V8.03.768.2025.06.18

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-18 20:00:50 +02:00
parent 3e5681cb90
commit 742d0579d7
38 changed files with 120 additions and 76 deletions
--- a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
+++ b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
@@ -25,7 +25,7 @@ body:
    attributes:
      label: "Version"
      description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
-      placeholder: "e.g., Master V8.03.768.2025.06.17"
+      placeholder: "e.g., Master V8.03.768.2025.06.18"
    validations:
      required: true
--- a/.gitea/TODO/dockerfile
+++ b/.gitea/TODO/dockerfile
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.18
 FROM debian:bookworm
--- a/.gitea/TODO/render-md-to-html.yaml
+++ b/.gitea/TODO/render-md-to-html.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.18
 name: 🔁 Render README.md to README.html.
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.768.2025.06.17
+  version: V8.03.768.2025.06.18
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.18
 name: 🔐 Generating a Private Live ISO FLV 0.
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.18
 name: 🔐 Generating a Private Live ISO FLV 1.
--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.18
 name: 💙 Generating a PUBLIC Live ISO.
--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.18
 # Gitea Workflow: Shell-Script Linting
 #
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.18
 name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
--- a/.gitea/workflows/render-dot-to-png.yaml
+++ b/.gitea/workflows/render-dot-to-png.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.18
 name: 🔁 Render Graphviz Diagrams.
--- a/.version.properties
+++ b/.version.properties
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
 properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
 properties_SPDX-PackageName="CISS.debian.live.builder"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.03.768.2025.06.17"
+properties_version="V8.03.768.2025.06.18"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
 Created: 2025-05-07T12:00:00Z
 Package: CISS.debian.live.builder
 PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.03.768.2025.06.17
+PackageVersion: Master V8.03.768.2025.06.18
 PackageSupplier: Organization: Centurion Intelligence Consulting Agency
 PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
 PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.768.2025.06.17-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.768.2025.06.18-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -26,7 +26,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -37,29 +37,31 @@
  . ./var/global.var.sh; printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSPPTBASH}"; }
 [[ ${BASH_VERSINFO[0]} -le 5 ]] && [[ ${BASH_VERSINFO[1]} -le 1 ]] && {
  . ./var/global.var.sh; printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSPPTBASH}"; }
 [[ ${#} -eq 0 ]] && {
  . ./lib/lib_usage.sh; usage; exit 1; }
-declare -g VAR_HANDLER_AUTOBUILD="false"
+declare -grx VAR_CONTACT="security@coresecret.eu"
-declare -gr VAR_CONTACT="security@coresecret.eu"
+declare -grx VAR_VERSION="Master V8.03.768.2025.06.18"
 declare -gr VAR_VERSION="Master V8.03.768.2025.06.17"
 for dir in /usr/local/sbin /usr/sbin; do case ":${PATH}:" in *":${dir}:"*) ;; *) PATH="${PATH}:${dir}" ;; esac; done; export PATH; unset dir
-### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING
+### VERY EARLY CHECK FOR CONTACT, HELP, AND VERSION STRING
-declare arg
+for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done
 if [[ ${#} -eq 0 ]]; then . ./lib/lib_usage.sh; usage; exit 1; fi
 for arg in "$@"; do case "${arg,,}" in -a=*|--autobuild=*) declare -g VAR_HANDLER_AUTOBUILD=true; declare -g VAR_KERNEL="${arg#*=}";; esac; done
 for arg in "$@"; do case "${arg,,}" in -c|--contact) printf "\e[95mCISS.debian.live.builder Contact: %s\e[0m\n" "${VAR_CONTACT}"; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -h|--help)    . ./lib/lib_usage.sh; usage; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -v|--version) printf "\e[95mCISS.debian.live.builder Version: %s\e[0m\n" "${VAR_VERSION}"; exit 0;; esac; done
 unset arg
 ### VERY EARLY CHECK FOR XTRACE DEBUGGING
 if [[ $* == *" --debug "* ]]; then
  . ./lib/lib_debug.sh
  debugger "${@}"
 else
-  declare -grx VAR_EARLY_DEBUG=false
+  declare -grx VAR_EARLY_DEBUG="false"
 fi
 ### VERY EARLY CHECK FOR AUTOBUILD MODE
 declare -gr VAR_HANDLER_AUTOBUILD="false"
 for arg in "$@"; do case "${arg,,}" in -a=*|--autobuild=*) declare -grx VAR_HANDLER_AUTOBUILD="true"; declare -gx VAR_KERNEL="${arg#*=}";; esac; done
 unset arg
 for dir in /usr/local/sbin /usr/sbin; do case ":${PATH}:" in *":${dir}:"*) ;; *) PATH="${PATH}:${dir}" ;; esac; done; export PATH; unset dir
 ### Advisory Lock
 exec 127>/var/lock/ciss_live_builder.lock || {
  . ./var/global.var.sh
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.18
 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.18
 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-declare -gr VERSION="Master V8.03.768.2025.06.17"
+declare -gr VERSION="Master V8.03.768.2025.06.18"
 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.17 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.18 at: 10:18:37.9542
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. DNSSEC Status
--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. Haveged Audit on Netcup RS 2000 G11
--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. Lynis Audit:
--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. SSH Audit by ssh-audit.com
--- a/docs/AUDIT_TLS.md
+++ b/docs/AUDIT_TLS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. TLS Audit:
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,10 +8,16 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. Changelog
 ## V8.03.768.2025.06.18
 * Minor main script improvements.
