diff --git a/.archive/.0000_lib_usage.sh b/.archive/.0000_lib_usage.sh
index 7c4d3b8..bda2aaa 100644
--- a/.archive/.0000_lib_usage.sh
+++ b/.archive/.0000_lib_usage.sh
@@ -21,7 +21,7 @@ usage() {
clear
cat << EOF
$(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.912.2025.07.23\e[0m")
+$(echo -e "\e[92mMaster V8.03.920.2025.08.07\e[0m")
$(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m")
$(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
diff --git a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
index adc3f98..e2eae8b 100644
--- a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
+++ b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
@@ -25,7 +25,7 @@ body:
attributes:
label: "Version"
description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
- placeholder: "e.g., Master V8.03.912.2025.07.23"
+ placeholder: "e.g., Master V8.03.920.2025.08.07"
validations:
required: true
diff --git a/.gitea/TODO/dockerfile b/.gitea/TODO/dockerfile
index 1d0ee35..9d55faa 100644
--- a/.gitea/TODO/dockerfile
+++ b/.gitea/TODO/dockerfile
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
FROM debian:bookworm
diff --git a/.gitea/TODO/render-md-to-html.yaml b/.gitea/TODO/render-md-to-html.yaml
index 580552c..5befeca 100644
--- a/.gitea/TODO/render-md-to-html.yaml
+++ b/.gitea/TODO/render-md-to-html.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
name: ๐ Render README.md to README.html.
diff --git a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
index 38374cf..da56296 100644
--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
@@ -11,5 +11,5 @@
build:
counter: 1023
- version: V8.03.912.2025.07.23
+ version: V8.03.920.2025.08.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
diff --git a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
index 38374cf..da56296 100644
--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
@@ -11,5 +11,5 @@
build:
counter: 1023
- version: V8.03.912.2025.07.23
+ version: V8.03.920.2025.08.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
diff --git a/.gitea/trigger/t_generate_PUBLIC.yaml b/.gitea/trigger/t_generate_PUBLIC.yaml
index 38374cf..da56296 100644
--- a/.gitea/trigger/t_generate_PUBLIC.yaml
+++ b/.gitea/trigger/t_generate_PUBLIC.yaml
@@ -11,5 +11,5 @@
build:
counter: 1023
- version: V8.03.912.2025.07.23
+ version: V8.03.920.2025.08.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
diff --git a/.gitea/trigger/t_generate_dns.yaml b/.gitea/trigger/t_generate_dns.yaml
index 38374cf..da56296 100644
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@
build:
counter: 1023
- version: V8.03.912.2025.07.23
+ version: V8.03.920.2025.08.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
index 3e1cea8..4dfa0b8 100644
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
name: ๐ Generating a Private Live ISO FLV 0.
diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
index ed7bc03..f94eb03 100644
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
name: ๐ Generating a Private Live ISO FLV 1.
diff --git a/.gitea/workflows/generate_PUBLIC_iso.yaml b/.gitea/workflows/generate_PUBLIC_iso.yaml
index a300e9e..90be654 100644
--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
name: ๐ Generating a PUBLIC Live ISO.
diff --git a/.gitea/workflows/linter_char_scripts.yaml b/.gitea/workflows/linter_char_scripts.yaml
index 056b04c..773c09d 100644
--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
# Gitea Workflow: Shell-Script Linting
#
diff --git a/.gitea/workflows/render-dnssec-status.yaml b/.gitea/workflows/render-dnssec-status.yaml
index b4a56be..77b3ca7 100644
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
name: ๐ก๏ธ Retrieve DNSSEC status of coresecret.dev.
diff --git a/.gitea/workflows/render-dot-to-png.yaml b/.gitea/workflows/render-dot-to-png.yaml
index 83cbe04..6f1639a 100644
--- a/.gitea/workflows/render-dot-to-png.yaml
+++ b/.gitea/workflows/render-dot-to-png.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
name: ๐ Render Graphviz Diagrams.
diff --git a/.version.properties b/.version.properties
index b101ebb..7c9fc5a 100644
--- a/.version.properties
+++ b/.version.properties
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
properties_SPDX-PackageName="CISS.debian.live.builder"
properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.03.912.2025.07.23"
+properties_version="V8.03.920.2025.08.07"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
diff --git a/CISS.debian.live.builder.spdx b/CISS.debian.live.builder.spdx
index 55096a6..1fb271c 100644
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
Created: 2025-05-07T12:00:00Z
Package: CISS.debian.live.builder
PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.03.912.2025.07.23
+PackageVersion: Master V8.03.920.2025.08.07
PackageSupplier: Organization: Centurion Intelligence Consulting Agency
PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
diff --git a/README.md b/README.md
index 3d9648c..6e7bf07 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
gitea: none
include_toc: true
---
-[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
[](https://eupl.eu/1.2/en/)
[](https://opensource.org/license/eupl-1-2)
@@ -12,7 +12,7 @@ include_toc: true
[](https://google.github.io/styleguide/shellguide.html)
[](https://docs.gitea.com/)
-[](https://www.jetbrains.com/store/?section=personal&billing=yearly)
+[](https://www.jetbrains.com/store/?section=personal&billing=yearly)
[](https://keepassxc.org/)
[](https://www.netcup.com/de)
[](https://coresecret.eu/)
@@ -26,7 +26,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -142,7 +142,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
-Example: `V8.03.912.2025.07.23`
+Example: `V8.03.920.2025.08.07`
`x.y.z` represents major (x), minor (y), and patch (z) version increments.
diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh
index fcd9970..e35d634 100644
--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -13,34 +13,71 @@
### Contributions so far see ./docs/CREDITS.md
### WHY BASH?
-# Ease of installation.
-# No compiling or installing gems, CPAN modules, pip packages, etc.
-# Simple to use and read. Clear syntax and straightforward output interpretation.
-# Built-in power.
-# Pattern matching, line processing, and regular expression support are available natively,
-# no external binaries required.
-# Cross-platform consistency.
-# '/bin/bash' is the default shell on most Linux distributions, ensuring scripts run unmodified across systems.
-# macOS compatibility.
-# Since macOS Catalina (10.15), the default login shell has been zsh, but bash remains available at '/bin/bash'.
-# Windows support.
-# You can use bash via WSL, MSYS2, or Cygwin on Windows systems.
+# Ease of installation. No compiling or installing gems, CPAN modules, pip packages, etc. Simple to use and read. Clear syntax
+# and straightforward output interpretation. Built-in power. Pattern matching, line processing, and regular expression support
+# are available natively, no external binaries required. Cross-platform consistency. '/bin/bash' is the default shell on most
+# Linux distributions, ensuring scripts run unmodified across systems. macOS compatibility. Since macOS Catalina (10.15), the
+# default login shell has been zsh, but bash remains available at '/bin/bash'. Windows support. You can use bash via WSL, MSYS2,
+# or Cygwin on Windows systems.
-### Preliminary checks
+### PRELIMINARY CHECKS.
+### No ash, dash, ksh, sh.
# shellcheck disable=2292
[ -z "${BASH_VERSINFO[0]}" ] && {
- . ./var/global.var.sh; printf "\e[91mโ Please make sure you are using 'bash'! Bye... \e[0m\n" >&2; exit "${ERR_UNSPPTBASH}"; }
+ . ./var/global.var.sh
+ printf "\e[91mโ Please make sure you are using 'bash'! Bye... \e[0m\n" >&2
+ exit "${ERR_UNSPPTBASH}"
+}
+
+### No zsh.
+[[ -n "${ZSH_VERSION:-}" ]] && {
+ . ./var/global.var.sh
+ printf "\e[91mโ Please make sure you are using 'bash'! Bye... \e[0m\n" >&2
+ exit "${ERR_UNSPPTBASH}"
+}
+
+### Not root.
[[ ${EUID} -ne 0 ]] && {
- . ./var/global.var.sh; printf "\e[91mโ Please make sure you are 'root'! Bye... \e[0m\n" >&2; exit "${ERR_NOT_USER_0}"; }
+ . ./var/global.var.sh
+ printf "\e[91mโ Please make sure you are 'root'! Bye... \e[0m\n" >&2
+ exit "${ERR_NOT_USER_0}"
+}
+
+### Not called by sh.
# shellcheck disable=2312
[[ $(kill -l | grep -c SIG) -eq 0 ]] && {
- . ./var/global.var.sh; printf "\e[91mโ Please make sure you are calling the script without leading 'sh'! Bye... \e[0m\n" >&2; exit "${ERR_UNSPPTBASH}"; }
+ . ./var/global.var.sh
+ printf "\e[91mโ Please make sure you are calling the script without leading 'sh'! Bye... \e[0m\n" >&2
+ exit "${ERR_UNSPPTBASH}"
+}
+
+### Not sourced.
+[[ "${BASH_SOURCE[0]}" != "$0" ]] && {
+ . ./var/global.var.sh
+ printf "\e[91mโ This script must be executed, not sourced. Please run '%s' directly! Bye... \e[0m\n" "$0" >&2
+ exit "${ERR_UNSPPTBASH}"
+}
+
+### Minimum Bash version 5.
[[ ${BASH_VERSINFO[0]} -lt 5 ]] && {
- . ./var/global.var.sh; printf "\e[91mโ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSPPTBASH}"; }
+ . ./var/global.var.sh
+ printf "\e[91mโ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2
+ exit "${ERR_UNSPPTBASH}"
+}
+
+### Minimum Bash version 5.1.
[[ ${BASH_VERSINFO[0]} -le 5 ]] && [[ ${BASH_VERSINFO[1]} -le 1 ]] && {
- . ./var/global.var.sh; printf "\e[91mโ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSPPTBASH}"; }
+ . ./var/global.var.sh
+ printf "\e[91mโ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2
+ exit "${ERR_UNSPPTBASH}"
+}
+
+### No arguments.
[[ ${#} -eq 0 ]] && {
- . ./lib/lib_usage.sh; usage; exit 1; }
+ . ./lib/lib_usage.sh
+ usage
+ exit 1
+}
### SOURCING MUST SET EARLY VARIABLES, GUARD_SOURCING(), CHECK_GIT()
. ./var/early.var.sh
@@ -49,12 +86,12 @@
### CHECK FOR CONTACT, HELP, VERSION STRING, AND XTRACE DEBUG
for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done
-for arg in "$@"; do case "${arg,,}" in -h|--help) . ./lib/lib_usage.sh; usage; exit 0;; esac; done
+for arg in "$@"; do case "${arg,,}" in -h|--help) . ./lib/lib_usage.sh ; usage ; exit 0;; esac; done
for arg in "$@"; do case "${arg,,}" in -v|--version) . ./lib/lib_version.sh; version; exit 0;; esac; done
### ALL CHECKS DONE. READY TO START THE SCRIPT
check_git
-for arg in "$@"; do case "${arg,,}" in -d|--debug) . ./meta_sources_debug.sh; debugger "${@}";; esac; done
+for arg in "$@"; do case "${arg,,}" in -d|--debug) . ./meta_sources_debug.sh; debugger "${@}";; esac; done
declare -gx VAR_SETUP="true"
### SOURCING VARIABLES
diff --git a/config/includes.chroot/etc/ssh/sshd_config b/config/includes.chroot/etc/ssh/sshd_config
index 8781715..c0372e4 100644
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
### https://www.ssh-audit.com/
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
diff --git a/config/includes.chroot/etc/sysctl.d/99_local.hardened b/config/includes.chroot/etc/sysctl.d/99_local.hardened
index 427fc68..0b993f2 100644
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
### https://docs.kernel.org/
### https://github.com/a13xp0p0v/kernel-hardening-checker/
diff --git a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
index 539fe07..366f16e 100644
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-declare -gr VERSION="Master V8.03.912.2025.07.23"
+declare -gr VERSION="Master V8.03.920.2025.08.07"
### VERY EARLY CHECK FOR DEBUGGING
if [[ $* == *" --debug "* ]]; then
diff --git a/config/includes.chroot/preseed/preseed.cfg b/config/includes.chroot/preseed/preseed.cfg
index 8dd77b4..7e9ad2e 100644
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
# Please consider donating to my work at: https://coresecret.eu/spenden/
###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.03.912.2025.07.23 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.03.920.2025.08.07 at: 10:18:37.9542
diff --git a/config/package-lists/live.list.common.chroot b/config/package-lists/live.list.common.chroot
index 3cf36fb..21c14c2 100644
--- a/config/package-lists/live.list.common.chroot
+++ b/config/package-lists/live.list.common.chroot
@@ -15,12 +15,15 @@ apt-file
apt-mirror
apt-show-versions
apt-transport-https
+autoconf
+automake
bash-completion
bat
bc
bind9-dnsutils
bsdmainutils
btrfs-progs
+build-essential
bzip2
ca-certificates
clamav
@@ -69,6 +72,9 @@ knot-dnsutils
libpam-google-authenticator
libpam-pwquality
libpwquality-tools
+libtomcrypt-dev
+libtommath-dev
+libtool
linux-doc-6.12
linux-source
live-boot
@@ -86,6 +92,7 @@ manpages
manpages-dev
mdadm
mtr
+musl-tools
nano
ncat
ncdu
diff --git a/docs/AUDIT_DNSSEC.md b/docs/AUDIT_DNSSEC.md
index 67669b2..d772d79 100644
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. DNSSEC Status
diff --git a/docs/AUDIT_HAVEGED.md b/docs/AUDIT_HAVEGED.md
index f215e8a..1f7e764 100644
--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. Haveged Audit on Netcup RS 2000 G11
diff --git a/docs/AUDIT_LYNIS.md b/docs/AUDIT_LYNIS.md
index a91239f..ecc195a 100644
--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. Lynis Audit:
diff --git a/docs/AUDIT_SSH.md b/docs/AUDIT_SSH.md
index e8f7385..1872a4a 100644
--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. SSH Audit by ssh-audit.com
diff --git a/docs/AUDIT_TLS.md b/docs/AUDIT_TLS.md
index 3ee2ac3..7740ce0 100644
--- a/docs/AUDIT_TLS.md
+++ b/docs/AUDIT_TLS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. TLS Audit:
diff --git a/docs/BOOTPARAMS.md b/docs/BOOTPARAMS.md
index f362a99..201d2bd 100644
--- a/docs/BOOTPARAMS.md
+++ b/docs/BOOTPARAMS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. Hardened Kernel Boot Parameters
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 7b640e4..da47b28 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,10 +8,16 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. Changelog
+## V8.03.920.2025.08.07
+
+* Updated: [lib_arg_parser.sh](../lib/lib_arg_parser.sh)
+* Updated: [ciss_live_builder.sh](../ciss_live_builder.sh)
+* Updated: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
+
## V8.03.912.2025.07.23
* Updated: [alias](../config/includes.chroot/root/.ciss/alias)
diff --git a/docs/CNET.md b/docs/CNET.md
index 4f1b778..9835f6a 100644
--- a/docs/CNET.md
+++ b/docs/CNET.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. Centurion Net - Developer Branch Overview
diff --git a/docs/CODING_CONVENTION.md b/docs/CODING_CONVENTION.md
index 04d3c2b..792138b 100644
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. Coding Style
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index cc3db18..cc4aded 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. Contributing / participating
diff --git a/docs/CREDITS.md b/docs/CREDITS.md
index f873ce9..35e7f43 100644
--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. Credits
diff --git a/docs/DL_PUB_ISO.md b/docs/DL_PUB_ISO.md
index 85f7198..153cf56 100644
--- a/docs/DL_PUB_ISO.md
+++ b/docs/DL_PUB_ISO.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. Download the latest PUBLIC CISS.debian.live.ISO
diff --git a/docs/DOCUMENTATION.md b/docs/DOCUMENTATION.md
index 977954d..6aaf0bb 100644
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2.1. Usage
````text
CISS.debian.live.builder
-Master V8.03.912.2025.07.23
+Master V8.03.920.2025.08.07
A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
(c) Marc S. Weidner, 2018 - 2025
@@ -133,7 +133,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
# 2.2. Contact
````text
CISS.debian.live.builder
-Master V8.03.912.2025.07.23
+Master V8.03.920.2025.08.07
A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
(c) Marc S. Weidner, 2018 - 2025
diff --git a/docs/REFERENCES.md b/docs/REFERENCES.md
index a541950..5974484 100644
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.912.2025.07.23
+**Build**: V8.03.920.2025.08.07
# 2. Resources
diff --git a/lib/lib_arg_parser.sh b/lib/lib_arg_parser.sh
index 9ab93fc..605c232 100644
--- a/lib/lib_arg_parser.sh
+++ b/lib/lib_arg_parser.sh
@@ -64,7 +64,7 @@ arg_parser() {
;;
-c | --contact)
- if [[ -n "${2}" && "${2}" != -* ]]; then
+ if [[ -n "${2-}" && "${2}" != -* ]]; then
if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
printf "\e[91mโ Error: --contact MUST NOT be followed by an argument.\e[0m\n" >&2
read -p -r $'\e[92mโ
Press \'ENTER\' to exit the script ... \e[0m'
@@ -74,7 +74,7 @@ arg_parser() {
;;
-h | --help)
- if [[ -n "${2}" && "${2}" != -* ]]; then
+ if [[ -n "${2-}" && "${2}" != -* ]]; then
if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
printf "\e[91mโ Error: --help MUST NOT be followed by an argument.\e[0m\n" >&2
read -p -r $'\e[92mโ
Press \'ENTER\' to exit the script ... \e[0m'
@@ -84,7 +84,7 @@ arg_parser() {
;;
-v | --version)
- if [[ -n "${2}" && "${2}" != -* ]]; then
+ if [[ -n "${2-}" && "${2}" != -* ]]; then
if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
printf "\e[91mโ Error: --version MUST NOT be followed by an argument.\e[0m\n" >&2
read -p -r $'\e[92mโ
Press \'ENTER\' to exit the script ... \e[0m'
@@ -118,7 +118,7 @@ arg_parser() {
;;
--cdi)
- if [[ -n "${2}" && "${2}" != -* ]]; then
+ if [[ -n "${2-}" && "${2}" != -* ]]; then
if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
printf "\e[91mโ Error: --cdi MUST NOT be followed by an argument.\e[0m\n" >&2
read -p -r $'\e[92mโ
Press \'ENTER\' to exit the script ... \e[0m'
@@ -142,7 +142,7 @@ arg_parser() {
;;
--control)
- if [[ -n "${2}" ]]; then
+ if [[ -n "${2-}" ]]; then
declare -g VAR_HANDLER_ISO_COUNTER="${2}"
shift 2
else
@@ -155,7 +155,7 @@ arg_parser() {
;;
--debug)
- if [[ -n "${2}" && "${2}" != -* ]]; then
+ if [[ -n "${2-}" && "${2}" != -* ]]; then
if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
printf "\e[91mโ Error: --debug MUST NOT be followed by an argument.\e[0m\n" >&2
read -p -r $'\e[92mโ
Press \'ENTER\' to exit the script ... \e[0m'
@@ -165,7 +165,7 @@ arg_parser() {
;;
--dhcp-centurion)
- if [[ -n "${2}" && "${2}" != -* ]]; then
+ if [[ -n "${2-}" && "${2}" != -* ]]; then
if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
printf "\e[91mโ Error: --dhcp-centurion MUST NOT be followed by an argument.\e[0m\n" >&2
read -p -r $'\e[92mโ
Press \'ENTER\' to exit the script ... \e[0m'
@@ -176,7 +176,7 @@ arg_parser() {
;;
--jump-host)
- if [[ -n "${2}" && "${2}" != -* ]]; then
+ if [[ -n "${2-}" && "${2}" != -* ]]; then
declare -i count=0
shift
while [[ "${#}" -gt 0 && "${1}" != -* && count -lt 10 ]]; do
@@ -196,7 +196,7 @@ arg_parser() {
;;
--log-statistics-only)
- if [[ -n "${2}" && "${2}" != -* ]]; then
+ if [[ -n "${2-}" && "${2}" != -* ]]; then
if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
printf "\e[91mโ Error: --log-statistics-only MUST NOT be followed by an argument.\e[0m\n" >&2
read -p -r $'\e[92mโ
Press \'ENTER\' to exit the script ... \e[0m'
@@ -207,7 +207,7 @@ arg_parser() {
;;
--provider-netcup-ipv6)
- if [[ -n "${2}" && "${2}" != -* ]]; then
+ if [[ -n "${2-}" && "${2}" != -* ]]; then
declare -i count=0
declare -g VAR_HANDLER_NETCUP_IPV6=true
shift
@@ -229,7 +229,7 @@ arg_parser() {
;;
--renice-priority)
- if [[ -n ${2} && ${2} =~ ^-?[0-9]+$ && ${2} -ge -19 && ${2} -le 19 ]]; then
+ if [[ -n ${2-} && ${2} =~ ^-?[0-9]+$ && ${2} -ge -19 && ${2} -le 19 ]]; then
VAR_HANDLER_PRIORITY="$2"
shift 2
else
@@ -242,7 +242,7 @@ arg_parser() {
;;
--reionice-priority)
- if [[ -z "${2}" ]]; then
+ if [[ -z "${2-}" ]]; then
if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
printf "\e[91mโ Error: --reionice-priority no values provided.\e[0m\n" >&2
read -p -r $'\e[92mโ
Press \'ENTER\' to exit the script ... \e[0m'
@@ -250,7 +250,7 @@ arg_parser() {
else
if [[ "${2}" =~ ^[1-3]$ ]]; then
VAR_REIONICE_CLASS="${2}"
- if [[ -z "${3}" ]]; then
+ if [[ -z "${3-}" ]]; then
:
else
if [[ "${3}" =~ ^[0-7]$ ]]; then
@@ -374,7 +374,7 @@ arg_parser() {
;;
--ssh-port)
- if [[ -n "${2}" && "${2}" =~ ^-?[0-9]+$ && "${2}" -ge 1 && "${2}" -le 65535 ]]; then
+ if [[ -n "${2-}" && "${2}" =~ ^-?[0-9]+$ && "${2}" -ge 1 && "${2}" -le 65535 ]]; then
declare -gi VAR_SSHPORT="${2}"
shift 2
else
diff --git a/lib/lib_usage.sh b/lib/lib_usage.sh
index ce5a278..864944f 100644
--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -35,13 +35,13 @@ usage() {
# shellcheck disable=SC2155
declare var_header=$(center "CLB(1) CISS.debian.live.builder CLB(1)" "${var_cols}")
# shellcheck disable=SC2155
- declare var_footer=$(center "V8.03.912.2025.07.23 2025-06-25 CLB(1)" "${var_cols}")
+ declare var_footer=$(center "V8.03.920.2025.08.07 2025-06-25 CLB(1)" "${var_cols}")
{
echo -e "\e[1;97m${var_header}\e[0m"
echo
echo -e "\e[92mCISS.debian.live.builder from https://git.coresecret.dev/msw \e[0m"
- echo -e "\e[92mMaster V8.03.912.2025.07.23\e[0m"
+ echo -e "\e[92mMaster V8.03.920.2025.08.07\e[0m"
echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m"
echo
echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025 \e[0m"
diff --git a/scripts/9000-cdi-starter b/scripts/9000-cdi-starter
index 096dc07..caba0bd 100644
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐งช '%s' starting ... \e[0m\n" "
# sleep 1
[[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.03.912.2025.07.23 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.03.920.2025.08.07 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh
diff --git a/var/early.var.sh b/var/early.var.sh
index 07ffef2..77e49b9 100644
--- a/var/early.var.sh
+++ b/var/early.var.sh
@@ -17,7 +17,7 @@ declare -agx ARY_PARAM_ARRAY=("$@")
declare -grx VAR_PARAM_COUNT="$#"
declare -grx VAR_PARAM_STRNG="$*"
declare -grx VAR_CONTACT="security@coresecret.eu"
-declare -grx VAR_VERSION="Master V8.03.912.2025.07.23"
+declare -grx VAR_VERSION="Master V8.03.920.2025.08.07"
declare -grx VAR_SYSTEM="$(uname -a)"
declare -gx VAR_EARLY_DEBUG="false"
declare -gx VAR_HANDLER_AUTOBUILD="false"