V8.03.256.2025.06.02

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-02 16:44:27 +02:00
parent d2b97771c4
commit 87096d41fd
28 changed files with 130 additions and 43 deletions
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. DNSSEC Status

--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Haveged Audit on Netcup RS 2000 G11

--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Lynis Audit:

--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. SSH Audit by ssh-audit.com

--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,9 +8,9 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

-# TBA
+# 2. Changelog

 ---
 **[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Coding Style

@@ -39,8 +39,7 @@ neat features. Here's how you make use of them. Besides those short hints here,
 * `read` often can replace `awk`: `IFS=, read -ra a b c <<< "$line_with_comma"`
 * Bash can also deal perfectly with regular expressions, see
  e.g., [here](https://www.networkworld.com/article/2693361/unix-tip-using-bash-s-regular-expressions.html)
-  and [here](https://unix.stackexchange.com/questions/421460/bash-regex-and-https-regex101-com). You can as well have a look @
-  `is_ipv4addr()` or `is_ipv6addr()`.
+  and [here](https://unix.stackexchange.com/questions/421460/bash-regex-and-https-regex101-com).
 * If you still need to use any of `tr`, `sed` and `awk`: try to avoid a mix of several external binaries e.g., if you can
  achieve the same with e.g. `awk`.
 * Be careful with very advanced bash features. Mac OS X is still using bash version
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Contributors

--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Credits

--- a/docs/DL_PUB_ISO.md
+++ b/docs/DL_PUB_ISO.md
@@ -0,0 +1,77 @@
+---
+gitea: none
+include_toc: true
+---
+
+# 1. CISS.debian.live.builder
+
+**Centurion Intelligence Consulting Agency Information Security Standard**<br>
+*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
+**Master Version**: 8.02<br>
+**Build**: V8.03.256.2025.06.02<br>
+
+# 2. Download the latest PUBLIC CISS.debian.live.ISO
+
+## 2.1. URL
+
+Download the latest Auto-Generated [CISS.debian.live.ISO_PUBLIC](https://cloud.e2ee.li/s/E7FoctLroB4oF7P).
+
+## 2.2. Root Passwd
+
+Use the following Root Passwd:
+````text
+Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
+````
+
+## 2.3. Root SSH Keys
+
+Use the following Root SSH Key Material:
+
+### 2.3.1. SSH Public Key
+````text
+---- BEGIN SSH2 PUBLIC KEY ----
+Comment: "2025_ciss.debian.live.ISO_PUBLIC_ONLY"
+AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
+8uSY
+---- END SSH2 PUBLIC KEY ----
+````
+
+### 2.3.2. SSH Private Key OPENSSH
+````text
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0
+MkzTOHVgNHQSoGBPlJ49AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAINAY
+ZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS8uSYAAAAsAO6qB+tMUOkUm1n3EG5
+X6RyDOYYzY2yuwXHwLD2uAkG7cv/IoO1Dgol+Ugm6ryh5BnFWeyXCxwUmgc54kaV
+bHkYWrHVqC8kANbMzt9V2WicNrgktjlV6OoYm0nD5M0+dYYxnMUoY1ghjmvF05Jf
+xdsw83HOA1m0ZbDxX8/4GrL/HNSj6/1hm/x8KNvy9NN7jFfAcP3rNlNO+B6ckq66
+Clw5PIdM7+BObTSD0g99dLFI
+-----END OPENSSH PRIVATE KEY-----
+````
+
+### 2.3.3. SSH Private Key
+````text
+PuTTY-User-Key-File-3: ssh-ed25519
+Encryption: aes256-cbc
+Comment: 2025_ciss.debian.live.ISO_PUBLIC_ONLY
+Public-Lines: 2
+AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
+8uSY
+Key-Derivation: Argon2id
+Argon2-Memory: 8192
+Argon2-Passes: 13
+Argon2-Parallelism: 1
+Argon2-Salt: e93b747ffd3d55f3865502c848b07ec7
+Private-Lines: 1
+onOztqghDo2kzYMa7VosVQ+TMr1AHLknwGPMIpuDEb0GyfdVB6LqV3rAKEJRRXJg
+Private-MAC: 3c87f88ee5306c56e7b2240d7bddda3ce4369d6d296b9101d8a8c5834fdf5e25
+````
+
+### 2.3.4. SSH Private Key Encryption Key (KEK)
+````text
+Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
+````
+
+---
+**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
+<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Usage
 ````text
 CISS.debian.live.builder
-Master V8.03.127.2025.06.02
+Master V8.03.256.2025.06.02

 (c) Marc S. Weidner, 2018 - 2025
 (p) Centurion Press, 2024 - 2025
@@ -26,6 +26,11 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima

  --help, -h
    What you're looking at.
+    
+  --autobuild=*, -a=*
+    Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel
+    selector dialog. Change '*' to your desired Linux kernel and trim the
+    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.22+bpo-amd64'.

  --architecture <STRING> one of <amd64 | arm64>
    A string reflecting the architecture of the Live System.
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Resources