msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.03.384.2025.06.03

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-06-03 00:24:36 +02:00
parent 4c5bc32cae
commit 834ea8798e
32 changed files with 386 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/AUDIT_DNSSEC.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. DNSSEC Status

2
docs/AUDIT_HAVEGED.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. Haveged Audit on Netcup RS 2000 G11

2
docs/AUDIT_LYNIS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. Lynis Audit:

2
docs/AUDIT_SSH.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. SSH Audit by ssh-audit.com

2
docs/AUDIT_TLS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. TLS Audit:

2
docs/CHANGELOG.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. Changelog

2
docs/CODING_CONVENTION.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. Coding Style

2
docs/CONTRIBUTING.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. Contributors

2
docs/CREDITS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. Credits

2
docs/DL_PUB_ISO.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. Download the latest PUBLIC CISS.debian.live.ISO

4
docs/DOCUMENTATION.md
View File

@@ -8,12 +8,12 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. Usage
````text
CISS.debian.live.builder
Master V8.03.256.2025.06.02
Master V8.03.384.2025.06.03
(c) Marc S. Weidner, 2018 - 2025
(p) Centurion Press, 2024 - 2025

2
docs/REFERENCES.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.256.2025.06.02<br>
**Build**: V8.03.384.2025.06.03<br>
# 2. Resources

159
docs/graphiz/ciss.debian.live.builder.dot Normal file
View File

@@ -0,0 +1,159 @@
digraph CISS_debian_live_builder {
// -----------------------------
// General settings
// -----------------------------
graph [
fontsize=10,
splines=ortho,
rankdir=LR,
nodesep=0.6,
ranksep=0.8
];
node [fontname="Helvetica"];
// -----------------------------
// KNOTS: All hosts and auxiliary anchors
// -----------------------------
// Internet (links)
InternetLeft [shape=oval, style=filled, fillcolor=lightblue, label="Internet"];
// Jump Host
Jump_Host [shape=diamond, style=filled, fillcolor=green, label="Jump Host"];
// Hidden-Master
Hidden_Master [shape=cylinder, style=filled, fillcolor=lavender, label="Hidden-Master"];
// Nameserver (Basis-Datenbankzylinder, hellgelb)
ns00 [shape=cylinder, style=filled, fillcolor=lightyellow, label="ns00.eddns.eu"];
ns01 [shape=cylinder, style=filled, fillcolor=lightyellow, label="ns01.eddns.eu"];
ns02 [shape=cylinder, style=filled, fillcolor=lightyellow, label="ns02.eddns.de"];
ns03 [shape=cylinder, style=filled, fillcolor=lightyellow, label="ns03.eddns.de"];
// Hilfsanker für cluster_ns (unsichtbar, damit Kanten sauber aus dem Rechteck herausgeführt werden)
ns_anchor [shape=point, style=invis, width=0];
// B server (light red)
git [shape=cylinder, style=filled, fillcolor="#FFCCCC", label="git.coresecret.dev"];
lab [shape=cylinder, style=filled, fillcolor="#FFCCCC", label="lab.coresecret.dev"];
run [shape=cylinder, style=filled, fillcolor="#FFCCCC", label="run.coresecret.dev"];
// Auxiliary anchor for cluster_B_small (invisible)
b_small_anchor [shape=point, style=invis, width=0];
// Auxiliary anchor for cluster_B_big (invisible)
b_big_anchor [shape=point, style=invis, width=0];
// Database “cloud.e2ee.li” (light red)
cloud [shape=cylinder, style=filled, fillcolor="#FFCCCC", label="cloud.e2ee.li"];
// Auxiliary anchor for cluster_cloud (invisible)
cloud_anchor [shape=point, style=invis, width=0];
// Internet (right, for TLS/HTTPS)
InternetTLS [shape=oval, style=filled, fillcolor=lightblue, label="TLS/HTTPS"];
// Auxiliary anchor for cluster_tls_group (invisible)
tls_anchor [shape=point, style=invis, width=0];
// -----------------------------
// CLUSTER: Entire system (everything except the two Internet clouds)
// -----------------------------
subgraph cluster_overall {
label="SSH-Pub-Key, 2FA, No-Root-Login, aes256-gcm@openssh.com, (No ChaCha), only";
style=solid;
color=red;
// ----- Cluster: Name server group -----
subgraph cluster_ns {
label="";
style=dashed;
color=red;
ns00;
ns01;
ns02;
ns03;
ns_anchor;
}
// ----- Cluster: Hidden-Master -----
subgraph cluster_hm {
label="";
style=dashed;
color=red;
Hidden_Master;
}
// ----- Cluster: TLS/HTTPS group (contains B-Server, cloud, and the TLS cloud) -----
subgraph cluster_tls_group {
// The red dotted rectangle around B-Cluster, cloud, and the TLS cloud
label="ECDHE-RSA-AES256-GCM-SHA384 ECDH 448 AESGCM 256\n\
ECDHE-RSA-CHACHA20-POLY1305 ECDH 448 ChaCha20 256\n\
TLS_AES_256_GCM_SHA384 ECDH 448 AESGCM 256\n\
TLS_CHACHA20_POLY1305_SHA256 ECDH 448 ChaCha20 256";
style=dashed;
color=red;
// ----- Cluster: Outer rectangle around all B nodes (lab + small rectangle) -----
subgraph cluster_B_big {
label="";
style=dashed;
color=red;
// Direct node lab
lab;
// Invisible anchor pointed to by DNSSEC arrows
b_big_anchor;
// ---- Cluster: B a) and c) (small rectangle around git and run) ----
subgraph cluster_B_small {
label="";
style=dashed;
color=red;
git;
run;
b_small_anchor;
}
}
// ----- Cluster: "cloud.e2ee.li" -----
subgraph cluster_cloud {
label="HA: LVM on RAID6 on dm-crypt incl. dm-integrity";
style=dashed;
color=red;
cloud;
cloud_anchor;
}
// ----- Node: TLS-Internet-Cloud -----
InternetTLS;
tls_anchor;
}
}
// -----------------------------
// EDGES
// -----------------------------
// Internet (left) → Jump Host
InternetLeft -> Jump_Host [color=green];
// Jump Host → Hidden-Master
Jump_Host -> Hidden_Master [color=green];
// Hidden master → Name server (green with label “HMAC SHA512”)
Hidden_Master -> ns00 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns01 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns02 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns03 [color=green, label="HMAC SHA512"];
// Red arrow “DNSSEC”: from cluster nameserver (ns_anchor) → B cluster (b_big_anchor)
ns_anchor -> b_big_anchor [color=red, label="DNSSEC"];
// Red arrow “DNSSEC”: from cluster nameserver (ns_anchor) → cloud cluster (cloud_anchor)
ns_anchor -> cloud_anchor [color=red, label="DNSSEC"];
// Red arrows from TLS Internet → B-Cluster and cloud
InternetTLS -> b_big_anchor [color=red];
InternetTLS -> cloud_anchor [color=red];
}