msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8c2f496f88e8add71b0a0c8858cf80e6ee7a568fd6a9fe0f51ccbce870d1cba1
CISS.debian.installer/docs/man/TRAP_MECHANISM.md
Marc S. Weidner 4bb473fe07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 50s
Details
V8.00.000.2025.06.17 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-08 23:03:21 +02:00

92 lines
5.4 KiB
Markdown
Raw Blame History

---
gitea: none
include_toc: true
---
# 1. CISS.debian.installer
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
**Master Version**: 8.00<br>
**Build**: V8.00.000.2025.06.17<br>
# 2. Interplay Between Global Hardening Settings and TRAP Mechanisms
## 2.1. Overview
The `CISS.debian.installer` employs a dual-layer resilience model:
1. **Global Hardening Settings** — impose deterministic shell behaviour, enforce strict error handling, and constrain
environment variables.
2. **TRAP Handlers** — capture, log, and act upon errors, abnormal terminations, and system signals.
These mechanisms are not isolated; their effectiveness stems from deliberate interplay, ensuring that failure modes are
predictable, traceable, and recoverable.
## 2.2. Baseline Enforcement via Hardening Settings
The baseline, established in the global hardening module, guarantees:
- **Immediate reaction to errors** (`errexit`, `pipefail`, `inherit_errexit`).
- **Detection of programming flaws** (`nounset` for undefined variables).
- **Safe expansion behavior** (`failglob`, `noclobber`, restricted `IFS`).
- **Predictable scope inheritance** (`errtrace`, `functrace`).
This configuration creates a **fail-fast execution profile**: the moment a violation occurs, execution halts, and control
transfers to the relevant TRAP.
## 2.3. TRAP Handlers in Context
### 2.3.1. `trap ERR`
- Activated immediately upon any command failure due to `errexit`.
- Reliant on `errtrace` to ensure it triggers within subshells and functions.
- Receives detailed state because `nounset` and `pipefail` ensure error codes reflect genuine failure conditions.
### 2.3.2. `trap EXIT`
- Serves as a final safety net, catching failures that `ERR` does not, notably **unbound variable terminations** that bypass `ERR`.
- Its reliability depends on `nounset` enforcing such terminations.
### 2.3.3. `trap INT`
- Intercepts `SIGINT` without premature script exit, preserving installer state.
- Functions in harmony with `ignoreeof` to prevent unintended terminations from user input.
### 2.3.4. `trap DEBUG` (conditional)
- Works effectively because `functrace` ensures inheritance into functions and subshells.
- Captures every executed command when enabled, providing real-time introspection of an otherwise fail-fast script.
## 2.4. Synergistic Effects
| Hardening Setting | TRAP Dependency / Effect |
|-----------------------------|---------------------------------------------------------------------------------------------------------------|
| `errexit` + `pipefail` | Guarantees `trap ERR` fires on true failure points. |
| `errtrace` | Propagates `ERR` handling into all call depths. |
| `nounset` | Causes unbound variable exits, which `trap EXIT` can diagnose. |
| `functrace` | Propagates `DEBUG` and `RETURN` traps for deep stack inspection. |
| `ignoreeof` | Complements `trap INT` by reducing unintended exits from user keystrokes. |
| `failglob` | Converts invalid filename expansion into explicit errors, caught by `trap ERR`. |
| Restricted `PATH` and `IFS` | Ensures TRAP-logged commands run in a controlled environment, reducing false positives and unsafe expansions. |
## 2.5. Security and Forensic Benefits
- **Forensic-grade logging**: The combination of deterministic failure points and TRAP logging (`LOG_ERR`, `LOG_EXT`, `LOG_DBG`, `LOG_TRC`, `LOG_VAR`) yields reproducible incident traces.
- **Controlled failure domains**: Failures cannot silently propagate or be masked, which is critical for a secure installation pipeline.
- **Debugging precision**: By enabling `DEBUG` or `XTRACE` selectively, the developer can overlay deep tracing atop a hardened baseline without altering its guarantees.
## 2.6. Best Practices
1. **Never bypass global settings** in individual modules; scope any exceptions with `set +o` locally and restore settings immediately.
2. **Leverage TRAPs consistently** — every critical execution path should either succeed deterministically or trigger a TRAP.
3. **Enable DEBUG/XTRACE only when needed**, to avoid excessive logging in production and to preserve the security guarantees of secret masking.
4. **Correlate TRAP logs with environment dumps** to reconstruct exact runtime conditions when analyzing failures.
## 2.7. Summary
The global hardening settings define the strict operating environment; the TRAP mechanisms serve as reactive observers and
chroniclers of any deviation from expected execution. Together, they form a **closed-loop control system**: hardening rules
trigger TRAP events, and TRAP handlers document, mitigate, or safely terminate the process. This coupling is the foundation for
the `CISS.debian.installer`s reliability, auditability, and resistance to both accidental and malicious disruption.
---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
Reference in New Issue View Git Blame Copy Permalink