msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7a9126defcc8e2196d156d77789ae6270ddb27da9636218893b468ed0c62fa68
CISS.debian.installer/docs/man/TRAP_MECHANISM.md
Marc S. Weidner 4bb473fe07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 50s
Details
V8.00.000.2025.06.17 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-08 23:03:21 +02:00

5.4 KiB
Raw Blame History

Table of Contents

1. CISS.debian.installer

Centurion Intelligence Consulting Agency Information Security Standard
The CISS Debian Installer provides a fully automated and hardened installation process.
Master Version: 8.00
Build: V8.00.000.2025.06.17

2. Interplay Between Global Hardening Settings and TRAP Mechanisms

2.1. Overview

The CISS.debian.installer employs a dual-layer resilience model:

  1. Global Hardening Settings — impose deterministic shell behaviour, enforce strict error handling, and constrain environment variables.
  2. TRAP Handlers — capture, log, and act upon errors, abnormal terminations, and system signals.

These mechanisms are not isolated; their effectiveness stems from deliberate interplay, ensuring that failure modes are predictable, traceable, and recoverable.

2.2. Baseline Enforcement via Hardening Settings

The baseline, established in the global hardening module, guarantees:

  • Immediate reaction to errors (errexit, pipefail, inherit_errexit).
  • Detection of programming flaws (nounset for undefined variables).
  • Safe expansion behavior (failglob, noclobber, restricted IFS).
  • Predictable scope inheritance (errtrace, functrace).

This configuration creates a fail-fast execution profile: the moment a violation occurs, execution halts, and control transfers to the relevant TRAP.

2.3. TRAP Handlers in Context

2.3.1. trap ERR

  • Activated immediately upon any command failure due to errexit.
  • Reliant on errtrace to ensure it triggers within subshells and functions.
  • Receives detailed state because nounset and pipefail ensure error codes reflect genuine failure conditions.

2.3.2. trap EXIT

  • Serves as a final safety net, catching failures that ERR does not, notably unbound variable terminations that bypass ERR.
  • Its reliability depends on nounset enforcing such terminations.

2.3.3. trap INT

  • Intercepts SIGINT without premature script exit, preserving installer state.
  • Functions in harmony with ignoreeof to prevent unintended terminations from user input.

2.3.4. trap DEBUG (conditional)

  • Works effectively because functrace ensures inheritance into functions and subshells.
  • Captures every executed command when enabled, providing real-time introspection of an otherwise fail-fast script.

2.4. Synergistic Effects

Hardening Setting TRAP Dependency / Effect
errexit + pipefail Guarantees trap ERR fires on true failure points.
errtrace Propagates ERR handling into all call depths.
nounset Causes unbound variable exits, which trap EXIT can diagnose.
functrace Propagates DEBUG and RETURN traps for deep stack inspection.
ignoreeof Complements trap INT by reducing unintended exits from user keystrokes.
failglob Converts invalid filename expansion into explicit errors, caught by trap ERR.
Restricted PATH and IFS Ensures TRAP-logged commands run in a controlled environment, reducing false positives and unsafe expansions.

2.5. Security and Forensic Benefits

  • Forensic-grade logging: The combination of deterministic failure points and TRAP logging (LOG_ERR, LOG_EXT, LOG_DBG, LOG_TRC, LOG_VAR) yields reproducible incident traces.
  • Controlled failure domains: Failures cannot silently propagate or be masked, which is critical for a secure installation pipeline.
  • Debugging precision: By enabling DEBUG or XTRACE selectively, the developer can overlay deep tracing atop a hardened baseline without altering its guarantees.

2.6. Best Practices

  1. Never bypass global settings in individual modules; scope any exceptions with set +o locally and restore settings immediately.
  2. Leverage TRAPs consistently — every critical execution path should either succeed deterministically or trigger a TRAP.
  3. Enable DEBUG/XTRACE only when needed, to avoid excessive logging in production and to preserve the security guarantees of secret masking.
  4. Correlate TRAP logs with environment dumps to reconstruct exact runtime conditions when analyzing failures.

2.7. Summary

The global hardening settings define the strict operating environment; the TRAP mechanisms serve as reactive observers and chroniclers of any deviation from expected execution. Together, they form a closed-loop control system: hardening rules trigger TRAP events, and TRAP handlers document, mitigate, or safely terminate the process. This coupling is the foundation for the CISS.debian.installers reliability, auditability, and resistance to both accidental and malicious disruption.

no tracking | no logging | no advertising | no profiling | no bullshit

Reference in New Issue View Git Blame Copy Permalink