V8.13.768.2025.12.06
Some checks failed
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m13s
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 56s
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 51m3s
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 1m33s
Some checks failed
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m13s
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 56s
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 51m3s
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 1m33s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
name: 🔐 Generating a Private Live ISO TRIXIE.
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
name: 🔐 Generating a Private Live ISO TRIXIE.
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
name: 💙 Generating a PUBLIC Live ISO.
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ body:
|
||||
attributes:
|
||||
label: "Version"
|
||||
description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
|
||||
placeholder: "e.g., Master V8.13.544.2025.12.05"
|
||||
placeholder: "e.g., Master V8.13.768.2025.12.06"
|
||||
validations:
|
||||
required: true
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
FROM debian:bookworm
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
name: 🔁 Render README.md to README.html.
|
||||
|
||||
|
||||
@@ -11,5 +11,5 @@
|
||||
|
||||
build:
|
||||
counter: 1023
|
||||
version: V8.13.544.2025.12.05
|
||||
version: V8.13.768.2025.12.06
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
|
||||
|
||||
@@ -11,5 +11,5 @@
|
||||
|
||||
build:
|
||||
counter: 1023
|
||||
version: V8.13.544.2025.12.05
|
||||
version: V8.13.768.2025.12.06
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
|
||||
|
||||
@@ -11,5 +11,5 @@
|
||||
|
||||
build:
|
||||
counter: 1023
|
||||
version: V8.13.544.2025.12.05
|
||||
version: V8.13.768.2025.12.06
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
|
||||
|
||||
@@ -11,5 +11,5 @@
|
||||
|
||||
build:
|
||||
counter: 1023
|
||||
version: V8.13.544.2025.12.05
|
||||
version: V8.13.768.2025.12.06
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
name: 🔐 Generating a Private Live ISO TRIXIE.
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
name: 🔐 Generating a Private Live ISO TRIXIE.
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
name: 💙 Generating a PUBLIC Live ISO.
|
||||
|
||||
@@ -267,7 +267,7 @@ jobs:
|
||||
|
||||
AUTH="${SHARE_TOKEN}:${SHARE_PASS}"
|
||||
|
||||
if curl --retry 2 "${NC_BASE}"/public.php/webdav/"${VAR_ISO_FILE_NAME}"
|
||||
if curl --retry 2 "${NC_BASE}"/public.php/webdav/"${VAR_ISO_FILE_NAME}" \
|
||||
--upload-file "${VAR_ISO_FILE_PATH}" --user "${AUTH}" > /dev/null 2>&1; then
|
||||
|
||||
echo "✅ New ISO successfully uploaded."
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
# Gitea Workflow: Shell-Script Linting
|
||||
#
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
name: 🔁 Render Graphviz Diagrams.
|
||||
|
||||
|
||||
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="LicenseRef-CNCL-1.1 OR LicenseRef-CCLA-1.1 "
|
||||
properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
|
||||
properties_SPDX-PackageName="CISS.debian.live.builder"
|
||||
properties_SPDX-Security-Contact="security@coresecret.eu"
|
||||
properties_version="V8.13.544.2025.12.05"
|
||||
properties_version="V8.13.768.2025.12.06"
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
|
||||
|
||||
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
|
||||
Created: 2025-05-07T12:00:00Z
|
||||
Package: CISS.debian.live.builder
|
||||
PackageName: CISS.debian.live.builder
|
||||
PackageVersion: Master V8.13.544.2025.12.05
|
||||
PackageVersion: Master V8.13.768.2025.12.06
|
||||
PackageSupplier: Organization: Centurion Intelligence Consulting Agency
|
||||
PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
|
||||
PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
gitea: none
|
||||
include_toc: true
|
||||
---
|
||||
[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
|
||||
[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
|
||||
|
||||
[](https://eupl.eu/1.2/en/)
|
||||
[](https://opensource.org/license/eupl-1-2)
|
||||
@@ -27,7 +27,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
**CISS.debian.live.builder — First of its own.**<br>
|
||||
**World-class CIA: Designed, handcrafted and powered by Centurion Intelligence Consulting Agency.**
|
||||
@@ -175,7 +175,7 @@ installer toolchain.
