V8.03.256.2025.06.02
All checks were successful
Render README.md to README.html. / Render README.md to README.html. (push) Successful in 23s
All checks were successful
Render README.md to README.html. / Render README.md to README.html. (push) Successful in 23s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
12
README.md
12
README.md
@@ -31,7 +31,7 @@ include_toc: true
|
||||
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
|
||||
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
|
||||
cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`. The latest generic ISO is available at:
|
||||
[CISS.debian.live.ISO_PUBLIC](/docs/DL_PUB_ISO.md)
|
||||
[CISS.debian.live.ISO_PUBLIC](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/DL_PUB_ISO.md)
|
||||
|
||||
Check out more:
|
||||
* [CenturionNet Services](https://coresecret.eu/cnet/)
|
||||
@@ -54,7 +54,7 @@ Please note that `coresecret.dev` is included in the [(HSTS Preload List)](https
|
||||
add_header Expect-CT "max-age=86400, enforce" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
````
|
||||
Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](/docs/AUDIT_DNSSEC.md)
|
||||
Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_DNSSEC.md)
|
||||
|
||||
## 1.2. Immutable Source-of-Truth System
|
||||
|
||||
@@ -83,15 +83,15 @@ source-defined infrastructure logic.<br>
|
||||
After build and configuration, the following audit reports can be generated:
|
||||
|
||||
* **Haveged Audit Report**: Validates entropy daemon health and confirms '/dev/random' seeding performance.
|
||||
Type `chkhvg` at the prompt. See example report: [Haveged Audit Report](/docs/AUDIT_HAVEGED.md)
|
||||
Type `chkhvg` at the prompt. See example report: [Haveged Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_HAVEGED.md)
|
||||
* **Lynis Audit Report**: Outputs a detailed security score and recommendations, confirming a 91%+ hardening baseline.
|
||||
Type `lsadt` at the prompt. See example report: [Lynis Audit Report](/docs/AUDIT_LYNIS.md)
|
||||
Type `lsadt` at the prompt. See example report: [Lynis Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_LYNIS.md)
|
||||
* **SSH Audit Report**: Verifies SSH daemon configuration against the latest best-practice cipher, KEX, and MAC recommendations.
|
||||
Type `ssh-audit <IP>:<PORT>`. See example report: [SSH Audit Report](/docs/AUDIT_SSH.md)
|
||||
Type `ssh-audit <IP>:<PORT>`. See example report: [SSH Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_SSH.md)
|
||||
|
||||
## 1.2. Preview
|
||||
|
||||
|
||||
|
||||
|
||||
## 1.3. Caution. Significant information for those considering using D-I.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user