msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.224.2025.10.19
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m8s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m45s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 53m19s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-19 09:24:19 +01:00
parent 3c663234e6
commit 52670eff77
6 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/trigger/t_generate_PRIVATE_trixie_0.yaml
View File

@@ -10,6 +10,6 @@
# SPDX-Security-Contact: security@coresecret.eu
build:
counter: 1024
counter: 1023
version: V8.13.224.2025.10.19
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

2
.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml
View File

@@ -10,6 +10,6 @@
# SPDX-Security-Contact: security@coresecret.eu
build:
counter: 1024
counter: 1023
version: V8.13.224.2025.10.19
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

2
.gitea/trigger/t_generate_dns.yaml
View File

@@ -10,6 +10,6 @@
# SPDX-Security-Contact: security@coresecret.eu
build:
counter: 1024
counter: 1023
version: V8.13.224.2025.10.19
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

9
config/hooks/live/9950_fail2ban_hardening.chroot
View File

@@ -38,8 +38,13 @@ cat << 'EOF' >| /etc/fail2ban/jail.d/ciss-default.conf
[DEFAULT]
usedns = yes
# local | vpn
ignoreip = 127.0.0.0/8 ::1 MUST_BE_SET
# 127.0.0.1/8 IPv4 loopback range (local host)
# ::1/128 IPv6 loopback
# fe80::/10 IPv6 link-local (on-link only; NDP/RA/DAD)
# fc00::/7 IPv6 ULA (private LAN addresses)
# ff00::/8 IPv6 multicast (not an unicast host)
# ::/128 IPv6 unspecified (all zeros; never a real peer)
ignoreip = 127.0.0.1/8 ::1/128 fe80::/10 fc00::/7 ff00::/8 ::/128 MUST_BE_SET
maxretry = 8
findtime = 24h
bantime = 24h

1
config/hooks/live/9999_yyyy_logrotate.chroot
View File

@@ -25,6 +25,7 @@ declare -ar ary_logrotate=(
"fail2ban"
"rkhunter"
"rsnapshot"
"rsyslog"
"ufw"
"unattended-upgrades"
"usbguard"

2
docs/CHANGELOG.md
View File

@@ -15,6 +15,8 @@ include_toc: true
## V8.13.224.2025.10.19
* **Added**: [.zshenv](../config/includes.chroot/root/.zshenv)
* **Updated**: [0090_jitterentropy.chroot](../config/hooks/live/0090_jitterentropy.chroot)
* **Updated**: [9950_fail2ban_hardening.chroot](../config/hooks/live/9950_fail2ban_hardening.chroot) updated ignoreip
* **Updated**: [9999_yyyy_logrotate.chroot](../config/hooks/live/9999_yyyy_logrotate.chroot) + rsyslog
* **Updated**: [live.list.common.chroot](../config/package-lists/live.list.common.chroot) - haveged, + jitterentropy-rngd
## V8.13.192.2025.10.18