V8.13.536.2025.12.04
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m24s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m24s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
33
README.md
33
README.md
@@ -29,21 +29,40 @@ include_toc: true
|
||||
**Master Version**: 8.13<br>
|
||||
**Build**: V8.13.536.2025.12.04<br>
|
||||
|
||||
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
|
||||
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
|
||||
cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`. Additionally, automated CI workflows
|
||||
based on Gitea Actions are provided, enabling reproducible ISO generation. A generic ISO is automatically built upon significant
|
||||
**CISS.debian.live.builder — First of its own.**
|
||||
**World-class CIA designed, handcrafted and powered by Centurion Intelligence Consulting Agency.**
|
||||
|
||||
This shell wrapper automates the creation of a Debian Trixie live ISO hardened according to the latest best practices in server
|
||||
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for cloud
|
||||
deployment or unattended installations via the forthcoming `CISS.debian.installer`. Additionally, automated CI workflows based
|
||||
on Gitea Actions are provided, enabling reproducible ISO generation. A generic ISO is automatically built upon significant
|
||||
changes and made publicly available for download. The latest generic ISO is available at:
|
||||
**[PUBLIC CISS.debian.live.ISO](/docs/DL_PUB_ISO.md)**
|
||||
|
||||
Check out more:
|
||||
* [CenturionNet Services](https://coresecret.eu/cnet/)
|
||||
Beyond a conventional live system, **CISS.debian.live.builder** assembles a **fully encrypted, integrity-protected live medium**
|
||||
in a single, deterministic build step: a LUKS2 container backed by `dm-integrity` hosting the SquashFS root filesystem, combined
|
||||
with a hardened initramfs chain including a dedicated Dropbear build pipeline for remote LUKS unlock. The resulting ISO ships
|
||||
with a hardened kernel configuration, strict sysctl and network tuning, pre-configured SSH hardening and fail2ban, and a
|
||||
customised `verify-checksums` path providing both ISO-edge verification and runtime attestation of the live root. All components
|
||||
are aligned with the `CISS.debian.installer` baseline, ensuring a unified cryptographic and security posture from first boot to
|
||||
an installed system.
|
||||
**[MAN_CISS_ISO_BOOT_CHAIN.md](docs/MAN_CISS_ISO_BOOT_CHAIN.md)**
|
||||
|
||||
Check out more leading world-class services powered by Centurion Intelligence Consulting Agency:
|
||||
* [CenturionDNS Resolver](https://eddns.eu/)
|
||||
* [CenturionDNS Blocklist](https://dns.eddns.eu/blocklists/centurion_titanium_ultimate.txt)
|
||||
* [CenturionMeet](https://talk.e2ee.li/)
|
||||
* [CenturionNet Services](https://coresecret.eu/cnet/)
|
||||
* [CenturionNet Status](https://uptime.coresecret.eu/)
|
||||
* [CenturionMeet](https://talk.e2ee.li/)
|
||||
|
||||
**Contact the author:**
|
||||
* [Contact the author](https://coresecret.eu/contact/)
|
||||
|
||||
**Legal Disclaimer:**
|
||||
* This project is not affiliated with, authorized, maintained, sponsored, or endorsed by [Debian Project](https://www.debian.org/)
|
||||
* [Centurion Imprint](https://coresecret.eu/imprint/)
|
||||
* [Centurion Privacy](https://coresecret.eu/privacy/)
|
||||
|
||||
## 1.1. Preliminary Remarks
|
||||
|
||||
### 1.1.1. HSM
|
||||
|
||||
Reference in New Issue
Block a user