V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.preseed/preseed.yaml

@@ -101,6 +101,7 @@ image: "linux-image-amd64"     # Could be a meta-package or a specific image lik
                                # "linux-image-cloud-amd64" || "linux-image-cloud-arm64"
                                # "linux-image-rt-amd64" || "linux-image-rt-arm64"
                                # "linux-image-6.12.30+bpo-amd64"
+                               # "linux-image-6.12.38+deb13-amd64"
 needrun: false                 # Static linking to "${TARGET}/run" can cause problems if this data is "burned" into the target.
 
 ################################################################################################################################

ciss_debian_installer.sh

@@ -12,6 +12,8 @@
 
 ### Contributions so far see ./docs/CREDITS.md
 
+# TODO: Implement this function 4215_check_crypttab.sh
+# TODO: Change 4230_installation_grub.sh for Trixie Workflow
 # TODO: Update .dot files.
 # TODO: Update README.md for each lib and func dir.
 # TODO: Update MANPAGES.md for each func.

func/cdi_4100_base/4121_installation_initramfs.sh

@@ -52,7 +52,7 @@ EOF
 
   cat << EOF >| "${TARGET}/etc/initramfs-tools/conf.d/driver-policy"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

func/cdi_4200_boot/4200_generate_fstab.sh

@@ -68,7 +68,7 @@ generate_fstab() {
 
   cat << EOF >> "${TARGET}/etc/fstab"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

func/cdi_4200_boot/4210_generate_crypttab.sh

@@ -61,7 +61,7 @@ generate_crypttab() {
 
   cat << EOF >> "${TARGET}/etc/crypttab"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

func/cdi_4200_boot/4215_check_crypttab.sh

@@ -11,7 +11,7 @@
 # SPDX-Security-Contact: security@coresecret.eu
 
 guard_sourcing
-# TODO: Implement this function
+
 #######################################
 # Basic '/etc/crypttab' checks inside chroot.
 # Globals:

func/cdi_4200_boot/4240_update_grub_password.sh

@@ -28,17 +28,15 @@ update_grub_password() {
   declare var_username="superadmin" var_password="" var_password_file="${DIR_CNF}/password_grub.txt" \
           var_of="${TARGET}/etc/grub.d/40_custom" var_grub_entry=""
 
-  ### TODO: PASSWORD REMINDER
+  ### TODO: PASSWORD REMINDER START
-  ### No tracing for security reasons
+  guard_trace on
-  #[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
 
   var_password=$(<"${var_password_file}") || return "${ERR_READ_GRUB_FILE}"
 
   var_grub_entry=$(generate_grub_password_pbkdf2 "${var_username}" "${var_password}")
 
-  ### Turn on tracing again
+  #### TODO: PASSWORD REMINDER STOP
-  #[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x
+  guard_trace off
-  #### TODO: PASSWORD REMINDER
 
   ### Append if not already present
   if ! grep -q "set superusers=" "${var_of}"; then

func/cdi_4300_network/4300_installation_network.sh

@@ -55,7 +55,7 @@ installation_network() {
 
   cat << EOF >| "${TARGET}/etc/network/interfaces"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -97,7 +97,7 @@ EOF
 
     cat << EOF >| "${TARGET}/etc/network/interfaces.d/10-ipv4-dhcp"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -125,7 +125,7 @@ EOF
 
     cat << EOF >| "${TARGET}/etc/network/interfaces.d/10-ipv4-dhcp"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -156,7 +156,7 @@ EOF
     # shellcheck disable=SC2153
     cat << EOF >| "${TARGET}/etc/network/interfaces.d/10-ipv4-static"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -191,7 +191,7 @@ EOF
 
     cat << EOF >| "${TARGET}/etc/network/interfaces.d/10-ipv6-dhcp"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -222,7 +222,7 @@ EOF
     # shellcheck disable=SC2153
     cat << EOF >| "${TARGET}/etc/network/interfaces.d/10-ipv6-static"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

