V8.03.920.2025.08.07

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.archive/.0000_lib_usage.sh

@@ -21,7 +21,7 @@ usage() {
   clear
   cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.912.2025.07.23\e[0m")
+$(echo -e "\e[92mMaster V8.03.920.2025.08.07\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m")
 
 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")

.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml

@@ -25,7 +25,7 @@ body:
     attributes:
       label: "Version"
       description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
-      placeholder: "e.g., Master V8.03.912.2025.07.23"
+      placeholder: "e.g., Master V8.03.920.2025.08.07"
     validations:
       required: true
 

.gitea/TODO/dockerfile

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
 
 FROM debian:bookworm
 

.gitea/TODO/render-md-to-html.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
 
 name: 🔁 Render README.md to README.html.
 

.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml

@@ -11,5 +11,5 @@
 
 build:
   counter: 1023
-  version: V8.03.912.2025.07.23
+  version: V8.03.920.2025.08.07
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml

@@ -11,5 +11,5 @@
 
 build:
   counter: 1023
-  version: V8.03.912.2025.07.23
+  version: V8.03.920.2025.08.07
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/trigger/t_generate_PUBLIC.yaml

@@ -11,5 +11,5 @@
 
 build:
   counter: 1023
-  version: V8.03.912.2025.07.23
+  version: V8.03.920.2025.08.07
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/trigger/t_generate_dns.yaml

@@ -11,5 +11,5 @@
 
 build:
   counter: 1023
-  version: V8.03.912.2025.07.23
+  version: V8.03.920.2025.08.07
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
 
 name: 🔐 Generating a Private Live ISO FLV 0.
 

.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
 
 name: 🔐 Generating a Private Live ISO FLV 1.
 

.gitea/workflows/generate_PUBLIC_iso.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
 
 name: 💙 Generating a PUBLIC Live ISO.
 

.gitea/workflows/linter_char_scripts.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
 
 # Gitea Workflow: Shell-Script Linting
 #

.gitea/workflows/render-dnssec-status.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
 
 name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
 

.gitea/workflows/render-dot-to-png.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
 
 name: 🔁 Render Graphviz Diagrams.
 

.version.properties

@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
 properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
 properties_SPDX-PackageName="CISS.debian.live.builder"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.03.912.2025.07.23"
+properties_version="V8.03.920.2025.08.07"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf

CISS.debian.live.builder.spdx

@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
 Created: 2025-05-07T12:00:00Z
 Package: CISS.debian.live.builder
 PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.03.912.2025.07.23
+PackageVersion: Master V8.03.920.2025.08.07
 PackageSupplier: Organization: Centurion Intelligence Consulting Agency
 PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
 PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder

README.md

@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.912.2025.07.23-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.920.2025.08.07-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
  
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/)  
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2)  
@@ -12,7 +12,7 @@ include_toc: true
 [![Static Badge](https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=Shellstyle&color=%234285F4)](https://google.github.io/styleguide/shellguide.html)
  
 [![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.24.2-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/)  
-[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.4-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly)  
+[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.2-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly)  
 [![Static Badge](https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&logo=keepassxc&logoColor=white&logoSize=auto&label=KeePassXC&color=%236CAC4D)](https://keepassxc.org/)  
 [![Static Badge](https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&logo=netcup&logoColor=white&logoSize=auto&label=powered&color=%23056473)](https://www.netcup.com/de)  
 [![Static Badge](https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=powered&color=%230F243E)](https://coresecret.eu/)  
@@ -26,7 +26,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -142,7 +142,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
 
 This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
 
-Example: `V8.03.912.2025.07.23`
+Example: `V8.03.920.2025.08.07`
 
 `x.y.z` represents major (x), minor (y), and patch (z) version increments.
 

ciss_live_builder.sh

@@ -13,34 +13,71 @@
 ### Contributions so far see ./docs/CREDITS.md
 
 ### WHY BASH?
-# Ease of installation.
+# Ease of installation. No compiling or installing gems, CPAN modules, pip packages, etc. Simple to use and read. Clear syntax
-# No compiling or installing gems, CPAN modules, pip packages, etc.
+# and straightforward output interpretation. Built-in power. Pattern matching, line processing, and regular expression support
-# Simple to use and read. Clear syntax and straightforward output interpretation.
+# are available natively, no external binaries required. Cross-platform consistency. '/bin/bash' is the default shell on most
-# Built-in power.
+# Linux distributions, ensuring scripts run unmodified across systems. macOS compatibility. Since macOS Catalina (10.15), the
-# Pattern matching, line processing, and regular expression support are available natively,
+# default login shell has been zsh, but bash remains available at '/bin/bash'. Windows support. You can use bash via WSL, MSYS2,
-# no external binaries required.
+# or Cygwin on Windows systems.
-# Cross-platform consistency.
-# '/bin/bash' is the default shell on most Linux distributions, ensuring scripts run unmodified across systems.
-# macOS compatibility.
-# Since macOS Catalina (10.15), the default login shell has been zsh, but bash remains available at '/bin/bash'.
-# Windows support.
-# You can use bash via WSL, MSYS2, or Cygwin on Windows systems.
 
-### Preliminary checks
+### PRELIMINARY CHECKS.
+### No ash, dash, ksh, sh.
 # shellcheck disable=2292
 [ -z "${BASH_VERSINFO[0]}" ] && {
-  . ./var/global.var.sh; printf "\e[91m❌ Please make sure you are using 'bash'! Bye... \e[0m\n" >&2; exit "${ERR_UNSPPTBASH}"; }
+  . ./var/global.var.sh
+  printf "\e[91m❌ Please make sure you are using 'bash'! Bye... \e[0m\n" >&2
+  exit "${ERR_UNSPPTBASH}"
+}
+
+### No zsh.
+[[ -n "${ZSH_VERSION:-}" ]] && {
+  . ./var/global.var.sh
+  printf "\e[91m❌ Please make sure you are using 'bash'! Bye... \e[0m\n" >&2
+  exit "${ERR_UNSPPTBASH}"
+}
+
+### Not root.
 [[ ${EUID} -ne 0 ]] && {
-  . ./var/global.var.sh; printf "\e[91m❌ Please make sure you are 'root'! Bye... \e[0m\n" >&2; exit "${ERR_NOT_USER_0}"; }
+  . ./var/global.var.sh
+  printf "\e[91m❌ Please make sure you are 'root'! Bye... \e[0m\n" >&2
+  exit "${ERR_NOT_USER_0}"
+}
+
+### Not called by sh.
 # shellcheck disable=2312
 [[ $(kill -l | grep -c SIG) -eq 0 ]] && {
-  . ./var/global.var.sh; printf "\e[91m❌ Please make sure you are calling the script without leading 'sh'! Bye... \e[0m\n" >&2; exit "${ERR_UNSPPTBASH}"; }
+  . ./var/global.var.sh
+  printf "\e[91m❌ Please make sure you are calling the script without leading 'sh'! Bye... \e[0m\n" >&2
+  exit "${ERR_UNSPPTBASH}"
+}
+
+### Not sourced.
+[[ "${BASH_SOURCE[0]}" != "$0" ]] && {
+  . ./var/global.var.sh
+  printf "\e[91m❌ This script must be executed, not sourced. Please run '%s' directly! Bye... \e[0m\n" "$0" >&2
+  exit "${ERR_UNSPPTBASH}"
+}
+
+### Minimum Bash version 5.
 [[ ${BASH_VERSINFO[0]} -lt 5 ]] && {
-  . ./var/global.var.sh; printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSPPTBASH}"; }
+  . ./var/global.var.sh
+  printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2
+  exit "${ERR_UNSPPTBASH}"
+}
+
+### Minimum Bash version 5.1.
 [[ ${BASH_VERSINFO[0]} -le 5 ]] && [[ ${BASH_VERSINFO[1]} -le 1 ]] && {
-  . ./var/global.var.sh; printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSPPTBASH}"; }
+  . ./var/global.var.sh
+  printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2
+  exit "${ERR_UNSPPTBASH}"
+}
+
+### No arguments.
 [[ ${#} -eq 0 ]] && {
-  . ./lib/lib_usage.sh; usage; exit 1; }
+  . ./lib/lib_usage.sh
+  usage
+  exit 1
+}
 
 ### SOURCING MUST SET EARLY VARIABLES, GUARD_SOURCING(), CHECK_GIT()
 . ./var/early.var.sh
@@ -49,7 +86,7 @@
 
 ### CHECK FOR CONTACT, HELP, VERSION STRING, AND XTRACE DEBUG
 for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done
-for arg in "$@"; do case "${arg,,}" in -h|--help)    . ./lib/lib_usage.sh; usage; exit 0;; esac; done
+for arg in "$@"; do case "${arg,,}" in -h|--help)    . ./lib/lib_usage.sh  ; usage  ; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -v|--version) . ./lib/lib_version.sh; version; exit 0;; esac; done
 