 * Updated contact section.
 * Integrated third ``dns03.eddns.eu`` Centurion DNS Resolver.
 ## V8.03.768.2025.06.17
 * Updated LIVE ISO workflows to use Kernel: ``linux-image-6.12.30+bpo-amd64``
--- a/docs/CNET.md
+++ b/docs/CNET.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. Centurion Net - Developer Branch Overview
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. Coding Style
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. Contributing / participating
--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. Credits
--- a/docs/DL_PUB_ISO.md
+++ b/docs/DL_PUB_ISO.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. Download the latest PUBLIC CISS.debian.live.ISO
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. Usage
 ````text
 CISS.debian.live.builder
-Master V8.03.768.2025.06.17
+Master V8.03.768.2025.06.18
 (c) Marc S. Weidner, 2018 - 2025
 (p) Centurion Press, 2024 - 2025
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.18<br>
 # 2. Resources
--- a/lib/lib_arg_parser.sh
+++ b/lib/lib_arg_parser.sh
@@ -100,7 +100,7 @@ arg_parser() {
            printf "\e[91m❌ Error: --architecture MUST be 'amd64' or 'arm64'.\e[0m\n" >&2
            # shellcheck disable=SC2162
            read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
-            exit "${ERR_UNCRITICAL}"
+            exit "${ERR_ARG_MSMTCH}"
          fi
          ;;
--- a/lib/lib_check_pkgs.sh
+++ b/lib/lib_check_pkgs.sh
@@ -17,6 +17,7 @@
 #######################################
 check_pkgs() {
  apt-get update -y
  if [[ -z "$(command -v lsb_release || true)" ]]; then
    apt-get install --no-install-recommends lsb-release -y
  fi
--- a/lib/lib_check_provider.sh
+++ b/lib/lib_check_provider.sh
@@ -18,7 +18,7 @@
 check_provider() {
  clear
  cat << 'EOF' >| "${VAR_NOTES}"
-Build: Master V8.03.768.2025.06.17
+Build: Master V8.03.768.2025.06.18
 Press 'EXIT' to continue with CISS.debian.live.builder.
--- a/lib/lib_contact.sh
+++ b/lib/lib_contact.sh
@@ -0,0 +1,40 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 #######################################
 # Contact Wrapper CISS.debian.live.builder
 # Globals:
 #   none
 # Arguments:
 #   none
 #######################################
 contact() {
  clear
  cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
 $(echo -e "\e[92mMaster V8.03.768.2025.06.18\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
 $(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m")
 $(echo -e "\e[95m💬 Contact:\e[0m")
 $(echo -e "\e[95m🌐 https://coresecret.eu/ \e[0m")
 $(echo -e "\e[95m📧 security@coresecret.eu \e[0m")
 $(echo -e "\e[95m🔑 PGP Key 2D98 07F4 1030 1776 597E BDC9 9F54 8853 35A3 C9AD \e[0m")
 $(echo -e "\e[95m🔗 https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F410301776597EBDC99F54885335A3C9AD \e[0m")
 $(echo -e "\e[95m💷 Please consider donating to my work at:\e[0m")
 $(echo -e "\e[95m🌐 https://coresecret.eu/spenden/         \e[0m")
 EOF
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -13,24 +13,20 @@
 #######################################
 # Usage Wrapper CISS.debian.live.builder
 # Globals:
-#   ERR_UNCRITICAL
+#   none
 # Arguments:
 #   $0: Script name
 #######################################
 usage() {
  clear
  cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.768.2025.06.17\e[0m")
+$(echo -e "\e[92mMaster V8.03.768.2025.06.18\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
 $(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m")
 $(echo -e "\e[95mhttps://coresecret.eu/\e[0m")
 $(echo -e "\e[97mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
 "${0} <option>", where <option> is one or more of:
  --help, -h
@@ -39,7 +35,7 @@ $(echo -e "\e[97mA lightweight Shell Wrapper for building a hardened Debian Book
  --autobuild=*, -a=*
    Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel
    selector dialog. Change '*' to your desired Linux kernel and trim the
-    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.22+bpo-amd64'.