|
||||
|
||||
This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
|
||||
|
||||
Example: `V8.13.544.2025.12.05`
|
||||
Example: `V8.13.768.2025.12.06`
|
||||
|
||||
`x.y.z` represents major (x), minor (y), and patch (z) version increments.
|
||||
|
||||
|
||||
@@ -8,15 +8,15 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2.1. Repository Structure
|
||||
# 2. Repository Structure
|
||||
|
||||
**Project:** Centurion Intelligence Consulting Agency Information Security Standard (CISS) — Debian Live Builder
|
||||
**Branch:** `master`
|
||||
**Repository State:** Master Version **8.13**, Build **V8.13.544.2025.12.05** (as of 2025-10-11)
|
||||
**Repository State:** Master Version **8.13**, Build **V8.13.768.2025.12.06** (as of 2025-10-11)
|
||||
|
||||
## 2.2. Top-Level Layout
|
||||
## 3.1. Top-Level Layout
|
||||
|
||||
````text
|
||||
CISS.debian.live.builder/
|
||||
@@ -59,15 +59,15 @@ CISS.debian.live.builder/
|
||||
|
||||
> **Note:** The ISO marker files (`LIVE_ISO.*`) are produced by CI workflows for convenient retrieval of generated images.
|
||||
|
||||
## 2.3. Directory Semantics
|
||||
## 3.2. Directory Semantics
|
||||
|
||||
### 2.3.1. `.gitea/` — CI/CD Orchestration
|
||||
### 3.2.1. `.gitea/` — CI/CD Orchestration
|
||||
- **`workflows/`**: Declarative Gitea Actions to lint shell scripts, render Graphviz/DNSSEC status, and generate **PUBLIC**/**PRIVATE (TRIXIE)** ISOs reproducibly.
|
||||
- **`trigger/`**: Manual/auxiliary trigger manifests (`t_generate_PUBLIC.yaml`, `t_generate_PRIVATE_trixie_{0,1}.yaml`, `t_generate_dns.yaml`) to drive pipeline variants.
|
||||
- **`ISSUE_TEMPLATE/`**: Issue and pull request templates to standardize change management.
|
||||
- **`properties/`** and **`TODO/`**: Auxiliary config fragments (JSON/Lua) and maintenance utilities (e.g., `render-md-to-html.yaml`).
|
||||
|
||||
### 2.3.2. `config/` — Live-Build Configuration
|
||||
### 3.2.2. `config/` — Live-Build Configuration
|
||||
- **`bootloaders/`**: Boot assets for GRUB in EFI and PC modes, incl. a branded splash image.
|
||||
- **`hooks/live/`**: **Ordered** `*.chroot` hooks implementing system configuration and hardening during image creation; the numeric prefixes dictate execution (e.g., `0000_basic_chroot_setup.chroot`, `0810_chrony_setup.chroot`, `0900_ufw_setup.chroot`, `9930_hardening_ssh.chroot`, `9950_hardening_fail2ban.chroot`).
|
||||
- **`includes.binary/boot/grub/`**: Static GRUB configuration embedded in the binary image (`config.cfg`).
|
||||
@@ -77,40 +77,40 @@ CISS.debian.live.builder/
|
||||
- `root/` (administrator dotfiles and keys).
|
||||
- **`package-lists/`**: Architecture-specific and common package manifests (`amd64`, `arm64`, `common`) used by `live-build`.
|
||||
|
||||
### 2.3.3. `docs/` — Documentation Corpus
|
||||
### 3.2.3. `docs/` — Documentation Corpus
|
||||
Audit reports (DNSSEC, Lynis, SSH, TLS, Haveged), **BOOTPARAMS**, **CHANGELOG**, **CODING_CONVENTION**, **CONTRIBUTING**, **REFERENCES**; plus `SECURITY/`, `LICENSES/`, architecture diagrams under `graphviz/`, and illustrative `screenshots/`.
