V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-27 19:38:29 +02:00
parent 69888c0daf
commit d316c1d2b5
4 changed files with 19 additions and 24 deletions
--- a/func/cdi_3200_partitioning/3280_mount_partition.sh
+++ b/func/cdi_3200_partitioning/3280_mount_partition.sh
@@ -354,6 +354,7 @@ mount_partition() {

    var_dev="${var_dev_part%.*}"
    lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview_3280.log"
+    lsblk -o NAME,PARTTYPE,FSTYPE,FSVER,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_parttype_3280.log"
    {
      printf "%b" "${NL}"
      lsblk "/dev/${var_dev}"
--- a/func/cdi_4000_debootstrap/4035_setup_resolv.sh
+++ b/func/cdi_4000_debootstrap/4035_setup_resolv.sh
@@ -45,23 +45,9 @@ setup_resolv() {
  chmod 0644 "${TARGET}/etc/resolv.conf"

  ### Create '/etc/resolv.conf' IPv4 entries for static configuration.
-    cat << EOF >> "${TARGET}/etc/resolv.conf"
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.installer
-# SPDX-Security-Contact: security@coresecret.eu
-
-# Static file system information: /etc/resolv.conf
-# Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture: ${VAR_ARCHITECTURE}
-# Distribution: ${VAR_CODENAME}
-
+  insert_header "${TARGET}/etc/resolv.conf"
+  insert_comments "${TARGET}/etc/resolv.conf"
+  cat << EOF >> "${TARGET}/etc/resolv.conf"
 ### Custom DNS IPv4 configuration
 EOF

--- a/func/cdi_4300_network/4310_dropbear_build.sh
+++ b/func/cdi_4300_network/4310_dropbear_build.sh
@@ -49,7 +49,8 @@ dropbear_build() {
  #  -s                 : Strip unnecessary symbols directly during linking
  #  -Wl,-z,relro,-z,now: Enables full RELRO (symbol resolution at program startup)

-  [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
+  guard_trace on
+
  # shellcheck disable=SC2016,SC2312
  setsid bash -c '
    ### Sterile environment for the build-process.
@@ -70,7 +71,8 @@ dropbear_build() {
    # shellcheck disable=2312
    make -j"$(nproc)"
  ' >> "${TARGET}${var_logfile}" 2>&1
-  [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x
+
+  guard_trace off

  guard_dir && return 0
 }
--- a/func/cdi_4400_hardening/4435_hardening_fail2ban.sh
+++ b/func/cdi_4400_hardening/4435_hardening_fail2ban.sh
@@ -22,14 +22,20 @@ guard_sourcing
 #   0: on success
 #######################################
 hardening_fail2ban() {
+  ### Declare Arrays, HashMaps, and Variables.
+  declare
+  declare -r  var_logfile="/root/.ciss/cdi/log/4435_hardening_fail2ban.log"

+  chroot_logger "${TARGET}${var_logfile}"

-
-
-
-  systemctl stop fail2ban
+  chroot_script "${TARGET}" "
+    export INITRD=No
+    apt-get install -y --no-install-suggests fail2ban 2>&1 | tee -a ${var_logfile}
+    echo ExitCode: \$? >> ${var_logfile}
+  "
  cp -u /etc/fail2ban/fail2ban.conf "${DIR_BAK}"fail2ban.conf.bak
-  chmod 644 "${DIR_BAK}"fail2ban.conf.bak
+  mv "${TARGET}/etc/resolv.conf" "${TARGET}/root/.ciss/cdi/backup/etc/resolv.conf.bak"
+

  # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024305
  sed -i 's/#allowipv6 = auto/allowipv6 = auto/1' /etc/fail2ban/fail2ban.conf