+    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.30+bpo-amd64'.
  --architecture <STRING> one of <amd64 | arm64>
    A string reflecting the architecture of the Live System.
@@ -74,12 +70,13 @@ $(echo -e "\e[97mA lightweight Shell Wrapper for building a hardened Debian Book
    and only the hardened, privacy-focused Centurion DNS servers will be used:
      - https://dns01.eddns.eu/
      - https://dns02.eddns.de/
      - https://dns03.eddns.eu/
  --jump-host <IP | IP | ... >
    Provide up to 10 IPs for /etc/host.allow whitelisting of SSH access.
    Could be either IPv4 and / or IPv6 addresses and / or CCDIR notation.
    If provided, than it MUST be a <SPACE> separated list.
-    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd/64].
+    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd]/64.
  --log-statistics-only
    Provides statistic only after successful building a
@@ -90,22 +87,23 @@ $(echo -e "\e[97mA lightweight Shell Wrapper for building a hardened Debian Book
  --provider-netcup-ipv6
    Activates IPv6 support for Netcup Root Server. One unique
    IPv6 address MUST be provided in this case.
    IPv6 address MUST be encapsulated with [], e.g., [1234::abcd].
  --renice-priority <PRIORITY>
    Reset the nice priority value of the script and all its children
-    to the desired PRIORITY. MUST be an integer (between "-19" and 19).
+    to the desired <PRIORITY>. MUST be an integer (between "-19" and 19).
    Negative (higher) values MUST be enclosed in double quotes '"'.
  --reionice-priority <CLASS> <PRIORITY>
    Reset the ionice priority value of the script and all its children
-    to the desired CLASS. MUST be an integer:
+    to the desired <CLASS>. MUST be an integer:
      1: realtime
      2: best-effort
      3: idle
-    defaults to "2".
+    Defaults to '2'.
-    PRIORITY MUST be an integer:
+    <PRIORITY> MUST be an integer:
-    between 0 (highest) and 7 (lowest) priority.
+      Between '0' (highest) and '7' (lowest) priority.
-    defaults to "4".
+    Defaults to '4'.
    A real-time I/O process can significantly slow down other processes
    or even cause them to starve if it continuously requests I/O.
@@ -132,14 +130,11 @@ $(echo -e "\e[97mA lightweight Shell Wrapper for building a hardened Debian Book
  --version, -v
    Displays version of ${0}.
-$(echo -e "\e[93mNOTES:\e[0m")
+$(echo -e "\e[93m💡 Notes:\e[0m")
-  - You MUST be 'root' to run this script.
+• You MUST be 'root' to run this script.
-$(echo -e "\e[92mContact:\e[0m")
+$(echo -e "\e[95m💷 Please consider donating to my work at:\e[0m")
-$(echo -e "\e[95m  - https://coresecret.eu/ \e[0m")
+$(echo -e "\e[95m🌐 https://coresecret.eu/spenden/         \e[0m")
 $(echo -e "\e[95m  - security@coresecret.eu \e[0m")
 $(echo -e "\e[95m    - PGP Key 2D98 07F4 1030 1776 597E BDC9 9F54 8853 35A3 C9AD \e[0m")
 $(echo -e "\e[95m      - https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F410301776597EBDC99F54885335A3C9AD \e[0m")
 EOF
 }
--- a/scripts/0010_dhcp_supersede.sh
+++ b/scripts/0010_dhcp_supersede.sh
@@ -21,9 +21,9 @@ fi
 cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/dhcp/dhclient.conf
 # Custom dhclient config to override DHCP DNS
-# dns01.eddns.eu, dns02.eddns.de;
+# dns01.eddns.eu, dns02.eddns.de; dns03.eddns.eu;
-supersede domain-name-servers 135.181.207.105, 89.58.62.53;
+supersede domain-name-servers 135.181.207.105, 89.58.62.53; 138.199.237.109;
 EOF
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
 # sleep 1
 [[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.03.768.2025.06.17 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.03.768.2025.06.18 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
 if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
  chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh