From 87096d41fd9bc6f4f5f9c4295a2177408abe8d02b75194f61192f94bcfe0d38c Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Mon, 2 Jun 2025 16:44:27 +0200 Subject: [PATCH] V8.03.256.2025.06.02 Signed-off-by: Marc S. Weidner --- .gitea/trigger/t_generate_dns.yaml | 2 +- .gitea/trigger/t_generate_iso.yaml | 2 +- .gitea/workflows/generate-iso.yaml | 4 +- .gitea/workflows/render-dnssec-status.yaml | 2 +- .gitea/workflows/render-md-to-html.yaml | 4 +- .version.properties | 8 +- CISS.debian.live.builder.spdx | 2 +- README.html | 4 +- README.md | 15 ++-- ciss_live_builder.sh | 2 +- config/includes.chroot/etc/ssh/sshd_config | 2 +- .../etc/sysctl.d/99_local.hardened | 2 +- .../preseed/.iso/preseed_hash_generator.sh | 2 +- config/includes.chroot/preseed/preseed.cfg | 2 +- docs/AUDIT_DNSSEC.md | 2 +- docs/AUDIT_HAVEGED.md | 2 +- docs/AUDIT_LYNIS.md | 2 +- docs/AUDIT_SSH.md | 2 +- docs/CHANGELOG.md | 4 +- docs/CODING_CONVENTION.md | 5 +- docs/CONTRIBUTING.md | 2 +- docs/CREDITS.md | 2 +- docs/DL_PUB_ISO.md | 77 +++++++++++++++++++ docs/DOCUMENTATION.md | 9 ++- docs/REFERENCES.md | 2 +- lib/lib_check_provider.sh | 2 +- lib/lib_usage.sh | 7 +- scripts/9000-cdi-starter | 2 +- 28 files changed, 130 insertions(+), 43 deletions(-) create mode 100644 docs/DL_PUB_ISO.md diff --git a/.gitea/trigger/t_generate_dns.yaml b/.gitea/trigger/t_generate_dns.yaml index 4761440..927c755 100644 --- a/.gitea/trigger/t_generate_dns.yaml +++ b/.gitea/trigger/t_generate_dns.yaml @@ -11,5 +11,5 @@ build: counter: 1024 - version: V8.03.145.2025.06.02 + version: V8.03.256.2025.06.02 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml diff --git a/.gitea/trigger/t_generate_iso.yaml b/.gitea/trigger/t_generate_iso.yaml index 90aad74..927c755 100644 --- a/.gitea/trigger/t_generate_iso.yaml +++ b/.gitea/trigger/t_generate_iso.yaml @@ -11,5 +11,5 @@ build: counter: 1024 - version: V8.03.132.2025.06.02 + version: V8.03.256.2025.06.02 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml diff --git a/.gitea/workflows/generate-iso.yaml b/.gitea/workflows/generate-iso.yaml index bc0c9cd..071fa6f 100644 --- a/.gitea/workflows/generate-iso.yaml +++ b/.gitea/workflows/generate-iso.yaml @@ -9,7 +9,7 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -### Version Master V8.03.127.2025.06.02 +### Version Master V8.03.256.2025.06.02 name: Generating a private Live ISO. @@ -21,7 +21,7 @@ on: branches: - master paths: - - '.gitea/trigger/t_generate_iso.yaml' + - '.gitea/trigger/.t_generate_iso.yaml' jobs: generate-private-ciss-debian-live-iso: diff --git a/.gitea/workflows/render-dnssec-status.yaml b/.gitea/workflows/render-dnssec-status.yaml index ef4d200..53b79f2 100644 --- a/.gitea/workflows/render-dnssec-status.yaml +++ b/.gitea/workflows/render-dnssec-status.yaml @@ -9,7 +9,7 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -### Version Master V8.03.127.2025.06.02 +### Version Master V8.03.256.2025.06.02 name: Retrieve DNSSEC status of coresecret.dev. diff --git a/.gitea/workflows/render-md-to-html.yaml b/.gitea/workflows/render-md-to-html.yaml index 0e467b5..1011a59 100644 --- a/.gitea/workflows/render-md-to-html.yaml +++ b/.gitea/workflows/render-md-to-html.yaml @@ -9,7 +9,7 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -### Version Master V8.03.127.2025.06.02 +### Version Master V8.03.256.2025.06.02 name: Render README.md to README.html. @@ -21,7 +21,7 @@ on: branches: - master paths: - - "**/*.md" + - "README.md" - '.gitea/properties/lua/linkfix.lua' jobs: diff --git a/.version.properties b/.version.properties index b4b300e..e357775 100644 --- a/.version.properties +++ b/.version.properties @@ -2,7 +2,7 @@ # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency -# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; +# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. @@ -10,10 +10,10 @@ # SPDX-Security-Contact: security@coresecret.eu properties_SPDX-Version="3.0" properties_SPDX-ExternalRef="GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git" -properties_SPDX-FileCopyrightText="2024–2025; WEIDNER, Marc S.; " +properties_SPDX-FileCopyrightText="2024-2025; WEIDNER, Marc S.; " properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0" -properties_SPDX-LicenseComment="This file is part of the CISS.hardened.installer framework." +properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework." properties_SPDX-PackageName="CISS.debian.live.builder" properties_SPDX-Security-Contact="security@coresecret.eu" -properties_version="V8.03.127.2025.06.02" +properties_version="V8.03.256.2025.06.02" # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf \ No newline at end of file diff --git a/CISS.debian.live.builder.spdx b/CISS.debian.live.builder.spdx index 45d0036..cdc3fee 100644 --- a/CISS.debian.live.builder.spdx +++ b/CISS.debian.live.builder.spdx @@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency) Created: 2025-05-07T12:00:00Z Package: CISS.debian.live.builder PackageName: CISS.debian.live.builder -PackageVersion: Master V8.03.127.2025.06.02 +PackageVersion: Master V8.03.256.2025.06.02 PackageSupplier: Organization: Centurion Intelligence Consulting Agency PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder diff --git a/README.html b/README.html index 635090b..6ec9b4f 100644 --- a/README.html +++ b/README.html @@ -1,6 +1,6 @@ -

Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge  

+

Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge   Static Badge  

1. CISS.debian.live.builder

-

Centurion Intelligence Consulting Agency Information Security Standard
Debian Live Build Generator for hardened live environment and CISS Debian Installer
Master Version: 8.02
Build: V8.03.145.2025.06.02

+

Centurion Intelligence Consulting Agency Information Security Standard
Debian Live Build Generator for hardened live environment and CISS Debian Installer
Master Version: 8.02
Build: V8.03.256.2025.06.02

This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for cloud deployment or unattended installations via the forthcoming CISS.debian.installer.

Check out more:

    diff --git a/README.md b/README.md index ca5765e..a14eecf 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ gitea: none include_toc: true --- -[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.127.2025.06.02-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder) +[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.256.2025.06.02-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)   [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/)   [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2)   @@ -26,11 +26,12 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
    *Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    **Master Version**: 8.02
    -**Build**: V8.03.145.2025.06.02
    +**Build**: V8.03.256.2025.06.02
    This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for -cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`. +cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`. The latest generic ISO is available at: +[CISS.debian.live.ISO_PUBLIC](/docs/DL_PUB_ISO.md) Check out more: * [CenturionNet Services](https://coresecret.eu/cnet/) @@ -53,7 +54,7 @@ Please note that `coresecret.dev` is included in the [(HSTS Preload List)](https add_header Expect-CT "max-age=86400, enforce" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; ```` -Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_DNSSEC.md) +Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](/docs/AUDIT_DNSSEC.md) ## 1.2. Immutable Source-of-Truth System @@ -82,11 +83,11 @@ source-defined infrastructure logic.
    After build and configuration, the following audit reports can be generated: * **Haveged Audit Report**: Validates entropy daemon health and confirms '/dev/random' seeding performance. - Type `chkhvg` at the prompt. See example report: [Haveged Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_HAVEGED.md) + Type `chkhvg` at the prompt. See example report: [Haveged Audit Report](/docs/AUDIT_HAVEGED.md) * **Lynis Audit Report**: Outputs a detailed security score and recommendations, confirming a 91%+ hardening baseline. - Type `lsadt` at the prompt. See example report: [Lynis Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_LYNIS.md) + Type `lsadt` at the prompt. See example report: [Lynis Audit Report](/docs/AUDIT_LYNIS.md) * **SSH Audit Report**: Verifies SSH daemon configuration against the latest best-practice cipher, KEX, and MAC recommendations. - Type `ssh-audit :`. See example report: [SSH Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_SSH.md) + Type `ssh-audit :`. See example report: [SSH Audit Report](/docs/AUDIT_SSH.md) ## 1.2. Preview diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh index ff013d7..6806b39 100644 --- a/ciss_live_builder.sh +++ b/ciss_live_builder.sh @@ -40,7 +40,7 @@ declare -g VAR_HANDLER_AUTOBUILD="false" declare -gr VAR_CONTACT="security@coresecret.eu" -declare -gr VAR_VERSION="Master V8.03.127.2025.06.02" +declare -gr VAR_VERSION="Master V8.03.256.2025.06.02" ### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING declare arg diff --git a/config/includes.chroot/etc/ssh/sshd_config b/config/includes.chroot/etc/ssh/sshd_config index 210b6c2..df088a8 100644 --- a/config/includes.chroot/etc/ssh/sshd_config +++ b/config/includes.chroot/etc/ssh/sshd_config @@ -9,7 +9,7 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -### Version Master V8.03.127.2025.06.02 +### Version Master V8.03.256.2025.06.02 ### https://www.ssh-audit.com/ ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig diff --git a/config/includes.chroot/etc/sysctl.d/99_local.hardened b/config/includes.chroot/etc/sysctl.d/99_local.hardened index 13bd66f..f8e3b55 100644 --- a/config/includes.chroot/etc/sysctl.d/99_local.hardened +++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened @@ -9,7 +9,7 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -### Version Master V8.03.127.2025.06.02 +### Version Master V8.03.256.2025.06.02 ### https://docs.kernel.org/ ### https://github.com/a13xp0p0v/kernel-hardening-checker/ diff --git a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh index b2c7590..cc77e93 100644 --- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh +++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh @@ -10,7 +10,7 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -declare -gr VERSION="Master V8.03.127.2025.06.02" +declare -gr VERSION="Master V8.03.256.2025.06.02" ### VERY EARLY CHECK FOR DEBUGGING if [[ $* == *" --debug "* ]]; then diff --git a/config/includes.chroot/preseed/preseed.cfg b/config/includes.chroot/preseed/preseed.cfg index d9b55d8..cc4be8d 100644 --- a/config/includes.chroot/preseed/preseed.cfg +++ b/config/includes.chroot/preseed/preseed.cfg @@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh # Please consider donating to my work at: https://coresecret.eu/spenden/ ########################################################################################### -# Written by: ./preseed_hash_generator.sh Version: Master V8.03.127.2025.06.02 at: 10:18:37.9542 +# Written by: ./preseed_hash_generator.sh Version: Master V8.03.256.2025.06.02 at: 10:18:37.9542 diff --git a/docs/AUDIT_DNSSEC.md b/docs/AUDIT_DNSSEC.md index a0cd223..dddd40e 100644 --- a/docs/AUDIT_DNSSEC.md +++ b/docs/AUDIT_DNSSEC.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
    *Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    **Master Version**: 8.02
    -**Build**: V8.03.127.2025.06.02
    +**Build**: V8.03.256.2025.06.02
    # 2. DNSSEC Status diff --git a/docs/AUDIT_HAVEGED.md b/docs/AUDIT_HAVEGED.md index e80c89f..d8687af 100644 --- a/docs/AUDIT_HAVEGED.md +++ b/docs/AUDIT_HAVEGED.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
    *Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    **Master Version**: 8.02
    -**Build**: V8.03.127.2025.06.02
    +**Build**: V8.03.256.2025.06.02
    # 2. Haveged Audit on Netcup RS 2000 G11 diff --git a/docs/AUDIT_LYNIS.md b/docs/AUDIT_LYNIS.md index de1dc45..777f214 100644 --- a/docs/AUDIT_LYNIS.md +++ b/docs/AUDIT_LYNIS.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
    *Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    **Master Version**: 8.02
    -**Build**: V8.03.127.2025.06.02
    +**Build**: V8.03.256.2025.06.02
    # 2. Lynis Audit: diff --git a/docs/AUDIT_SSH.md b/docs/AUDIT_SSH.md index 380349c..a8e0960 100644 --- a/docs/AUDIT_SSH.md +++ b/docs/AUDIT_SSH.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
    *Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    **Master Version**: 8.02
    -**Build**: V8.03.127.2025.06.02
    +**Build**: V8.03.256.2025.06.02
    # 2. SSH Audit by ssh-audit.com diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 402eb39..8a46e89 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -8,9 +8,9 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
    *Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    **Master Version**: 8.02
    -**Build**: V8.03.127.2025.06.02
    +**Build**: V8.03.256.2025.06.02
    -# TBA +# 2. Changelog --- **[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)** diff --git a/docs/CODING_CONVENTION.md b/docs/CODING_CONVENTION.md index 6ff3949..598d3aa 100644 --- a/docs/CODING_CONVENTION.md +++ b/docs/CODING_CONVENTION.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
    *Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    **Master Version**: 8.02
    -**Build**: V8.03.127.2025.06.02
    +**Build**: V8.03.256.2025.06.02
    # 2. Coding Style @@ -39,8 +39,7 @@ neat features. Here's how you make use of them. Besides those short hints here, * `read` often can replace `awk`: `IFS=, read -ra a b c <<< "$line_with_comma"` * Bash can also deal perfectly with regular expressions, see e.g., [here](https://www.networkworld.com/article/2693361/unix-tip-using-bash-s-regular-expressions.html) - and [here](https://unix.stackexchange.com/questions/421460/bash-regex-and-https-regex101-com). You can as well have a look @ - `is_ipv4addr()` or `is_ipv6addr()`. + and [here](https://unix.stackexchange.com/questions/421460/bash-regex-and-https-regex101-com). * If you still need to use any of `tr`, `sed` and `awk`: try to avoid a mix of several external binaries e.g., if you can achieve the same with e.g. `awk`. * Be careful with very advanced bash features. Mac OS X is still using bash version diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index 2e81659..30695a1 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
    *Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    **Master Version**: 8.02
    -**Build**: V8.03.127.2025.06.02
    +**Build**: V8.03.256.2025.06.02
    # 2. Contributors diff --git a/docs/CREDITS.md b/docs/CREDITS.md index 2226cc0..0773da6 100644 --- a/docs/CREDITS.md +++ b/docs/CREDITS.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
    *Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    **Master Version**: 8.02
    -**Build**: V8.03.127.2025.06.02
    +**Build**: V8.03.256.2025.06.02
    # 2. Credits diff --git a/docs/DL_PUB_ISO.md b/docs/DL_PUB_ISO.md new file mode 100644 index 0000000..f6830f4 --- /dev/null +++ b/docs/DL_PUB_ISO.md @@ -0,0 +1,77 @@ +--- +gitea: none +include_toc: true +--- + +# 1. CISS.debian.live.builder + +**Centurion Intelligence Consulting Agency Information Security Standard**
    +*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    +**Master Version**: 8.02
    +**Build**: V8.03.256.2025.06.02
    + +# 2. Download the latest PUBLIC CISS.debian.live.ISO + +## 2.1. URL + +Download the latest Auto-Generated [CISS.debian.live.ISO_PUBLIC](https://cloud.e2ee.li/s/E7FoctLroB4oF7P). + +## 2.2. Root Passwd + +Use the following Root Passwd: +````text +Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH +```` + +## 2.3. Root SSH Keys + +Use the following Root SSH Key Material: + +### 2.3.1. SSH Public Key +````text +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "2025_ciss.debian.live.ISO_PUBLIC_ONLY" +AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS +8uSY +---- END SSH2 PUBLIC KEY ---- +```` + +### 2.3.2. SSH Private Key OPENSSH +````text +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0 +MkzTOHVgNHQSoGBPlJ49AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAINAY +ZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS8uSYAAAAsAO6qB+tMUOkUm1n3EG5 +X6RyDOYYzY2yuwXHwLD2uAkG7cv/IoO1Dgol+Ugm6ryh5BnFWeyXCxwUmgc54kaV +bHkYWrHVqC8kANbMzt9V2WicNrgktjlV6OoYm0nD5M0+dYYxnMUoY1ghjmvF05Jf +xdsw83HOA1m0ZbDxX8/4GrL/HNSj6/1hm/x8KNvy9NN7jFfAcP3rNlNO+B6ckq66 +Clw5PIdM7+BObTSD0g99dLFI +-----END OPENSSH PRIVATE KEY----- +```` + +### 2.3.3. SSH Private Key +````text +PuTTY-User-Key-File-3: ssh-ed25519 +Encryption: aes256-cbc +Comment: 2025_ciss.debian.live.ISO_PUBLIC_ONLY +Public-Lines: 2 +AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS +8uSY +Key-Derivation: Argon2id +Argon2-Memory: 8192 +Argon2-Passes: 13 +Argon2-Parallelism: 1 +Argon2-Salt: e93b747ffd3d55f3865502c848b07ec7 +Private-Lines: 1 +onOztqghDo2kzYMa7VosVQ+TMr1AHLknwGPMIpuDEb0GyfdVB6LqV3rAKEJRRXJg +Private-MAC: 3c87f88ee5306c56e7b2240d7bddda3ce4369d6d296b9101d8a8c5834fdf5e25 +```` + +### 2.3.4. SSH Private Key Encryption Key (KEK) +````text +Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH +```` + +--- +**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)** + diff --git a/docs/DOCUMENTATION.md b/docs/DOCUMENTATION.md index aaf496d..477e576 100644 --- a/docs/DOCUMENTATION.md +++ b/docs/DOCUMENTATION.md @@ -8,12 +8,12 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
    *Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    **Master Version**: 8.02
    -**Build**: V8.03.127.2025.06.02
    +**Build**: V8.03.256.2025.06.02
    # 2. Usage ````text CISS.debian.live.builder -Master V8.03.127.2025.06.02 +Master V8.03.256.2025.06.02 (c) Marc S. Weidner, 2018 - 2025 (p) Centurion Press, 2024 - 2025 @@ -26,6 +26,11 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima --help, -h What you're looking at. + + --autobuild=*, -a=* + Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel + selector dialog. Change '*' to your desired Linux kernel and trim the + 'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.22+bpo-amd64'. --architecture one of A string reflecting the architecture of the Live System. diff --git a/docs/REFERENCES.md b/docs/REFERENCES.md index 6f02efe..842e4b8 100644 --- a/docs/REFERENCES.md +++ b/docs/REFERENCES.md @@ -8,7 +8,7 @@ include_toc: true **Centurion Intelligence Consulting Agency Information Security Standard**
    *Debian Live Build Generator for hardened live environment and CISS Debian Installer*
    **Master Version**: 8.02
    -**Build**: V8.03.127.2025.06.02
    +**Build**: V8.03.256.2025.06.02
    # 2. Resources diff --git a/lib/lib_check_provider.sh b/lib/lib_check_provider.sh index ced1e1d..1a97071 100644 --- a/lib/lib_check_provider.sh +++ b/lib/lib_check_provider.sh @@ -18,7 +18,7 @@ check_provider() { clear cat << 'EOF' >| "${VAR_NOTES}" -Build: Master V8.03.127.2025.06.02 +Build: Master V8.03.256.2025.06.02 Press 'EXIT' to continue with CISS.debian.live.builder. diff --git a/lib/lib_usage.sh b/lib/lib_usage.sh index 6875d2e..880e2a8 100644 --- a/lib/lib_usage.sh +++ b/lib/lib_usage.sh @@ -22,7 +22,7 @@ usage() { cat << EOF $(echo -e "\e[92mCISS.debian.live.builder\e[0m") -$(echo -e "\e[92mMaster V8.03.127.2025.06.02\e[0m") +$(echo -e "\e[92mMaster V8.03.256.2025.06.02\e[0m") $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m") $(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m") @@ -36,6 +36,11 @@ $(echo -e "\e[97mA lightweight Shell Wrapper for building a hardened Debian Book --help, -h What you're looking at. + --autobuild=*, -a=* + Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel + selector dialog. Change '*' to your desired Linux kernel and trim the + 'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.22+bpo-amd64'. + --architecture one of A string reflecting the architecture of the Live System. MUST be provided. diff --git a/scripts/9000-cdi-starter b/scripts/9000-cdi-starter index b361bef..6c8f485 100644 --- a/scripts/9000-cdi-starter +++ b/scripts/9000-cdi-starter @@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" " # sleep 1 [[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log -printf "CISS.debian.installer Master V8.03.127.2025.06.02 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log +printf "CISS.debian.installer Master V8.03.256.2025.06.02 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh