 ########################################################################################### Bash
 alias clear="printf '\033c'"
 alias c='clear'
@@ -115,7 +112,7 @@ genpasswd() {
        ;;
      '' | *[!0-9]*) ;;
      *)
-         length="$1"
+        length="$1"
        ;;
    esac
    shift
@@ -177,11 +174,11 @@ scurl() {
  declare url="$1"
  declare output_path="$2"
  if ! curl --doh-url "https://dns01.eddns.eu/dns-query" \
-            --doh-cert-status \
-            --tlsv1.3 \
-            -sSf \
-            -o "${output_path}" \
-            "${url}"
+    --doh-cert-status \
+    --tlsv1.3 \
+    -sSf \
+    -o "${output_path}" \
+    "${url}"
  then
    printf "%s❌ Error: Download failed for URL: '%s'. %s%s" "${CRED}" "${url}" "${CRES}" "${NL}" >&2
    return 2
@@ -212,11 +209,11 @@ swget() {
  declare output_path="$2"
  mkdir -p "$(dirname "${output_path}")"
  if ! wget --show-progress \
-            --no-clobber \
-            --https-only \
-            --secure-protocol=TLSv1_3 \
-            -qO "${output_path}" \
-            "${url}"
+    --no-clobber \
+    --https-only \
+    --secure-protocol=TLSv1_3 \
+    -qO "${output_path}" \
+    "${url}"
  then
    printf "%s❌ Error: Download failed for URL: '%s'. %s%s" "${CRED}" "${url}" "${CRES}" "${NL}" >&2
    return 2
@@ -225,12 +222,12 @@ swget() {
 }

 #######################################
-# Wrapper for loading CISS.2025 hardened Kernel Parameters.
+# Wrapper for loading CISS hardened Kernel Parameters.
 # Arguments:
 #   None
 #######################################
 sysp() {
-  sysctl -p /etc/sysctl.d/99_local.hardened
+  sysctl -p /etc/sysctl.d/9999_ciss_debian_installer.hardened
  # sleep 1
  # shellcheck disable=SC2312
  sysctl -a | grep -E 'kernel|vm|net' >| /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log