V8.03.896.2025.07.22

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-07-22 22:02:54 +02:00
parent 553db82ad7
commit 4c552f2ecc
43 changed files with 117 additions and 79 deletions
--- a/config/hooks/live/0810_chrony_setup.chroot
+++ b/config/hooks/live/0810_chrony_setup.chroot
@@ -39,14 +39,13 @@ authselectmode require
 server ptbtime1.ptb.de iburst nts minpoll 5 maxpoll 9
 server ptbtime2.ptb.de iburst nts minpoll 5 maxpoll 9
 server ptbtime3.ptb.de iburst nts minpoll 5 maxpoll 9
-server ptbtime4.ptb.de iburst nts noselect minpoll 5 maxpoll 9
-# server nts.netnod.se iburst nts minpoll 5 maxpoll 9
-
+server ptbtime4.ptb.de iburst nts minpoll 5 maxpoll 9
+server sth1.ntp.se iburst nts minpoll 5 maxpoll 9
+server ntp0.fau.de iburst nts minpoll 5 maxpoll 9
+server ntp13.metas.ch iburst nts minpoll 5 maxpoll 9
 # server ntp.ripe.net iburst nts minpoll 5 maxpoll 9
-# server ntp12.metas.ch iburst nts minpoll 5 maxpoll 9
 # server ntp2.tecnico.ulisboa.pt iburst nts minpoll 5 maxpoll 9
 # server time-c-b.nist.gov iburst nts minpoll 5 maxpoll 9
-server ntp0.fau.de iburst nts minpoll 5 maxpoll 9

 leapsectz right/UTC

--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.880.2025.07.19
+### Version Master V8.03.896.2025.07.22

 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.880.2025.07.19
+### Version Master V8.03.896.2025.07.22

 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-declare -gr VERSION="Master V8.03.880.2025.07.19"
+declare -gr VERSION="Master V8.03.896.2025.07.22"

 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh

 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.03.880.2025.07.19 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.03.896.2025.07.22 at: 10:18:37.9542
--- a/config/includes.chroot/root/.ciss/alias
+++ b/config/includes.chroot/root/.ciss/alias
@@ -14,7 +14,7 @@
 #######################################
 # Outputs a 16-character random printable string
 # Arguments:
-#  None
+#   None
 #######################################
 genstring() {
  (haveged -n 1000 -f - 2>/dev/null | tr -cd '[:graph:]' | fold -w 16 && echo ) | head
@@ -108,7 +108,7 @@ alias whatpurge='dpkg --get-selections | grep deinstall'
 ###########################################################################################
 # Generates Secure (/dev/random) Passwords
 # Arguments:
-#  Length of Password, e.g., 32, and --base64 in case of encoding in BASE64.
+#    Length of Password, e.g., 32, and --base64 in case of encoding in BASE64.
 ###########################################################################################
 # shellcheck disable=SC2317
 genpasswd() {
@@ -138,11 +138,11 @@ genpasswd() {
  fi
 }

-###########################################################################################
-# Generates Secure (/dev/random) Passwords
+#######################################
+# Generates Secure (/dev/random) Passwords.
 # Arguments:
-#  none
-###########################################################################################
+#   none
+#######################################
 # shellcheck disable=SC2317
 genpasswdhash() {
  declare salt
@@ -153,8 +153,8 @@ genpasswdhash() {
 #######################################
 # Wrapper for secure curl
 # Arguments:
-#  $1: URL from which to download a specific file
-#  $2: /path/to/file to be saved to
+#   1: URL from which to download a specific file
+#   2: /path/to/file to be saved to
 # Returns:
 #   0: Download successful
 #   1: Usage error
@@ -183,8 +183,8 @@ scurl() {
 #######################################
 # Wrapper for secure wget
 # Arguments:
-#  $1: URL from which to download a specific file
-#  $2: /path/to/file to be saved to
+#   1: URL from which to download a specific file
+#   2: /path/to/file to be saved to
 # Returns:
 #   0: Download successful
 #   1: Usage error
@@ -214,7 +214,7 @@ swget() {
 #######################################
 # Wrapper for loading CISS.2025 hardened Kernel Parameters
 # Arguments:
-#  None
+#   None
 #######################################
 sysp() {
  sysctl -p /etc/sysctl.d/99_local.hardened