msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.536.2025.12.04
Some checks failed
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Has been cancelled
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
Details
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 59s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m5s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-12-04 07:39:47 +01:00
parent 6917a392f3
commit 7727389651
51 changed files with 63 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/AUDIT_DNSSEC.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. DNSSEC Status

2
docs/AUDIT_HAVEGED.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. Haveged Audit on Netcup RS 2000 G11

2
docs/AUDIT_LYNIS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. Lynis Audit:

2
docs/AUDIT_SSH.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. SSH Audit by ssh-audit.com

2
docs/AUDIT_TLS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. TLS Audit:
````text

2
docs/BOOTPARAMS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. Hardened Kernel Boot Parameters

11
docs/CHANGELOG.md
View File

@@ -8,10 +8,15 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. Changelog
## V8.13.536.2025.12.04
* **Bugfixes**: [unlock_wrapper.sh](../config/includes.chroot/etc/initramfs-tools/files/unlock_wrapper.sh)
* **Bugfixes**: Unified network management via ``systemd-networkd``
* **Removed** [0100_ciss_mem_wipe.chroot](../.archive/0100_ciss_mem_wipe.chroot)
## V8.13.528.2025.12.03
* **Bugfixes**: Unified network management via ``systemd-networkd``
@@ -49,11 +54,11 @@ include_toc: true
## V8.13.416.2025.11.17
* **Global**: Explicit ``export INITRD="No"``
* **Changed**: [0100_ciss_mem_wipe.chroot](../config/hooks/live/0100_ciss_mem_wipe.chroot)
* **Changed**: [0100_ciss_mem_wipe.chroot](../.archive/0100_ciss_mem_wipe.chroot)
## V8.13.408.2025.11.13
* **Added**: [0002_hardening_overlay_tmpfs.chroot](../config/hooks/live/0002_hardening_overlay_tmpfs.chroot) + Remount overlay root with ``nosuid,nodev``.
* **Added**: [0100_ciss_mem_wipe.chroot](../config/hooks/live/0100_ciss_mem_wipe.chroot) + adding Tails-like memory wiping.
* **Added**: [0100_ciss_mem_wipe.chroot](../.archive/0100_ciss_mem_wipe.chroot) + adding Tails-like memory wiping.
* **Added**: [0022-ciss-overlay-tmpfs.sh](../config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs) + Pre-create constrained tmpfs for OverlayFS upper/work before live-boot mounts overlay.
* **Added**: [0024-ciss-crypt-squash](../config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash) + Open ``/live/ciss_rootfs.crypt`` (LUKS) and present its SquashFS as ``/run/live/rootfs``.
* **Added**: [0026-ciss-early-sysctl.sh](../config/includes.chroot/usr/lib/live/boot/0026-ciss-early-sysctl) + Enforce early sysctls before services start.

2
docs/CNET.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. Centurion Net - Developer Branch Overview

2
docs/CODING_CONVENTION.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. Coding Style

2
docs/CONTRIBUTING.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. Contributing / participating

2
docs/CREDITS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. Credits

2
docs/DL_PUB_ISO.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. Download the latest PUBLIC CISS.debian.live.ISO

6
docs/DOCUMENTATION.md
View File

@@ -8,14 +8,14 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2.1. Usage
````text
CDLB(1) CISS.debian.live.builder CDLB(1)
CISS.debian.live.builder from https://git.coresecret.dev/msw
Master V8.13.528.2025.12.03
Master V8.13.536.2025.12.04
A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
(c) Marc S. Weidner, 2018 - 2025
@@ -146,7 +146,7 @@ A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
💷 Please consider donating to my work at:
🌐 https://coresecret.eu/spenden/
V8.13.528.2025.12.03 2025-11-06 CDLB(1)
V8.13.536.2025.12.04 2025-11-06 CDLB(1)
````
# 3. Booting

2
docs/MAN_CISS_ISO_BOOT_CHAIN.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. CISS.debian.live.builder Boot & Trust Chain (Technical Documentation)

2
docs/MAN_SSH_Host_Key_Policy.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. SSH Host Key Policy CISS.debian.live.builder / CISS.debian.installer

2
docs/REFERENCES.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.528.2025.12.03<br>
**Build**: V8.13.536.2025.12.04<br>
# 2. Resources