func/cdi_4300_network/4312_dropbear_setup.sh

@@ -142,7 +142,7 @@ write_dropbear_conf() {
 
   cat << EOF >| "${TARGET}/etc/dropbear/initramfs/dropbear.conf"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

func/cdi_4400_hardening/4400_kernel_modules.sh

@@ -26,7 +26,7 @@ kernel_modules() {
   mkdir -p "${TARGET}/usr/lib/modules-load.d"
   cat << EOF >| "${TARGET}/usr/lib/modules-load.d/30_security-misc.conf"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

func/cdi_4400_hardening/4420_installation_ssh.sh

@@ -113,7 +113,7 @@ installation_ssh() {
   ###########################################################################################
   cat << EOF >| "${TARGET}/etc/profile.d/idle-users.sh"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

func/cdi_4400_hardening/4450_hardening_haveged.sh

@@ -27,7 +27,7 @@ guard_sourcing
 hardening_haveged() {
   cat << EOF >| "${TARGET}/etc/default/haveged"
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

func/cdi_4400_hardening/4460_hardening_memory.sh

@@ -104,7 +104,7 @@ EOF
 
   mkdir -p "${TARGET}/etc/systemd/system.conf.d"
   cat << EOF >| "${TARGET}/etc/systemd/system.conf.d/90-ciss-core.conf"
-# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

func/cdi_4500_user/4500_installation_accounts.sh

@@ -28,12 +28,17 @@ guard_sourcing
 #   0: on success
 #######################################
 installation_accounts() {
+  ### Declare Arrays, HashMaps, and Variables.
   declare -i i
   declare tmp_username="" tmp_fullname="" tmp_uid="" tmp_gid="" tmp_shell="" tmp_password="" tmp_sshpubkey="" tmp_sudo="" \
     tmp_restricted=""
   declare var_username="" var_fullname="" var_uid="" var_gid="" var_shell="" var_password="" var_sshpubkey="" var_sudo="" \
     var_restricted="" var_chpasswd="" var_sshdir=""
 
+
+
+
+
   ### Hardening '/etc/login.defs'
   rm -f "${TARGET}/etc/login.defs"
   install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/etc/login.defs" "${TARGET}/etc/"

