From 3c6a83fdb02230e713fe00ed2c0127f04cdaf02487dea1a10403f73e72bbe273 Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Sun, 1 Jun 2025 09:37:02 +0200 Subject: [PATCH] V8.02.768.2025.06.01 Signed-off-by: Marc S. Weidner --- .gitea/trigger/t_generate_dns.yaml | 2 +- .version.properties | 2 +- CISS.debian.live.builder.spdx | 2 +- README.md | 118 ++++++++++++++---- ciss_live_builder.sh | 2 +- config/includes.chroot/etc/ssh/sshd_config | 2 +- .../etc/sysctl.d/99_local.hardened | 2 +- .../preseed/.iso/preseed_hash_generator.sh | 2 +- config/includes.chroot/preseed/preseed.cfg | 2 +- docs/AUDIT_DNSSEC.md | 2 +- docs/AUDIT_HAVEGED.md | 2 +- docs/AUDIT_LYNIS.md | 2 +- docs/AUDIT_SSH.md | 2 +- docs/CHANGELOG.md | 2 +- docs/CODING_CONVENTION.md | 2 +- docs/CONTRIBUTING.md | 2 +- docs/CREDITS.md | 2 +- docs/DOCUMENTATION.md | 4 +- docs/REFERENCES.md | 2 +- lib/lib_check_provider.sh | 2 +- lib/lib_usage.sh | 2 +- scripts/9000-cdi-starter | 2 +- 22 files changed, 116 insertions(+), 46 deletions(-) diff --git a/.gitea/trigger/t_generate_dns.yaml b/.gitea/trigger/t_generate_dns.yaml index e9e5d49..dd3b85f 100644 --- a/.gitea/trigger/t_generate_dns.yaml +++ b/.gitea/trigger/t_generate_dns.yaml @@ -11,5 +11,5 @@ build: counter: 1024 - version: V8.02.644.2025.05.31 + version: V8.02.768.2025.06.01 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml diff --git a/.version.properties b/.version.properties index 951d07d..f6da7f0 100644 --- a/.version.properties +++ b/.version.properties @@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0" properties_SPDX-LicenseComment="This file is part of the CISS.hardened.installer framework." properties_SPDX-PackageName="CISS.debian.live.builder" properties_SPDX-Security-Contact="security@coresecret.eu" -properties_version="V8.02.644.2025.05.31" +properties_version="V8.02.768.2025.06.01" # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf \ No newline at end of file diff --git a/CISS.debian.live.builder.spdx b/CISS.debian.live.builder.spdx index d3f1c83..7b79e2e 100644 --- a/CISS.debian.live.builder.spdx +++ b/CISS.debian.live.builder.spdx @@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency) Created: 2025-05-07T12:00:00Z Package: CISS.debian.live.builder PackageName: CISS.debian.live.builder -PackageVersion: Master V8.02.644.2025.05.31 +PackageVersion: Master V8.02.768.2025.06.01 PackageSupplier: Organization: Centurion Intelligence Consulting Agency PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder diff --git a/README.md b/README.md index 41b3e8d..d3c67b6 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ gitea: none include_toc: true --- -[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.02.644.2025.05.31-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder) +[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.02.768.2025.06.01-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)   [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/)   [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2)   @@ -26,7 +26,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for @@ -131,7 +131,7 @@ Below is a breakdown of each hardening component, with a summary of why each is ### 2.1.1. Boot Parameters -* **Description**: Customizes kernel command‑line flags to disable unused features and enable mitigations. +* **Description**: Customizes kernel command-line flags to disable unused features and enable mitigations. * **Key Parameters**: * `audit_backlog_limit=8192`: Ensures the audit subsystem can queue up to 8192 events to avoid dropped logs under heavy loads. * `audit=1`: Enables kernel auditing from boot to record system calls and security events. @@ -171,12 +171,12 @@ Below is a breakdown of each hardening component, with a summary of why each is ### 2.1.2. CPU Vulnerability Mitigations * **Description**: Enables all