msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-22 22:39:10 +01:00
parent c501b8de5a
commit bd614c17c9
4 changed files with 24 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
func/cdi_4200_boot/4230_installation_grub.sh
View File

@@ -266,7 +266,6 @@ readonly -f install_grub_bios
# Globals: # Globals:
# TARGET # TARGET
# VAR_MODINFO_PATH # VAR_MODINFO_PATH
# grub_bootdev
# grub_update_nvram # grub_update_nvram
# var_update_grub_required # var_update_grub_required
# Arguments: # Arguments:
@@ -300,8 +299,8 @@ install_grub_uefi() {
[[ "${grub_update_nvram}" == "false" ]] && ary_uefi_arg+=( --no-nvram ) [[ "${grub_update_nvram}" == "false" ]] && ary_uefi_arg+=( --no-nvram )
chroot_exec "${TARGET}" grub-install "${ary_uefi_arg[@]}" "${grub_bootdev}" || return "${ERR_GRUB_INSTALL}" chroot_exec "${TARGET}" grub-install "${ary_uefi_arg[@]}" || return "${ERR_GRUB_INSTALL}"
do_log "info" "file_only" "4230() Installed: GRUB on Device: '${grub_bootdev}' [UEFI]." do_log "info" "file_only" "4230() Installed: GRUB on [ESP]."
var_update_grub_required="true" var_update_grub_required="true"
return 0 return 0

22
func/cdi_4500_user/4520_accounts_setup.sh
View File

@@ -95,9 +95,19 @@ accounts_setup() {
;; ;;
true) true)
### SSH Public Key per default, only. if [[ "${user_root_authentication_2fa_ssh}" == "true" || "${user_root_authentication_2fa_tty}" == "true" ]]; then
sed -i -E "s|^[[:space:]]*PermitRootLogin[[:space:]]+.*$|$(printf '%-29s%s' 'PermitRootLogin' 'prohibit-password')|" "${var_target}/etc/ssh/sshd_config"
do_log "info" "file_only" "4520() User: 'root' SSH access: [PermitRootLogin prohibit-password]" ### SSH Public Key per default, only.
sed -i -E "s|^[[:space:]]*PermitRootLogin[[:space:]]+.*$|$(printf '%-29s%s' 'PermitRootLogin' 'yes')|" "${var_target}/etc/ssh/sshd_config"
do_log "info" "file_only" "4520() User: 'root' SSH access: [PermitRootLogin yes]"
else
### SSH Public Key per default, only.
sed -i -E "s|^[[:space:]]*PermitRootLogin[[:space:]]+.*$|$(printf '%-29s%s' 'PermitRootLogin' 'prohibit-password')|" "${var_target}/etc/ssh/sshd_config"
do_log "info" "file_only" "4520() User: 'root' SSH access: [PermitRootLogin prohibit-password]"
fi
;; ;;
*) *)
@@ -895,12 +905,12 @@ write_google_authenticator_file() {
printf '%s\n' "${var_secret}" printf '%s\n' "${var_secret}"
printf '" RATE_LIMIT 3 30\n' printf '" RATE_LIMIT 3 30\n'
printf '" WINDOW_SIZE 10\n' printf '" WINDOW_SIZE 04\n'
printf '" DISALLOW_REUSE\n' printf '" DISALLOW_REUSE\n'
printf '" TOTP_AUTH\n' printf '" TOTP_AUTH\n'
### Emergency Codes (8x unbiased 8-digit, CSPRNG via OpenSSL). ### Emergency Codes (10x unbiased 8-digit, CSPRNG via OpenSSL).
for i in {1..8}; do for i in {1..10}; do
### Draw 32 bits; rejection sampling to avoid modulo bias. ### Draw 32 bits; rejection sampling to avoid modulo bias.
while :; do while :; do

10
func/cdi_4600_packages/4600_installation_packages.sh
View File

@@ -32,8 +32,8 @@ installation_packages() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
[[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh [[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh
apt-get update -qq 2>&1 | tee -a ${var_logfile} apt-get update -qq 2>&1 | tee -a ${var_logfile}
apt-get upgrade -y 2>&1 | tee -a ${var_logfile} apt-get -y dist-upgrade 2>&1 | tee -a ${var_logfile} # (= apt full-upgrade) allow installs/replacements/removals.
" "
fi fi
@@ -46,9 +46,9 @@ installation_packages() {
chroot_script "${TARGET}" " chroot_script "${TARGET}" "
export INITRD=No export INITRD=No
[[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh [[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh
apt-get autoclean -y 2>&1 | tee -a ${var_logfile} apt-get autoremove --purge -y 2>&1 | tee -a ${var_logfile} # 'autopurge' == 'autoremove --purge'; don't run both.
apt-get autopurge -y 2>&1 | tee -a ${var_logfile} apt-get clean -y 2>&1 | tee -a ${var_logfile} # Stronger than autoclean: removes the entire '.deb'-cache.
apt-get autoremove -y 2>&1 | tee -a ${var_logfile} rm -rf /var/lib/apt/lists/* -y 2>&1 | tee -a ${var_logfile} # Will be repopulate on next 'apt update'.
" "
guard_dir && return 0 guard_dir && return 0

2
func/cdi_4600_packages/4620_installation_verification.sh
View File

@@ -15,7 +15,7 @@ guard_sourcing
### https://github.com/linux-audit/audit-userspace/tree/master/rules ### https://github.com/linux-audit/audit-userspace/tree/master/rules
####################################### #######################################
# Installs 'aide', 'audit', and 'debsums' audit and logging packages. # Installs 'acct', 'aide', 'audit', and 'debsums' audit and logging packages.
# Finalizes 'rkhunter' baseline. # Finalizes 'rkhunter' baseline.
# Globals: # Globals:
# TARGET # TARGET