includes/target/etc/security/access.cnf

@@ -0,0 +1,125 @@
+# Login access control table.
+#
+# Comment line must start with "#", no space at front.
+# Order of lines is important.
+#
+# When someone logs in, the table is scanned for the first entry that
+# matches the (user, host) combination, or, in case of non-networked
+# logins, the first entry that matches the (user, tty) combination.  The
+# permissions field of that table entry determines whether the login will
+# be accepted or refused.
+#
+# Format of the login access control table is three fields separated by a
+# ":" character:
+#
+# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so
+# module, you can change the field separation character to be
+# '|'. This is useful for configurations where you are trying to use
+# pam_access with X applications that provide PAM_TTY values that are
+# the display variable like "host:0".]
+#
+# 	permission:users:origins
+#
+# The first field should be a "+" (access granted) or "-" (access denied)
+# character.
+#
+# The second field should be a list of one or more login names, group
+# names, or ALL (always matches). A pattern of the form user@host is
+# matched when the login name matches the "user" part, and when the
+# "host" part matches the local machine name.
+#
+# The third field should be a list of one or more tty names (for
+# non-networked logins), host names, domain names (begin with "."), host
+# addresses, internet network numbers (end with "."), ALL (always
+# matches), NONE (matches no tty on non-networked logins) or
+# LOCAL (matches any string that does not contain a "." character).
+#
+# You can use @netgroupname in host or user patterns; this even works
+# for @usergroup@@hostgroup patterns.
+#
+# The EXCEPT operator makes it possible to write very compact rules.
+#
+# The group file is searched only when a name does not match that of the
+# logged-in user. Both the user's primary group is matched, as well as
+# groups in which users are explicitly listed.
+# To avoid problems with accounts, which have the same name as a group,
+# you can use brackets around group names '(group)' to differentiate.
+# In this case, you should also set the "nodefgroup" option.
+#
+# TTY NAMES: Must be in the form returned by ttyname(3) less the initial
+# "/dev" (e.g. tty1 or vc/1)
+#
+##############################################################################
+#
+# Disallow non-root logins on tty1
+#
+#-:ALL EXCEPT root:tty1
+#
+# Disallow console logins to all but a few accounts.
+#
+#-:ALL EXCEPT wheel shutdown sync:LOCAL
+#
+# Same, but make sure that really the group wheel and not the user
+# wheel is used (use nodefgroup argument, too):
+#
+#-:ALL EXCEPT (wheel) shutdown sync:LOCAL
+#
+# Disallow non-local logins to privileged accounts (group wheel).
+#
+#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
+#
+# Some accounts are not allowed to login from anywhere:
+#
+#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
+#
+# All other accounts are allowed to login from anywhere.
+#
+##############################################################################
+# All lines from here up to the end are building a more complex example.
+##############################################################################
+#
+# User "root" should be allowed to get access via cron .. tty5 tty6.
+#+:root:cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6
+#
+# User "root" should be allowed to get access from hosts with ip addresses.
+#+:root:192.168.200.1 192.168.200.4 192.168.200.9
+#+:root:127.0.0.1
+#
+# User "root" should get access from network 192.168.201.
+# This term will be evaluated by string matching.
+# comment: It might be better to use network/netmask instead.
+#          The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0
+#+:root:192.168.201.
+#
+# User "root" should be able to have access from domain.
+# Uses string matching also.
+#+:root:.foo.bar.org
+#
+# User "root" should be denied to get access from all other sources.
+#-:root:ALL
+#
+# User "foo" and members of netgroup "nis_group" should be
+# allowed to get access from all sources.
+# This will only work if netgroup service is available.
+#+:@nis_group foo:ALL
+#
+# User "john" should get access from ipv4 net/mask
+#+:john:127.0.0.0/24
+#
+# User "john" should get access from ipv4 as ipv6 net/mask
+#+:john:::ffff:127.0.0.0/127
+#
+# User "john" should get access from ipv6 host address
+#+:john:2001:4ca0:0:101::1
+#
+# User "john" should get access from ipv6 host address (same as above)
+#+:john:2001:4ca0:0:101:0:0:0:1
+#
+# User "john" should get access from ipv6 local link host address
+#+:john:fe80::de95:818c:1b55:7e42%eth0
+#
+# User "john" should get access from ipv6 net/mask
+#+:john:2001:4ca0:0:101::/64
+#
+# All other users should be denied to get access from all sources.
+#-:ALL:ALL

lib/cdi_0005_guard/0005_guard_sourcing.sh

@@ -23,7 +23,7 @@
 guard_sourcing() {
   ### Determine the caller script (the library being sourced).
   declare var_src="${1:-${BASH_SOURCE[1]}}"
-  ### Strip path, keep only filename
+  ### Strip path, keep only the filename
   declare var_file_name="${var_src##*/}"
   ### Sanitize to valid var name.
   declare var_safe_name="${var_file_name//[^a-zA-Z0-9_]/_}"