known kernel-level mitigations (Spectre, Meltdown, MDS, L1TF, etc.). -* **Rationale**: Prevents side‑channel attacks that exploit speculative execution, which remain a high‑risk vector in - multi‑tenant cloud environments. +* **Rationale**: Prevents side-channel attacks that exploit speculative execution, which remain a high-risk vector in + multi-tenant cloud environments. ### 2.1.3. Kernel Self-Protection -* **Description**: Activates `CONFIG_DEBUG_RODATA`, `CONFIG_STRICT_MODULE_RWX`, and other self‑protections. +* **Description**: Activates `CONFIG_DEBUG_RODATA`, `CONFIG_STRICT_MODULE_RWX`, and other self-protections. * **Rationale**: Hardens kernel memory regions against unauthorized writings and enforces stricter module loading policies. ### 2.1.4. Local Kernel Hardening @@ -210,14 +210,14 @@ apply or revert these controls. ## 2.2. Module Blacklisting -* **Description**: Disables and blacklists non‑essential or insecure kernel modules. +* **Description**: Disables and blacklists non-essential or insecure kernel modules. * **Rationale**: Minimizes attack surface by preventing loads of drivers or modules not required by the live environment. ## 2.3. Network Hardening * **Description**: Applies `sysctl` settings (e.g., `net.ipv4.conf.all.rp_filter=1`, `arp_ignore`, `arp_announce`) to restrict inbound/outbound traffic behaviors. -* **Rationale**: Mitigates ARP spoofing, IP spoofing, and reduces the risk of man‑in‑the‑middle on internal networks. +* **Rationale**: Mitigates ARP spoofing, IP spoofing, and reduces the risk of man-in-the-middle on internal networks. ## 2.4. Core Dump & Kernel Hardening @@ -234,7 +234,7 @@ apply or revert these controls. ## 2.6. Permissions & Authentication * **Description**: Sets strict directory and file permissions, integrates with PAM modules (e.g., `pam_faillock`). -* **Rationale**: Enforces the principle of least privilege at file‑system level and strengthens authentication policies. +* **Rationale**: Enforces the principle of least privilege at file-system level and strengthens authentication policies. ## 2.7. High-Security Baseline (Lynis Audit) @@ -248,11 +248,11 @@ apply or revert these controls. * **Description**: The SSH tunnel and access are secured through multiple layers of defense: * **Firewall Restriction**: ufw allows connections only from defined jump host or VPN exit node IPs. * **TCP Wrappers**: `/etc/hosts.allow` and `/etc/hosts.deny` enforce an `ALL: ALL` deny policy, permitting only specified hosts. - * **One‑Hit Ban**: A custom Fail2Ban rule `/etc/fail2ban/jail.d/centurion-default.conf` immediately bans any host + * **One-Hit Ban**: A custom Fail2Ban rule `/etc/fail2ban/jail.d/centurion-default.conf` immediately bans any host that touches closed ports. * Additionally, the `fail2ban` service is hardened as well according to: [Arch Linux Wiki Fail2ban Hardening](https://wiki.archlinux.org/title/fail2ban#Service_hardening) - * **SSH Ultra‑Hardening**: The `/etc/sshd_config` enforces strict cryptographic and connection controls with respect to + * **SSH Ultra-Hardening**: The `/etc/sshd_config` enforces strict cryptographic and connection controls with respect to [SSH Audit Guide Debian 12](https://www.ssh-audit.com/hardening_guides.html#debian_12): * `RekeyLimit 1G 1h` * `HostKey /etc/ssh/ssh_host_ed25519_key` @@ -277,7 +277,7 @@ apply or revert these controls. ## 2.9. UFW Hardening * **Description**: Defaults to `deny incoming` and (optionally) `deny outgoing`; automatically opens only whitelisted ports. -* **Rationale**: Implements a default‑deny firewall, reducing lateral movement and data exfiltration risks immediately after +* **Rationale**: Implements a default-deny firewall, reducing lateral movement and data exfiltration risks immediately after deployment. ## 2.10. Fail2Ban Enhancements @@ -286,13 +286,13 @@ apply or revert these controls. * Bans any connection to a closed port for 24 hours * Automatically ignores designated bastion/jump host subnets * Hardened via `systemd` policy override to limit privileges of the Fail2Ban service itself -* **Rationale**: Provides proactive defense against port scans and brute‑force attacks, while isolating the ban daemon in a - minimal‑privilege context. +* **Rationale**: Provides proactive defense against port scans and brute-force attacks, while isolating the ban daemon in a + minimal-privilege context. ## 2.11. NTPsec & Chrony * **Description**: Installs `chrony`, selects PTB NTPsec servers by default. -* **Rationale**: Ensures tamper‑resistant time synchronization, which is essential for log integrity, certificate validation, +* **Rationale**: Ensures tamper-resistant time synchronization, which is essential for log integrity, certificate validation, and forensic accuracy. # 3. Script Features & Rationale @@ -379,9 +379,15 @@ predictable script behavior. git clone https://git.coresecret.dev/msw/CISS.debian.live.builder.git cd CISS.debian.live.builder ``` -2. Edit the '.gitea/workflows/generate-iso.yaml' file according to your requirements. +2. Preparation: + 1. Ensure you are root. + 2. Place your desired SSH public key in the `authorized_keys` file, for example, in the `/opt/gitea/CISS.debian.live.builder` directory. + 3. Place your desired Password in the `password.txt` file, for example, in the `/opt/gitea/CISS.debian.live.builder` directory. + 4. Make any other changes you need to. +3. Run the config builder script `./ciss_live_builder.sh` and the integrated `lb build` command (example): ```yaml + chmod 0700 ./ciss_live_builder.sh ./ciss_live_builder.sh --architecture amd64 \ --build-directory /opt/livebuild \ --change-splash hexagon \ @@ -396,16 +402,80 @@ predictable script behavior. --ssh-port 4242 \ --ssh-pubkey /opt/gitea/CISS.debian.live.builder ``` -3. Locate your ISO in the `--build-directory`. -4. Boot from the ISO and login to the live image via the console, or the multi-layer secured coresecret SSH tunnel. -5. Type `sysp` for the final kernel hardening features. -6. Check the boot log with `jboot` and via `ssf` that all services are up. -7. Finally, audit your environment with `lsadt` for a comprehensive Lynis audit. -8. Type `celp` for some shortcuts. +4. Locate your ISO in the `--build-directory`. +5. Boot from the ISO and login to the live image via the console, or the multi-layer secured **coresecret** SSH tunnel. +6. Type `sysp` for the final kernel hardening features. +7. Check the boot log with `jboot` and via `ssf` that all services are up. +8. Finally, audit your environment with `lsadt` for a comprehensive Lynis audit. +9. Type `celp` for some shortcuts. # 5.2. CI/CD Gitea Runner Workflow Example -1. tba +1. Clone the repository: + + ```bash + git clone https://git.coresecret.dev/msw/CISS.debian.live.builder.git + cd CISS.debian.live.builder + ``` +2. Edit the `.gitea/workflows/generate-iso.yaml` file according to your requirements. Ensure that the trigger file + `.gitea/trigger/t_generate.iso.yaml` and the counter are updated. Change all the necessary `{{ secrets.VAR }}`. + Push your commits to trigger the workflow. Then download your final ISO from the specified Location. + + ```yaml + #... + steps: + - name: Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config. + run: | + rm -rf ~/.ssh && mkdir -m700 ~/.ssh + + ### Private Key + echo "${{ secrets.CHANGE_ME }}" >| ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + #... + ### https://github.com/actions/checkout/issues/1843 + - name: Using manual clone via SSH to circumvent Gitea SHA-256 object issues. + run: | + git clone --branch "${GITHUB_REF_NAME}" ssh://git@CHANGE_ME . + #... + - name: Importing the 'CI PGP DEPLOY ONLY' key. + run: | + ### GPG-Home