|
||||
|
||||
### 2.3.4. `lib/` — Shell Library Modules
|
||||
### 3.2.4. `lib/` — Shell Library Modules
|
||||
Composable, single-purpose modules used by the wrapper and CI steps (argument parsing and validation, kernel/CPU mitigation checks, provider support, `lb config/build` scaffolding, usage/version banners, sanitization and traps, SSH/root-password hardening, ultra-hardening profile, etc.).
|
||||
|
||||
### 2.3.5. `scripts/` — Operational Helpers
|
||||
### 3.2.5. `scripts/` — Operational Helpers
|
||||
Ancillary scripts for DHCP supersedes, resolver bootstrapping, and live-boot verification; targeted paths such as `scripts/etc/network/` and `scripts/live-boot/` encapsulate deploy-time adjustments and integrity checks.
|
||||
|
||||
### 2.3.6. `var/` — Variables & Defaults
|
||||
### 3.2.6. `var/` — Variables & Defaults
|
||||
Layered variable sets (`early.var.sh`, `global.var.sh`, `bash.var.sh`, `color.var.sh`) providing early-boot defaults, global tuning, and TTY/UI niceties.
|
||||
|
||||
## 2.4. Key Files
|
||||
## 3.3. Key Files
|
||||
|
||||
- **`ciss_live_builder.sh`** — Primary entrypoint; orchestrates argument parsing, environment preparation, `lb config`/`lb build` execution and post-processing.
|
||||
- **`makefile`** & **`config.mk.sample`** — Make-based convenience wrapper and a sample configuration surface.
|
||||
- **`README.md`, `SECURITY.md`, `LICENSE`, `CISS.debian.live.builder.spdx`** — Project overview, security policy, licensing, and SPDX manifest for compliance.
|
||||
- **ISO markers**: `LIVE_ISO.public`, `LIVE_ISO_TRIXIE_{0,1}.private` reflect CI pipeline outputs.
|
||||
|
||||
## 2.5. Conventions & Build Logic
|
||||
## 3.4. Conventions & Build Logic
|
||||
|
||||
- **Hook Ordering**: Numeric prefixes (`0000_…` → `99xx_…`) strictly determine execution sequencing within `config/hooks/live/`. Early hooks establish base state (initramfs modules, checksums), mid-range hooks integrate security services (AppArmor, Chrony/NTPsec, Lynis, UFW, Fail2Ban, SSH auditing), late hooks enforce hardening and cleanup (SSH tightening, memory-dump policies, service disablement).
|
||||
- **Binary vs. Chroot Includes**: Assets under `includes.binary/` affect the ISO’s bootloader stage; `includes.chroot/` become part of the runtime filesystem.
|
||||
- **Architecture Scoping**: Package lists are split into `*amd64*`, `*arm64*`, and `*common*` to keep images minimal and deterministic.
|
||||
- **CI/CD**: Reproducible ISO builds are executed via Gitea workflows; dedicated `trigger/` manifests parameterize public vs. private images and auxiliary rendering jobs (e.g., DNSSEC status, Graphviz diagrams).
|
||||
|
||||
## 2.6. Cross-References (Documentation)
|
||||
## 3.5. Cross-References (Documentation)
|
||||
|
||||
- **Boot Parameters**: see `docs/BOOTPARAMS.md`.
|
||||
- **Audits**: `docs/AUDIT_*.md` (DNSSEC, Lynis, SSH, TLS, Haveged).
|
||||
- **Coding & Contribution**: `docs/CODING_CONVENTION.md`, `docs/CONTRIBUTING.md`.
|
||||
- **Change Log & References**: `docs/CHANGELOG.md`, `docs/REFERENCES.md`.
|
||||
|
||||
## 2.7. Licensing & Compliance
|
||||
## 3.6. Licensing & Compliance
|
||||
|
||||
The repository is **SPDX-compliant**; source files carry SPDX identifiers. See `CISS.debian.live.builder.spdx` and `LICENSE` for details.
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
[git.coresecret.dev]:42842 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQA107AVmg1D/jnyXiqbPf38zQRl8s3c+PM1zbfpeQl
|
||||
[git.coresecret.dev]:42842 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYD9ysmMWZlejUnxu0qOzeWcIYezoFLbYdo6ffGUL5kqOBAYb+5CF4bJLUpA93XFYVF+TbrcMV1yJh6JaHFL0VU5CvgAzruCeedx0c4qUV6lWcJUGNk5K0yb9n2Wosdy6F/zTOxL9KXBt/TV+cscsen2Dahvx0ctMKgNbu+vvUcWxHf9lOkbYoF/uA/nW5CVXy5XUPVUDFUhEeKXL85+6gid5AEMfYT8aRl5YDGvo1iMBmBYOljN4S7MnRe14qbAZG0GDGvF22eHbSU2pILcFIjc2Lo/S5Ox/MJpbLAqpFlLPTKgr6F7yVwfNMSNwl05ysUOZfrQKSXzCU6+lfqKYCwemLALyG/n1ernpp7/8W/2RYoz3fd+TQyfhW++rx3yUHpYCkTv9A4LRYZYGSAWKMHSBEYq3EcATQUxQi0xpwmcR+u0uC9F9eta5Bim+sBZD6F2hgPJ5xgYT8LFm880g1YadAwBoD4TAkqSvl+jYW0VA2GH9CknKHJ36gc/X4eeUHDC1Hf/E8M5RBj4D6NuHfeVRik/ahHmoCqKQUW7VU/EBsWFsngDiLEHcV71iMtWiUddWOHwoAPHIzn6p9HTeLCxTwsPMG5UDGK/S9HUozqDXxexRtqbcFa7DWuzRvZ1bcZ2VQsaafuzKCkkc4NjC7h1wssel7q9aeYPFg+1vS6Q==
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
### https://www.ssh-audit.com/
|
||||
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Version Master V8.13.544.2025.12.05
|
||||
# Version Master V8.13.768.2025.12.06
|
||||
|
||||
### https://docs.kernel.org/
|
||||
### https://github.com/a13xp0p0v/kernel-hardening-checker/
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
declare -gr VERSION="Master V8.13.544.2025.12.05"
|
||||
declare -gr VERSION="Master V8.13.768.2025.12.06"
|
||||
|
||||
### VERY EARLY CHECK FOR DEBUGGING
|
||||
if [[ $* == *" --debug "* ]]; then
|
||||
|
||||
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
|
||||
|
||||
# Please consider donating to my work at: https://coresecret.eu/spenden/
|
||||
###########################################################################################
|
||||
# Written by: ./preseed_hash_generator.sh Version: Master V8.13.544.2025.12.05 at: 10:18:37.9542
|
||||
# Written by: ./preseed_hash_generator.sh Version: Master V8.13.768.2025.12.06 at: 10:18:37.9542
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. DNSSEC Status
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. Haveged Audit on Netcup RS 2000 G11
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. Lynis Audit:
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. SSH Audit by ssh-audit.com
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. TLS Audit:
|
||||
````text
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. Hardened Kernel Boot Parameters
|
||||
|
||||
|
||||
@@ -8,10 +8,13 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. Changelog
|
||||
|
||||
## V8.13.768.2025.12.06
|
||||
* **Global**: Stable Release
|
||||
|
||||
## V8.13.544.2025.12.05
|
||||
* **Added**: [30-ciss-hardening.conf.md](documentation/30-ciss-hardening.conf.md)
|
||||
* **Added**: [90-ciss-local.hardened.md](documentation/90-ciss-local.hardened.md)
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. Centurion Net - Developer Branch Overview
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. Coding Style
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. Contributing / participating
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. Credits
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. Download the latest PUBLIC CISS.debian.live.ISO
|
||||
|
||||
|
||||
@@ -8,14 +8,14 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2.1. Usage
|
||||
````text
|
||||
CDLB(1) CISS.debian.live.builder CDLB(1)
|
||||
|
||||
CISS.debian.live.builder from https://git.coresecret.dev/msw
|
||||
Master V8.13.544.2025.12.05
|
||||
Master V8.13.768.2025.12.06
|
||||
A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
|
||||
|
||||
(c) Marc S. Weidner, 2018 - 2025
|
||||
@@ -146,7 +146,7 @@ A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
|
||||
💷 Please consider donating to my work at:
|
||||
🌐 https://coresecret.eu/spenden/
|
||||
|
||||
V8.13.544.2025.12.05 2025-11-06 CDLB(1)
|
||||
V8.13.768.2025.12.06 2025-11-06 CDLB(1)
|
||||
````
|
||||
|
||||
# 3. Booting
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. CISS.debian.live.builder – Boot & Trust Chain (Technical Documentation)
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. SSH Host Key Policy – CISS.debian.live.builder / CISS.debian.installer
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. Resources
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. ``30-ciss-hardening.conf``
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. ``90-ciss-local.hardened``
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ include_toc: true
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.544.2025.12.05<br>
|
||||
**Build**: V8.13.768.2025.12.06<br>
|
||||
|
||||
# 2. ``ciss_live_builder.sh``
|
||||
|
||||
|
||||
@@ -39,13 +39,13 @@ usage() {
|
||||
# shellcheck disable=SC2155
|
||||
declare var_header=$(center "CDLB(1) CISS.debian.live.builder CDLB(1)" "${var_cols}")
|
||||
# shellcheck disable=SC2155
|
||||
declare var_footer=$(center "V8.13.544.2025.12.05 2025-12-05 CDLB(1)" "${var_cols}")
|
||||
declare var_footer=$(center "V8.13.768.2025.12.06 2025-12-05 CDLB(1)" "${var_cols}")
|
||||
|
||||
{
|
||||
echo -e "\e[1;97m${var_header}\e[0m"
|
||||
echo
|
||||
echo -e "\e[92mCISS.debian.live.builder from https://git.coresecret.dev/msw \e[0m"
|
||||
echo -e "\e[92mMaster V8.13.544.2025.12.05\e[0m"
|
||||
echo -e "\e[92mMaster V8.13.768.2025.12.06\e[0m"
|
||||
echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m"
|
||||
echo
|
||||
echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025 \e[0m"
|
||||
|
||||
@@ -130,7 +130,7 @@ main() {
|
||||
touch "${var_log}"
|
||||
|
||||
|
||||
printf "CISS.debian.installer Master V8.13.544.2025.12.05 is up! \n" >> "${var_log}"
|
||||
printf "CISS.debian.installer Master V8.13.768.2025.12.06 is up! \n" >> "${var_log}"
|
||||
|
||||
### Sleep a moment to settle boot artifacts.
|
||||
sleep 8
|
||||
@@ -209,7 +209,7 @@ main() {
|
||||
|
||||
### Timeout reached without acceptable semaphore.
|
||||
logger -t cdi-watcher "No valid semaphore ${VAR_SEMAPHORE} (mode 0600) within ${VAR_TIMEOUT}s; exiting idle."
|
||||
printf "CISS.debian.installer Master V8.13.544.2025.12.05: No valid semaphore [%s] within [%s]s.\n" "${VAR_SEMAPHORE}" "${VAR_TIMEOUT}" >> "${var_log}"
|
||||
printf "CISS.debian.installer Master V8.13.768.2025.12.06: No valid semaphore [%s] within [%s]s.\n" "${VAR_SEMAPHORE}" "${VAR_TIMEOUT}" >> "${var_log}"
|
||||
|
||||
exit 0
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@ declare -grx VAR_GIT_HEAD_FULL="$(git rev-parse HEAD)"
|
||||
declare -grx VAR_HOST="$(uname -n)"
|
||||
declare -grx VAR_ISO8601="$(date -u -d "@${VAR_DATE_EPOCH}" '+%Y-%m-%dT%H:%M:%SZ')"
|
||||
declare -grx VAR_SYSTEM="$(uname -mnosv)"
|
||||
declare -grx VAR_VERSION="Master V8.13.544.2025.12.05"
|
||||
declare -grx VAR_VERSION="Master V8.13.768.2025.12.06"
|
||||
declare -grx VAR_VER_BASH="$(bash --version | head -n1 | awk '{
|
||||
# Print $4 and $5; include $6 only if it exists
|
||||
out = $4
|
||||
|
||||
Reference in New Issue
Block a user