lib/cdi_0060_traps/0060_trap_err.sh

@@ -75,15 +75,15 @@ print_file_err() {
     printf "❌ SHELLOPTS              : %s %b" "${SHELLOPTS}" "${NL}"
     if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then
       printf "❌ Vars Dump saved at     : %s %b" "${LOG_VAR}" "${NL}"
-      printf "❌               less -R %s %b" "${LOG_VAR}" "${NL}"
+      printf "❌ batcat --pager='less -r' %s %b" "${LOG_VAR}" "${NL}"
     fi
     if [[ "${VAR_DEBUG_TRAP}" == "true" ]]; then
       printf "❌ DEBUG Log saved at     : %s %b" "${LOG_DBG}" "${NL}"
-      printf "❌               less -R %s %b" "${LOG_DBG}" "${NL}"
+      printf "❌ batcat --pager='less -r' %s %b" "${LOG_DBG}" "${NL}"
     fi
     if [[ "${VAR_DEBUG_TRACE}" == "true" ]]; then
       printf "❌ TRACE Log saved at     : %s %b" "${LOG_TRC}" "${NL}"
-      printf "❌               less -R %s %b" "${LOG_TRC}" "${NL}"
+      printf "❌ batcat --pager='less -r' %s %b" "${LOG_TRC}" "${NL}"
     fi
     printf "%b" "${NL}"
   } >> "${LOG_ERR}"
@@ -150,18 +150,18 @@ print_scr_err() {
   printf "%b❌ Arguments Sanitized    : %s %b%b" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}"
   printf "%b❌ SHELLOPTS              : %s %b%b" "${RED}" "${SHELLOPTS}" "${RES}" "${NL}"
   printf "%b❌ Error Log saved at     : %s %b%b" "${RED}" "${LOG_ERR}" "${RES}" "${NL}"
-  printf "%b❌                   cat %s %b%b" "${RED}" "${LOG_ERR}" "${RES}" "${NL}"
+  printf "%b❌ batcat --pager='less -r' %s %b%b" "${RED}" "${LOG_ERR}" "${RES}" "${NL}"
   if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then
     printf "%b❌ Vars Dump saved at     : %s %b%b" "${RED}" "${LOG_VAR}" "${RES}" "${NL}"
-    printf "%b❌               less -R %s %b%b" "${RED}" "${LOG_VAR}" "${RES}" "${NL}"
+    printf "%b❌ batcat --pager='less -r' %s %b%b" "${RED}" "${LOG_VAR}" "${RES}" "${NL}"
   fi
   if [[ "${VAR_DEBUG_TRAP}" == "true" ]]; then
     printf "%b❌ Debug Log saved at     : %s %b%b" "${RED}" "${LOG_DBG}" "${RES}" "${NL}"
-    printf "%b❌               less -R %s %b%b" "${RED}" "${LOG_DBG}" "${RES}" "${NL}"
+    printf "%b❌ batcat --pager='less -r' %s %b%b" "${RED}" "${LOG_DBG}" "${RES}" "${NL}"
   fi
   if [[ "${VAR_DEBUG_TRACE}" == "true" ]]; then
     printf "%b❌ Trace Log saved at     : %s %b%b" "${RED}" "${LOG_TRC}" "${RES}" "${NL}"
-    printf "%b❌               less -R %s %b%b" "${RED}" "${LOG_TRC}" "${RES}" "${NL}"
+    printf "%b❌ batcat --pager='less -r' %s %b%b" "${RED}" "${LOG_TRC}" "${RES}" "${NL}"
   fi
   print_stacktrace
   printf "%b" "${NL}"

lib/cdi_0060_traps/0070_trap_exit.sh

@@ -82,18 +82,15 @@ trap_exit_zero() {
     printf "%b" "${NL}"
     if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then
       printf "%b✅ Vars Dump saved at     : %s %b%b" "${GRE}" "${LOG_VAR}" "${RES}" "${NL}"
-      printf "%b✅                  cat %s %b%b" "${GRE}" "${LOG_VAR}" "${RES}" "${NL}"
+      printf "%b✅ batcat --pager='less -r' %s %b%b" "${GRE}" "${LOG_VAR}" "${RES}" "${NL}"
-      printf "%b✅              less -R %s %b%b" "${GRE}" "${LOG_VAR}" "${RES}" "${NL}"
     fi
     if [[ "${VAR_DEBUG_TRAP}" == "true" ]]; then
       printf "%b✅ DEBUG Log saved at     : %s %b%b" "${GRE}" "${LOG_DBG}" "${RES}" "${NL}"
-      printf "%b✅                  cat %s %b%b" "${GRE}" "${LOG_DBG}" "${RES}" "${NL}"
+      printf "%b✅ batcat --pager='less -r' %s %b%b" "${GRE}" "${LOG_DBG}" "${RES}" "${NL}"
-      printf "%b✅              less -R %s %b%b" "${GRE}" "${LOG_DBG}" "${RES}" "${NL}"
     fi
     if [[ "${VAR_DEBUG_TRACE}" == "true" ]]; then
       printf "%b✅ TRACE Log saved at     : %s %b%b" "${GRE}" "${LOG_TRC}" "${RES}" "${NL}"
-      printf "%b✅                  cat %s %b%b" "${GRE}" "${LOG_TRC}" "${RES}" "${NL}"
+      printf "%b✅ batcat --pager='less -r' %s %b%b" "${GRE}" "${LOG_TRC}" "${RES}" "${NL}"
-      printf "%b✅              less -R %s %b%b" "${GRE}" "${LOG_TRC}" "${RES}" "${NL}"
     fi
     printf "%b" "${NL}"
     printf "%b💷 Please consider donating to my work at: %b%b" "${MAG}" "${RES}" "${NL}"
@@ -190,18 +187,18 @@ trap_exit_non_zero() {
     printf "%b❌ BASHOPTS               : %s %b%b" "${RED}" "${BASHOPTS}" "${RES}" "${NL}" >> "${LOG_EXT}"
     printf "%b❌ SHELLOPTS              : %s %b%b" "${RED}" "${SHELLOPTS}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
     printf "%b❌ Error Log saved at     : %s %b%b" "${RED}" "${LOG_EXT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
-    printf "%b❌                   cat %s %b%b" "${RED}" "${LOG_EXT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
+    printf "%b❌ batcat --pager='less -r' %s %b%b" "${RED}" "${LOG_EXT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
     if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then
       printf "%b❌ Vars Dump saved at     : %s %b%b" "${RED}" "${LOG_VAR}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
-      printf "%b❌               less -R %s %b%b" "${RED}" "${LOG_VAR}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
+      printf "%b❌ batcat --pager='less -r' %s %b%b" "${RED}" "${LOG_VAR}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
     fi
     if [[ "${VAR_DEBUG_TRAP}" == "true" ]]; then
       printf "%b❌ Debug Log saved at     : %s %b%b" "${RED}" "${LOG_DBG}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
-      printf "%b❌               less -R %s %b%b" "${RED}" "${LOG_DBG}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
+      printf "%b❌ batcat --pager='less -r' %s %b%b" "${RED}" "${LOG_DBG}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
     fi
     if [[ "${VAR_DEBUG_TRACE}" == "true" ]]; then
       printf "%b❌ Trace Log saved at     : %s %b%b" "${RED}" "${LOG_TRC}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
-      printf "%b❌               less -R %s %b%b" "${RED}" "${LOG_TRC}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
+      printf "%b❌ batcat --pager='less -r' %s %b%b" "${RED}" "${LOG_TRC}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
     fi
     print_stacktrace
   fi

var/bash.var.sh

@@ -23,7 +23,7 @@ set -o pipefail          # Makes pipelines return the exit status of the last co
 
 ### For all options see https://www.gnu.org/software/bash/manual/bash.html#The-Shopt-Builtin
 shopt -s failglob        # If set, patterns that fail to match filenames during filename expansion result in an expansion error.
-shopt -s inherit_errexit # If set, command substitution inherits the value of the errexit option, instead of unsetting it in the
+shopt -s inherit_errexit # If set, command substitution inherits the value of the errexit option instead of unsetting it in the
                          # subshell environment. This option is enabled when POSIX mode is enabled.
 shopt -s lastpipe        # If set, and job control is not active, the shell runs the last command of a pipeline not executed in
                          # the background in the current shell environment.