From 0a4a2c41494736a12bf298c7d37fffa13c6d0d38972ced381a580d96468d5409 Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Tue, 3 Jun 2025 00:57:19 +0200
Subject: [PATCH] V8.03.384.2025.06.03

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 README.md                                     |   1 +
 docs/CNET.md                                  |  21 ++++++++++++++++++
 .../ciss.debian.live.builder.dot              |   5 +----
 .../ciss.debian.live.builder.png              | Bin
 4 files changed, 23 insertions(+), 4 deletions(-)
 create mode 100644 docs/CNET.md
 rename docs/{graphiz => graphviz}/ciss.debian.live.builder.dot (95%)
 rename docs/{graphiz => graphviz}/ciss.debian.live.builder.png (100%)

diff --git a/README.md b/README.md
index a4600e7..cb0b8fa 100644
--- a/README.md
+++ b/README.md
@@ -59,6 +59,7 @@ add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; prelo
 
 * Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at: **[DNSSEC Audit Report](/docs/AUDIT_DNSSEC.md)**
 * A comprehensive TLS audit of the `git.coresecret.dev` Gitea server is also available. See: **[TLS Audit Report](/docs/AUDIT_TLS.md)**
+* The infrastructure of the CISS.debian.live.builder building system is visualized here. See: **[Centurion Net](/docs/CNET.md)**
 
 ### 1.1.3. Gitea Action Runner Hardening
 
diff --git a/docs/CNET.md b/docs/CNET.md
new file mode 100644
index 0000000..0b324de
--- /dev/null
+++ b/docs/CNET.md
@@ -0,0 +1,21 @@
+---
+gitea: none
+include_toc: true
+---
+
+# 1. CISS.debian.live.builder
+
+**Centurion Intelligence Consulting Agency Information Security Standard**<br>
+*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
+**Master Version**: 8.03<br>
+**Build**: V8.03.384.2025.06.03<br>
+
+# 2. Download the latest PUBLIC CISS.debian.live.ISO
+
+This is an automatically generated overview of the secure ``Centurion Net`` ``CISS.debian.live.builder`` building system.
+
+![Centurion Net](/docs/graphviz/ciss.debian.live.builder.png)
+
+---
+**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
+<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
diff --git a/docs/graphiz/ciss.debian.live.builder.dot b/docs/graphviz/ciss.debian.live.builder.dot
similarity index 95%
rename from docs/graphiz/ciss.debian.live.builder.dot
rename to docs/graphviz/ciss.debian.live.builder.dot
index aea4997..3d5eb53 100644
--- a/docs/graphiz/ciss.debian.live.builder.dot
+++ b/docs/graphviz/ciss.debian.live.builder.dot
@@ -86,10 +86,7 @@ digraph CISS_debian_live_builder {
         // ----- Cluster: TLS/HTTPS group (contains B-Server, cloud, and the TLS cloud) -----
         subgraph cluster_tls_group {
             // The red dotted rectangle around B-Cluster, cloud, and the TLS cloud
-            label="ECDHE-RSA-AES256-GCM-SHA384 ECDH 448 AESGCM 256\n\
-                   ECDHE-RSA-CHACHA20-POLY1305 ECDH 448 ChaCha20 256\n\
-                   TLS_AES_256_GCM_SHA384 ECDH 448 AESGCM 256\n\
-                   TLS_CHACHA20_POLY1305_SHA256 ECDH 448 ChaCha20 256";
+            label="TLS 1.2 || 1.3 AES256-GCM-SHA384 ECDH 448 AESGCM 256 only.";
             style=dashed;
             color=red;
 
diff --git a/docs/graphiz/ciss.debian.live.builder.png b/docs/graphviz/ciss.debian.live.builder.png
similarity index 100%
rename from docs/graphiz/ciss.debian.live.builder.png
rename to docs/graphviz/ciss.debian.live.builder.png