relative to the Runner Workspace to avoid changing global files. + export GNUPGHOME="$(pwd)/.gnupg" + mkdir -m700 "${GNUPGHOME}" + echo "${{ secrets.CHANGE_ME }}" >| ci-bot.sec.asc + #... + - name: Configuring Git for signed CI/DEPLOY commits. + run: | + export GNUPGHOME="$(pwd)/.gnupg" + git config user.name "CHANGE_ME" + git config user.email "CHANGE_ME" + #... + - name: Preparing the build environment. + run: | + rm -rf opt/{config,livebuild} + mkdir -p opt/{config,livebuild} + echo "${{ secrets.CHANGE_ME }}" >| opt/config/password.txt + echo "${{ secrets.CHANGE_ME }}" >| opt/config/authorized_keys + #... + - name: Starting CISS.debian.live.builder. This may take a while ... + run: | + chmod 0700 ciss_live_builder.sh && chown root:root ciss_live_builder.sh + timestamp=$(date -u +"%Y_%m_%d_%H_%M_Z") + ### Change "--autobuild=" to the specific kernel version you need: '6.12.22+bpo-amd64'. + ./ciss_live_builder.sh \ + --autobuild=CHANGE_ME \ + --architecture CHANGE_ME \ + --build-directory opt/livebuild \ + --control "${timestamp}" \ + --jump-host "${{ secrets.CHANGE_ME }}" \ + --renice-priority "-19" \ + --reionice-priority 1 2 \ + --root-password-file opt/config/password.txt \ + --ssh-port CHANGE_ME \ + --ssh-pubkey opt/config + #... + ### SKIP OR ADAPT ALL REMAINING STEPS + ``` # 6. Licensing & Compliance @@ -415,7 +485,7 @@ standard for license expressions and metadata. # 7. Disclaimer -This README is provided "as‑is" without any warranty. Review your organization's policies before deploying to production. +This README is provided "as-is" without any warranty. Review your organization's policies before deploying to production. --- **[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)** diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh index 223fa18..feb7e7a 100644 --- a/ciss_live_builder.sh +++ b/ciss_live_builder.sh @@ -40,7 +40,7 @@ declare -g VAR_HANDLER_AUTOBUILD="false" declare -gr VAR_CONTACT="security@coresecret.eu" -declare -gr VAR_VERSION="Master V8.02.644.2025.05.31" +declare -gr VAR_VERSION="Master V8.02.768.2025.06.01" ### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING declare arg diff --git a/config/includes.chroot/etc/ssh/sshd_config b/config/includes.chroot/etc/ssh/sshd_config index a6081fb..3818c42 100644 --- a/config/includes.chroot/etc/ssh/sshd_config +++ b/config/includes.chroot/etc/ssh/sshd_config @@ -9,7 +9,7 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -### Version Master V8.02.644.2025.05.31 +### Version Master V8.02.768.2025.06.01 ### https://www.ssh-audit.com/ ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig diff --git a/config/includes.chroot/etc/sysctl.d/99_local.hardened b/config/includes.chroot/etc/sysctl.d/99_local.hardened index 33bf1cd..5be1945 100644 --- a/config/includes.chroot/etc/sysctl.d/99_local.hardened +++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened @@ -9,7 +9,7 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -### Version Master V8.02.644.2025.05.31 +### Version Master V8.02.768.2025.06.01 ### https://docs.kernel.org/ ### https://github.com/a13xp0p0v/kernel-hardening-checker/ diff --git a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh index c0cbc83..57b4033 100644 --- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh +++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh @@ -10,7 +10,7 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -declare -gr VERSION="Master V8.02.644.2025.05.31" +declare -gr VERSION="Master V8.02.768.2025.06.01" ### VERY EARLY CHECK FOR DEBUGGING if [[ $* == *" --debug "* ]]; then diff --git a/config/includes.chroot/preseed/preseed.cfg b/config/includes.chroot/preseed/preseed.cfg index 985717b..9f06cc8 100644 --- a/config/includes.chroot/preseed/preseed.cfg +++ b/config/includes.chroot/preseed/preseed.cfg @@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh # Please consider donating to my work at: https://coresecret.eu/spenden/ ########################################################################################### -# Written by: ./preseed_hash_generator.sh Version: Master V8.02.644.2025.05.31 at: 10:18:37.9542 +# Written by: ./preseed_hash_generator.sh Version: Master V8.02.768.2025.06.01 at: 10:18:37.9542 diff --git a/docs/AUDIT_DNSSEC.md b/docs/AUDIT_DNSSEC.md index 2df6254..9c9405f 100644 --- a/docs/AUDIT_DNSSEC.md +++ b/docs/AUDIT_DNSSEC.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. DNSSEC Status diff --git a/docs/AUDIT_HAVEGED.md b/docs/AUDIT_HAVEGED.md index d67d19a..9f551db 100644 --- a/docs/AUDIT_HAVEGED.md +++ b/docs/AUDIT_HAVEGED.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Haveged Audit on Netcup RS 2000 G11 diff --git a/docs/AUDIT_LYNIS.md b/docs/AUDIT_LYNIS.md index 67da645..f06d0ef 100644 --- a/docs/AUDIT_LYNIS.md +++ b/docs/AUDIT_LYNIS.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Lynis Audit: diff --git a/docs/AUDIT_SSH.md b/docs/AUDIT_SSH.md index da0d26c..ee0b78f 100644 --- a/docs/AUDIT_SSH.md +++ b/docs/AUDIT_SSH.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. SSH Audit by ssh-audit.com diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 7b2386b..a9b4ea7 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# TBA diff --git a/docs/CODING_CONVENTION.md b/docs/CODING_CONVENTION.md index 2757c75..f3c33bb 100644 --- a/docs/CODING_CONVENTION.md +++ b/docs/CODING_CONVENTION.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Coding Style diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index 6c9a41e..9bc9fd3 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Contributors diff --git a/docs/CREDITS.md b/docs/CREDITS.md index 76ba7bf..3462c4a 100644 --- a/docs/CREDITS.md +++ b/docs/CREDITS.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Credits diff --git a/docs/DOCUMENTATION.md b/docs/DOCUMENTATION.md index 72dbc70..81ff950 100644 --- a/docs/DOCUMENTATION.md +++ b/docs/DOCUMENTATION.md @@ -8,12 +8,12 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Usage ````text CISS.debian.live.builder -Master V8.02.644.2025.05.31 +Master V8.02.768.2025.06.01 (c) Marc S. Weidner, 2018 - 2025 (p) Centurion Press, 2024 - 2025 diff --git a/docs/REFERENCES.md b/docs/REFERENCES.md index a01e6b6..85dc82c 100644 --- a/docs/REFERENCES.md +++ b/docs/REFERENCES.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.644.2025.05.31
+**Build**: V8.02.768.2025.06.01
# 2. Resources diff --git a/lib/lib_check_provider.sh b/lib/lib_check_provider.sh index 0cede07..56763ca 100644 --- a/lib/lib_check_provider.sh +++ b/lib/lib_check_provider.sh @@ -18,7 +18,7 @@ check_provider() { clear cat << 'EOF' >| "${VAR_NOTES}" -Build: Master V8.02.644.2025.05.31 +Build: Master V8.02.768.2025.06.01 Press 'EXIT' to continue with CISS.debian.live.builder. diff --git a/lib/lib_usage.sh b/lib/lib_usage.sh index f63b756..4828dfc 100644 --- a/lib/lib_usage.sh +++ b/lib/lib_usage.sh @@ -22,7 +22,7 @@ usage() { cat << EOF $(echo -e "\e[92mCISS.debian.live.builder\e[0m") -$(echo -e "\e[92mMaster V8.02.644.2025.05.31\e[0m") +$(echo -e "\e[92mMaster V8.02.768.2025.06.01\e[0m") $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m") $(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m") diff --git a/scripts/9000-cdi-starter b/scripts/9000-cdi-starter index 56d56c7..b2e4254 100644 --- a/scripts/9000-cdi-starter +++ b/scripts/9000-cdi-starter @@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" " # sleep 1 [[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log -printf "CISS.debian.installer Master V8.02.644.2025.05.31 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log +printf "CISS.debian.installer Master V8.02.768.2025.06.01 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh