V8.03.256.2025.06.02

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

README.md

@@ -31,7 +31,7 @@ include_toc: true
 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
 cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`. The latest generic ISO is available at:
-[CISS.debian.live.ISO_PUBLIC](/docs/DL_PUB_ISO.md)
+[CISS.debian.live.ISO_PUBLIC](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/DL_PUB_ISO.md)
 
 Check out more:
 * [CenturionNet Services](https://coresecret.eu/cnet/) 
@@ -54,7 +54,7 @@ Please note that `coresecret.dev` is included in the [(HSTS Preload List)](https
 add_header Expect-CT                 "max-age=86400, enforce"                       always;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
 ````
-Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](/docs/AUDIT_DNSSEC.md)
+Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_DNSSEC.md)
 
 ## 1.2. Immutable Source-of-Truth System
 
@@ -83,15 +83,15 @@ source-defined infrastructure logic.<br>
 After build and configuration, the following audit reports can be generated:
 
 * **Haveged Audit Report**: Validates entropy daemon health and confirms '/dev/random' seeding performance.
-  Type `chkhvg` at the prompt. See example report: [Haveged Audit Report](/docs/AUDIT_HAVEGED.md)
+  Type `chkhvg` at the prompt. See example report: [Haveged Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_HAVEGED.md)
 * **Lynis Audit Report**: Outputs a detailed security score and recommendations, confirming a 91%+ hardening baseline.
-  Type `lsadt` at the prompt. See example report: [Lynis Audit Report](/docs/AUDIT_LYNIS.md)
+  Type `lsadt` at the prompt. See example report: [Lynis Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_LYNIS.md)
 * **SSH Audit Report**: Verifies SSH daemon configuration against the latest best-practice cipher, KEX, and MAC recommendations.
-  Type `ssh-audit <IP>:<PORT>`. See example report: [SSH Audit Report](/docs/AUDIT_SSH.md)
+  Type `ssh-audit <IP>:<PORT>`. See example report: [SSH Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_SSH.md)
 
 ## 1.2. Preview
 
-![CISS.debian.live.builder](/docs/screenshots/CISS.debian.live.builder_preview.jpeg)
+![CISS.debian.live.builder](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/screenshots/CISS.debian.live.builder_preview.jpeg)
 
 ## 1.3. Caution. Significant information for those considering using D-I.
 

docs/AUDIT_DNSSEC.md

@@ -14,7 +14,7 @@ include_toc: true
 
 This is an auto-generated overview of the DNSSEC status of `coresecret.dev` at the time of the last human-initiated push event.
 
-![DNSSEC Status](SECURITY/coresecret.dev.png)
+![DNSSEC Status](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/SECURITY/coresecret.dev.png)
 
 ---
 **[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**

docs/AUDIT_SSH.md

@@ -12,7 +12,7 @@ include_toc: true
 
 # 2. SSH Audit by ssh-audit.com
 
-![CISS.2025.debian.live.builder](/docs/screenshots/CISS.debian.live.builder_ssh_audit.png)
+![CISS.2025.debian.live.builder](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/screenshots/CISS.debian.live.builder_ssh_audit.png)
 
 # 3. SSH Audit by https://github.com/jtesta/ssh-audit