diff --git a/.gitea/trigger/t_generate_dns.yaml b/.gitea/trigger/t_generate_dns.yaml
index e9e5d49..dd3b85f 100644
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@
build:
counter: 1024
- version: V8.02.644.2025.05.31
+ version: V8.02.768.2025.06.01
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
diff --git a/.version.properties b/.version.properties
index 951d07d..f6da7f0 100644
--- a/.version.properties
+++ b/.version.properties
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
properties_SPDX-LicenseComment="This file is part of the CISS.hardened.installer framework."
properties_SPDX-PackageName="CISS.debian.live.builder"
properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.02.644.2025.05.31"
+properties_version="V8.02.768.2025.06.01"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
\ No newline at end of file
diff --git a/CISS.debian.live.builder.spdx b/CISS.debian.live.builder.spdx
index d3f1c83..7b79e2e 100644
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
Created: 2025-05-07T12:00:00Z
Package: CISS.debian.live.builder
PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.02.644.2025.05.31
+PackageVersion: Master V8.02.768.2025.06.01
PackageSupplier: Organization: Centurion Intelligence Consulting Agency
PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
diff --git a/README.md b/README.md
index 41b3e8d..d3c67b6 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
gitea: none
include_toc: true
---
-[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
[](https://eupl.eu/1.2/en/)
[](https://opensource.org/license/eupl-1-2)
@@ -26,7 +26,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -131,7 +131,7 @@ Below is a breakdown of each hardening component, with a summary of why each is
### 2.1.1. Boot Parameters
-* **Description**: Customizes kernel command‑line flags to disable unused features and enable mitigations.
+* **Description**: Customizes kernel command-line flags to disable unused features and enable mitigations.
* **Key Parameters**:
* `audit_backlog_limit=8192`: Ensures the audit subsystem can queue up to 8192 events to avoid dropped logs under heavy loads.
* `audit=1`: Enables kernel auditing from boot to record system calls and security events.
@@ -171,12 +171,12 @@ Below is a breakdown of each hardening component, with a summary of why each is
### 2.1.2. CPU Vulnerability Mitigations
* **Description**: Enables all known kernel-level mitigations (Spectre, Meltdown, MDS, L1TF, etc.).
-* **Rationale**: Prevents side‑channel attacks that exploit speculative execution, which remain a high‑risk vector in
- multi‑tenant cloud environments.
+* **Rationale**: Prevents side-channel attacks that exploit speculative execution, which remain a high-risk vector in
+ multi-tenant cloud environments.
### 2.1.3. Kernel Self-Protection
-* **Description**: Activates `CONFIG_DEBUG_RODATA`, `CONFIG_STRICT_MODULE_RWX`, and other self‑protections.
+* **Description**: Activates `CONFIG_DEBUG_RODATA`, `CONFIG_STRICT_MODULE_RWX`, and other self-protections.
* **Rationale**: Hardens kernel memory regions against unauthorized writings and enforces stricter module loading policies.
### 2.1.4. Local Kernel Hardening
@@ -210,14 +210,14 @@ apply or revert these controls.
## 2.2. Module Blacklisting
-* **Description**: Disables and blacklists non‑essential or insecure kernel modules.
+* **Description**: Disables and blacklists non-essential or insecure kernel modules.
* **Rationale**: Minimizes attack surface by preventing loads of drivers or modules not required by the live environment.
## 2.3. Network Hardening
* **Description**: Applies `sysctl` settings (e.g., `net.ipv4.conf.all.rp_filter=1`, `arp_ignore`, `arp_announce`) to restrict
inbound/outbound traffic behaviors.
-* **Rationale**: Mitigates ARP spoofing, IP spoofing, and reduces the risk of man‑in‑the‑middle on internal networks.
+* **Rationale**: Mitigates ARP spoofing, IP spoofing, and reduces the risk of man-in-the-middle on internal networks.
## 2.4. Core Dump & Kernel Hardening
@@ -234,7 +234,7 @@ apply or revert these controls.
## 2.6. Permissions & Authentication
* **Description**: Sets strict directory and file permissions, integrates with PAM modules (e.g., `pam_faillock`).
-* **Rationale**: Enforces the principle of least privilege at file‑system level and strengthens authentication policies.