 ### ALL CHECKS DONE. READY TO START THE SCRIPT

config/includes.chroot/etc/ssh/sshd_config

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
 
 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig

config/includes.chroot/etc/sysctl.d/99_local.hardened

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.912.2025.07.23
+### Version Master V8.03.920.2025.08.07
 
 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/

config/includes.chroot/preseed/.iso/preseed_hash_generator.sh

@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-declare -gr VERSION="Master V8.03.912.2025.07.23"
+declare -gr VERSION="Master V8.03.920.2025.08.07"
 
 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then

config/includes.chroot/preseed/preseed.cfg

@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
 
 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.03.912.2025.07.23 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.03.920.2025.08.07 at: 10:18:37.9542

config/package-lists/live.list.common.chroot

@@ -15,12 +15,15 @@ apt-file
 apt-mirror
 apt-show-versions
 apt-transport-https
+autoconf
+automake
 bash-completion
 bat
 bc
 bind9-dnsutils
 bsdmainutils
 btrfs-progs
+build-essential
 bzip2
 ca-certificates
 clamav
@@ -69,6 +72,9 @@ knot-dnsutils
 libpam-google-authenticator
 libpam-pwquality
 libpwquality-tools
+libtomcrypt-dev
+libtommath-dev
+libtool
 linux-doc-6.12
 linux-source
 live-boot
@@ -86,6 +92,7 @@ manpages
 manpages-dev
 mdadm
 mtr
+musl-tools
 nano
 ncat
 ncdu

docs/AUDIT_DNSSEC.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. DNSSEC Status
 

docs/AUDIT_HAVEGED.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. Haveged Audit on Netcup RS 2000 G11
 

docs/AUDIT_LYNIS.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. Lynis Audit:
 

docs/AUDIT_SSH.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. SSH Audit by ssh-audit.com
 

docs/AUDIT_TLS.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. TLS Audit:
 

docs/BOOTPARAMS.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. Hardened Kernel Boot Parameters
 

docs/CHANGELOG.md

@@ -8,10 +8,16 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. Changelog
 
+## V8.03.920.2025.08.07
+
+* Updated: [lib_arg_parser.sh](../lib/lib_arg_parser.sh)
+* Updated: [ciss_live_builder.sh](../ciss_live_builder.sh)
+* Updated: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
+
 ## V8.03.912.2025.07.23
 
 * Updated: [alias](../config/includes.chroot/root/.ciss/alias)

docs/CNET.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. Centurion Net - Developer Branch Overview
 

docs/CODING_CONVENTION.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. Coding Style
 

docs/CONTRIBUTING.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. Contributing / participating
 

docs/CREDITS.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. Credits
 

docs/DL_PUB_ISO.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. Download the latest PUBLIC CISS.debian.live.ISO
 

docs/DOCUMENTATION.md

@@ -8,12 +8,12 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2.1. Usage
 ````text
 CISS.debian.live.builder
-Master V8.03.912.2025.07.23
+Master V8.03.920.2025.08.07
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 
 (c) Marc S. Weidner, 2018 - 2025
@@ -133,7 +133,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
 # 2.2. Contact
 ````text
 CISS.debian.live.builder
-Master V8.03.912.2025.07.23
+Master V8.03.920.2025.08.07
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 
 (c) Marc S. Weidner, 2018 - 2025

docs/REFERENCES.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.912.2025.07.23<br>
+**Build**: V8.03.920.2025.08.07<br>
 
 # 2. Resources
 

lib/lib_arg_parser.sh

@@ -64,7 +64,7 @@ arg_parser() {
           ;;
 
         -c | --contact)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
             if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
             printf "\e[91m❌ Error: --contact MUST NOT be followed by an argument.\e[0m\n" >&2
             read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -74,7 +74,7 @@ arg_parser() {
           ;;
 
         -h | --help)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
             if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
             printf "\e[91m❌ Error: --help MUST NOT be followed by an argument.\e[0m\n" >&2
             read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -84,7 +84,7 @@ arg_parser() {
           ;;
 
         -v | --version)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
             if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
             printf "\e[91m❌ Error: --version MUST NOT be followed by an argument.\e[0m\n" >&2
             read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -118,7 +118,7 @@ arg_parser() {
           ;;
 
         --cdi)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
             if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
             printf "\e[91m❌ Error: --cdi MUST NOT be followed by an argument.\e[0m\n" >&2
             read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -142,7 +142,7 @@ arg_parser() {
           ;;
 
         --control)
-          if [[ -n "${2}" ]]; then
+          if [[ -n "${2-}" ]]; then
             declare -g VAR_HANDLER_ISO_COUNTER="${2}"
             shift 2
           else
@@ -155,7 +155,7 @@ arg_parser() {
           ;;
 
         --debug)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
             if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
             printf "\e[91m❌ Error: --debug MUST NOT be followed by an argument.\e[0m\n" >&2
             read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -165,7 +165,7 @@ arg_parser() {
           ;;
 
         --dhcp-centurion)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
             if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
             printf "\e[91m❌ Error: --dhcp-centurion MUST NOT be followed by an argument.\e[0m\n" >&2
             read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -176,7 +176,7 @@ arg_parser() {
           ;;
 
         --jump-host)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
             declare -i count=0
             shift
             while [[ "${#}" -gt 0 && "${1}" != -* && count -lt 10 ]]; do
@@ -196,7 +196,7 @@ arg_parser() {
           ;;
 
         --log-statistics-only)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
             if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
             printf "\e[91m❌ Error: --log-statistics-only MUST NOT be followed by an argument.\e[0m\n" >&2
             read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -207,7 +207,7 @@ arg_parser() {
           ;;
 
         --provider-netcup-ipv6)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
             declare -i count=0
             declare -g VAR_HANDLER_NETCUP_IPV6=true
             shift
@@ -229,7 +229,7 @@ arg_parser() {
           ;;
 
         --renice-priority)
-          if [[ -n ${2} && ${2} =~ ^-?[0-9]+$ && ${2} -ge -19 && ${2} -le 19 ]]; then
+          if [[ -n ${2-} && ${2} =~ ^-?[0-9]+$ && ${2} -ge -19 && ${2} -le 19 ]]; then
             VAR_HANDLER_PRIORITY="$2"
             shift 2
           else
@@ -242,7 +242,7 @@ arg_parser() {
           ;;
 
         --reionice-priority)
-          if [[ -z "${2}" ]]; then
+          if [[ -z "${2-}" ]]; then
             if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
             printf "\e[91m❌ Error: --reionice-priority no values provided.\e[0m\n" >&2
             read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -250,7 +250,7 @@ arg_parser() {
           else
             if [[ "${2}" =~ ^[1-3]$ ]]; then
               VAR_REIONICE_CLASS="${2}"
-              if [[ -z "${3}" ]]; then
+              if [[ -z "${3-}" ]]; then
                 :
               else
                 if [[ "${3}" =~ ^[0-7]$ ]]; then
@@ -374,7 +374,7 @@ arg_parser() {
           ;;
 
         --ssh-port)
-          if [[ -n "${2}" && "${2}" =~ ^-?[0-9]+$ && "${2}" -ge 1 && "${2}" -le 65535 ]]; then
+          if [[ -n "${2-}" && "${2}" =~ ^-?[0-9]+$ && "${2}" -ge 1 && "${2}" -le 65535 ]]; then
             declare -gi VAR_SSHPORT="${2}"
             shift 2
           else

lib/lib_usage.sh

@@ -35,13 +35,13 @@ usage() {
   # shellcheck disable=SC2155
   declare var_header=$(center "CLB(1)        CISS.debian.live.builder        CLB(1)" "${var_cols}")
   # shellcheck disable=SC2155
-  declare var_footer=$(center "V8.03.912.2025.07.23        2025-06-25        CLB(1)" "${var_cols}")
+  declare var_footer=$(center "V8.03.920.2025.08.07        2025-06-25        CLB(1)" "${var_cols}")
 
   {
     echo -e "\e[1;97m${var_header}\e[0m"
     echo
     echo -e "\e[92mCISS.debian.live.builder from https://git.coresecret.dev/msw \e[0m"
-    echo -e "\e[92mMaster V8.03.912.2025.07.23\e[0m"
+    echo -e "\e[92mMaster V8.03.920.2025.08.07\e[0m"
     echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m"
     echo
     echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025 \e[0m"

scripts/9000-cdi-starter

@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
 # sleep 1
 
 [[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.03.912.2025.07.23 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.03.920.2025.08.07 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
 
 if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
   chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh

var/early.var.sh

@@ -17,7 +17,7 @@ declare -agx ARY_PARAM_ARRAY=("$@")
 declare -grx VAR_PARAM_COUNT="$#"
 declare -grx VAR_PARAM_STRNG="$*"
 declare -grx VAR_CONTACT="security@coresecret.eu"
-declare -grx VAR_VERSION="Master V8.03.912.2025.07.23"
+declare -grx VAR_VERSION="Master V8.03.920.2025.08.07"
 declare -grx VAR_SYSTEM="$(uname -a)"
 declare -gx  VAR_EARLY_DEBUG="false"
 declare -gx  VAR_HANDLER_AUTOBUILD="false"