+* **Rationale**: Enforces the principle of least privilege at file-system level and strengthens authentication policies.
## 2.7. High-Security Baseline (Lynis Audit)
@@ -248,11 +248,11 @@ apply or revert these controls.
* **Description**: The SSH tunnel and access are secured through multiple layers of defense:
* **Firewall Restriction**: ufw allows connections only from defined jump host or VPN exit node IPs.
* **TCP Wrappers**: `/etc/hosts.allow` and `/etc/hosts.deny` enforce an `ALL: ALL` deny policy, permitting only specified hosts.
- * **One‑Hit Ban**: A custom Fail2Ban rule `/etc/fail2ban/jail.d/centurion-default.conf` immediately bans any host
+ * **One-Hit Ban**: A custom Fail2Ban rule `/etc/fail2ban/jail.d/centurion-default.conf` immediately bans any host
that touches closed ports.
* Additionally, the `fail2ban` service is hardened as well according to:
[Arch Linux Wiki Fail2ban Hardening](https://wiki.archlinux.org/title/fail2ban#Service_hardening)
- * **SSH Ultra‑Hardening**: The `/etc/sshd_config` enforces strict cryptographic and connection controls with respect to
+ * **SSH Ultra-Hardening**: The `/etc/sshd_config` enforces strict cryptographic and connection controls with respect to
[SSH Audit Guide Debian 12](https://www.ssh-audit.com/hardening_guides.html#debian_12):
* `RekeyLimit 1G 1h`
* `HostKey /etc/ssh/ssh_host_ed25519_key`
@@ -277,7 +277,7 @@ apply or revert these controls.
## 2.9. UFW Hardening
* **Description**: Defaults to `deny incoming` and (optionally) `deny outgoing`; automatically opens only whitelisted ports.
-* **Rationale**: Implements a default‑deny firewall, reducing lateral movement and data exfiltration risks immediately after
+* **Rationale**: Implements a default-deny firewall, reducing lateral movement and data exfiltration risks immediately after
deployment.
## 2.10. Fail2Ban Enhancements
@@ -286,13 +286,13 @@ apply or revert these controls.
* Bans any connection to a closed port for 24 hours
* Automatically ignores designated bastion/jump host subnets
* Hardened via `systemd` policy override to limit privileges of the Fail2Ban service itself
-* **Rationale**: Provides proactive defense against port scans and brute‑force attacks, while isolating the ban daemon in a
- minimal‑privilege context.
+* **Rationale**: Provides proactive defense against port scans and brute-force attacks, while isolating the ban daemon in a
+ minimal-privilege context.
## 2.11. NTPsec & Chrony
* **Description**: Installs `chrony`, selects PTB NTPsec servers by default.
-* **Rationale**: Ensures tamper‑resistant time synchronization, which is essential for log integrity, certificate validation,
+* **Rationale**: Ensures tamper-resistant time synchronization, which is essential for log integrity, certificate validation,
and forensic accuracy.
# 3. Script Features & Rationale
@@ -379,9 +379,15 @@ predictable script behavior.
git clone https://git.coresecret.dev/msw/CISS.debian.live.builder.git
cd CISS.debian.live.builder
```
-2. Edit the '.gitea/workflows/generate-iso.yaml' file according to your requirements.
+2. Preparation:
+ 1. Ensure you are root.
+ 2. Place your desired SSH public key in the `authorized_keys` file, for example, in the `/opt/gitea/CISS.debian.live.builder` directory.
+ 3. Place your desired Password in the `password.txt` file, for example, in the `/opt/gitea/CISS.debian.live.builder` directory.
+ 4. Make any other changes you need to.
+3. Run the config builder script `./ciss_live_builder.sh` and the integrated `lb build` command (example):
```yaml
+ chmod 0700 ./ciss_live_builder.sh
./ciss_live_builder.sh --architecture amd64 \
--build-directory /opt/livebuild \
--change-splash hexagon \
@@ -396,16 +402,80 @@ predictable script behavior.
--ssh-port 4242 \
--ssh-pubkey /opt/gitea/CISS.debian.live.builder
```
-3. Locate your ISO in the `--build-directory`.
-4. Boot from the ISO and login to the live image via the console, or the multi-layer secured coresecret SSH tunnel.
-5. Type `sysp` for the final kernel hardening features.
-6. Check the boot log with `jboot` and via `ssf` that all services are up.
-7. Finally, audit your environment with `lsadt` for a comprehensive Lynis audit.
-8. Type `celp` for some shortcuts.
+4. Locate your ISO in the `--build-directory`.
+5. Boot from the ISO and login to the live image via the console, or the multi-layer secured **coresecret** SSH tunnel.
+6. Type `sysp` for the final kernel hardening features.
+7. Check the boot log with `jboot` and via `ssf` that all services are up.
+8. Finally, audit your environment with `lsadt` for a comprehensive Lynis audit.
+9. Type `celp` for some shortcuts.
# 5.2. CI/CD Gitea Runner Workflow Example
-1. tba
+1. Clone the repository:
+
+ ```bash
+ git clone https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+ cd CISS.debian.live.builder
+ ```
+2. Edit the `.gitea/workflows/generate-iso.yaml` file according to your requirements. Ensure that the trigger file
+ `.gitea/trigger/t_generate.iso.yaml` and the counter are updated. Change all the necessary `{{ secrets.VAR }}`.
+ Push your commits to trigger the workflow. Then download your final ISO from the specified Location.
+
+ ```yaml
+ #...
+ steps:
+ - name: Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
+ run: |
+ rm -rf ~/.ssh && mkdir -m700 ~/.ssh
+
+ ### Private Key
+ echo "${{ secrets.CHANGE_ME }}" >| ~/.ssh/id_ed25519
+ chmod 600 ~/.ssh/id_ed25519
+ #...
+ ### https://github.com/actions/checkout/issues/1843
+ - name: Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
+ run: |
+ git clone --branch "${GITHUB_REF_NAME}" ssh://git@CHANGE_ME .
+ #...
+ - name: Importing the 'CI PGP DEPLOY ONLY' key.
+ run: |
+ ### GPG-Home relative to the Runner Workspace to avoid changing global files.
+ export GNUPGHOME="$(pwd)/.gnupg"
+ mkdir -m700 "${GNUPGHOME}"
+ echo "${{ secrets.CHANGE_ME }}" >| ci-bot.sec.asc
+ #...
+ - name: Configuring Git for signed CI/DEPLOY commits.
+ run: |
+ export GNUPGHOME="$(pwd)/.gnupg"
+ git config user.name "CHANGE_ME"
+ git config user.email "CHANGE_ME"
+ #...
+ - name: Preparing the build environment.
+ run: |
+ rm -rf opt/{config,livebuild}
+ mkdir -p opt/{config,livebuild}
+ echo "${{ secrets.CHANGE_ME }}" >| opt/config/password.txt
+ echo "${{ secrets.CHANGE_ME }}" >| opt/config/authorized_keys
+ #...
+ - name: Starting CISS.debian.live.builder. This may take a while ...
+ run: |
+ chmod 0700 ciss_live_builder.sh && chown root:root ciss_live_builder.sh
+ timestamp=$(date -u +"%Y_%m_%d_%H_%M_Z")
+ ### Change "--autobuild=" to the specific kernel version you need: '6.12.22+bpo-amd64'.
+ ./ciss_live_builder.sh \
+ --autobuild=CHANGE_ME \
+ --architecture CHANGE_ME \
+ --build-directory opt/livebuild \
+ --control "${timestamp}" \
+ --jump-host "${{ secrets.CHANGE_ME }}" \
+ --renice-priority "-19" \
+ --reionice-priority 1 2 \
+ --root-password-file opt/config/password.txt \
+ --ssh-port CHANGE_ME \
+ --ssh-pubkey opt/config
+ #...
+ ### SKIP OR ADAPT ALL REMAINING STEPS
+ ```
# 6. Licensing & Compliance
@@ -415,7 +485,7 @@ standard for license expressions and metadata.
# 7. Disclaimer
-This README is provided "as‑is" without any warranty. Review your organization's policies before deploying to production.
+This README is provided "as-is" without any warranty. Review your organization's policies before deploying to production.
---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh
index 223fa18..feb7e7a 100644
--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -40,7 +40,7 @@
declare -g VAR_HANDLER_AUTOBUILD="false"
declare -gr VAR_CONTACT="security@coresecret.eu"
-declare -gr VAR_VERSION="Master V8.02.644.2025.05.31"
+declare -gr VAR_VERSION="Master V8.02.768.2025.06.01"
### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING
declare arg
diff --git a/config/includes.chroot/etc/ssh/sshd_config b/config/includes.chroot/etc/ssh/sshd_config
index a6081fb..3818c42 100644
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.02.644.2025.05.31
+### Version Master V8.02.768.2025.06.01
### https://www.ssh-audit.com/
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
diff --git a/config/includes.chroot/etc/sysctl.d/99_local.hardened b/config/includes.chroot/etc/sysctl.d/99_local.hardened
index 33bf1cd..5be1945 100644
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.02.644.2025.05.31
+### Version Master V8.02.768.2025.06.01
### https://docs.kernel.org/
### https://github.com/a13xp0p0v/kernel-hardening-checker/
diff --git a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
index c0cbc83..57b4033 100644
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-declare -gr VERSION="Master V8.02.644.2025.05.31"
+declare -gr VERSION="Master V8.02.768.2025.06.01"
### VERY EARLY CHECK FOR DEBUGGING
if [[ $* == *" --debug "* ]]; then
diff --git a/config/includes.chroot/preseed/preseed.cfg b/config/includes.chroot/preseed/preseed.cfg
index 985717b..9f06cc8 100644
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
# Please consider donating to my work at: https://coresecret.eu/spenden/
###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.02.644.2025.05.31 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.02.768.2025.06.01 at: 10:18:37.9542
diff --git a/docs/AUDIT_DNSSEC.md b/docs/AUDIT_DNSSEC.md
index 2df6254..9c9405f 100644
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. DNSSEC Status
diff --git a/docs/AUDIT_HAVEGED.md b/docs/AUDIT_HAVEGED.md
index d67d19a..9f551db 100644
--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Haveged Audit on Netcup RS 2000 G11
diff --git a/docs/AUDIT_LYNIS.md b/docs/AUDIT_LYNIS.md
index 67da645..f06d0ef 100644
--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Lynis Audit:
diff --git a/docs/AUDIT_SSH.md b/docs/AUDIT_SSH.md
index da0d26c..ee0b78f 100644
--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. SSH Audit by ssh-audit.com
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 7b2386b..a9b4ea7 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# TBA
diff --git a/docs/CODING_CONVENTION.md b/docs/CODING_CONVENTION.md
index 2757c75..f3c33bb 100644
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Coding Style
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index 6c9a41e..9bc9fd3 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Contributors
diff --git a/docs/CREDITS.md b/docs/CREDITS.md
index 76ba7bf..3462c4a 100644
--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Credits
diff --git a/docs/DOCUMENTATION.md b/docs/DOCUMENTATION.md
index 72dbc70..81ff950 100644
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Usage
````text
CISS.debian.live.builder
-Master V8.02.644.2025.05.31
+Master V8.02.768.2025.06.01
(c) Marc S. Weidner, 2018 - 2025
(p) Centurion Press, 2024 - 2025
diff --git a/docs/REFERENCES.md b/docs/REFERENCES.md
index a01e6b6..85dc82c 100644
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Resources
diff --git a/lib/lib_check_provider.sh b/lib/lib_check_provider.sh
index 0cede07..56763ca 100644
--- a/lib/lib_check_provider.sh
+++ b/lib/lib_check_provider.sh
@@ -18,7 +18,7 @@
check_provider() {
clear
cat << 'EOF' >| "${VAR_NOTES}"
-Build: Master V8.02.644.2025.05.31
+Build: Master V8.02.768.2025.06.01
Press 'EXIT' to continue with CISS.debian.live.builder.
diff --git a/lib/lib_usage.sh b/lib/lib_usage.sh
index f63b756..4828dfc 100644
--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -22,7 +22,7 @@ usage() {
cat << EOF
$(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.02.644.2025.05.31\e[0m")
+$(echo -e "\e[92mMaster V8.02.768.2025.06.01\e[0m")
$(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
$(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m")
diff --git a/scripts/9000-cdi-starter b/scripts/9000-cdi-starter
index 56d56c7..b2e4254 100644
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
# sleep 1
[[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.02.644.2025.05.31 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.02.768.2025.06.01 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh