V8.03.256.2025.06.02

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-02 16:44:27 +02:00
parent d2b97771c4
commit 87096d41fd
28 changed files with 130 additions and 43 deletions
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@

 build:
  counter: 1024
-  version: V8.03.145.2025.06.02
+  version: V8.03.256.2025.06.02
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_iso.yaml
+++ b/.gitea/trigger/t_generate_iso.yaml
@@ -11,5 +11,5 @@

 build:
  counter: 1024
-  version: V8.03.132.2025.06.02
+  version: V8.03.256.2025.06.02
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/workflows/generate-iso.yaml
+++ b/.gitea/workflows/generate-iso.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.127.2025.06.02
+### Version Master V8.03.256.2025.06.02

 name: Generating a private Live ISO.

@@ -21,7 +21,7 @@ on:
    branches:
      - master
    paths:
-      - '.gitea/trigger/t_generate_iso.yaml'
+      - '.gitea/trigger/.t_generate_iso.yaml'

 jobs:
  generate-private-ciss-debian-live-iso:
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.127.2025.06.02
+### Version Master V8.03.256.2025.06.02

 name: Retrieve DNSSEC status of coresecret.dev.

--- a/.gitea/workflows/render-md-to-html.yaml
+++ b/.gitea/workflows/render-md-to-html.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.127.2025.06.02
+### Version Master V8.03.256.2025.06.02

 name: Render README.md to README.html.

@@ -21,7 +21,7 @@ on:
    branches:
      - master
    paths:
-      - "**/*.md"
+      - "README.md"
      - '.gitea/properties/lua/linkfix.lua'

 jobs:
--- a/.version.properties
+++ b/.version.properties
@@ -2,7 +2,7 @@
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -10,10 +10,10 @@
 # SPDX-Security-Contact: security@coresecret.eu
 properties_SPDX-Version="3.0"
 properties_SPDX-ExternalRef="GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git"
-properties_SPDX-FileCopyrightText="2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>"
+properties_SPDX-FileCopyrightText="2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>"
 properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
-properties_SPDX-LicenseComment="This file is part of the CISS.hardened.installer framework."
+properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
 properties_SPDX-PackageName="CISS.debian.live.builder"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.03.127.2025.06.02"
+properties_version="V8.03.256.2025.06.02"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
 Created: 2025-05-07T12:00:00Z
 Package: CISS.debian.live.builder
 PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.03.127.2025.06.02
+PackageVersion: Master V8.03.256.2025.06.02
 PackageSupplier: Organization: Centurion Intelligence Consulting Agency
 PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
 PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
--- a/README.html
+++ b/README.html
@@ -1,6 +1,6 @@
-<p><a href="https://git.coresecret.dev/msw/CISS.debian.live.builder"><img src="https://badges.coresecret.dev/badge/Release-V8.03.127.2025.06.02-white?style=plastic&amp;logo=linux&amp;logoColor=white&amp;logoSize=auto&amp;label=Release&amp;color=%23FCC624" alt="Static Badge" /></a>   <a href="https://eupl.eu/1.2/en/"><img src="https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&amp;logo=europeanunion&amp;logoColor=white&amp;logoSize=auto&amp;label=Licence&amp;color=%23003399" alt="Static Badge" /></a>   <a href="https://opensource.org/license/eupl-1-2"><img src="https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&amp;logo=opensourceinitiative&amp;logoColor=white&amp;logoSize=auto&amp;label=OSI&amp;color=%233DA639" alt="Static Badge" /></a>   <a href="https://www.gnu.org/software/bash/"><img src="https://badges.coresecret.dev/badge/Bash-V5.2.15-white?style=plastic&amp;logo=gnubash&amp;logoColor=white&amp;logoSize=auto&amp;label=Bash&amp;color=%234EAA25" alt="Static Badge" /></a>   <a href="https://shellcheck.net/"><img src="https://badges.coresecret.dev/badge/shellcheck-passed-white?style=plastic&amp;logo=gnubash&amp;logoColor=white&amp;logoSize=auto&amp;label=shellcheck&amp;color=%234EAA25" alt="Static Badge" /></a>   <a href="https://github.com/mvdan/sh"><img src="https://badges.coresecret.dev/badge/shellformat-passed-white?style=plastic&amp;logo=google&amp;logoColor=white&amp;logoSize=auto&amp;label=shellformat&amp;color=%234285F4" alt="Static Badge" /></a>   <a href="https://google.github.io/styleguide/shellguide.html"><img src="https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&amp;logo=google&amp;logoColor=white&amp;logoSize=auto&amp;label=Shellstyle&amp;color=%234285F4" alt="Static Badge" /></a>   <a href="https://docs.gitea.com/"><img src="https://badges.coresecret.dev/badge/Gitea-1.23.8-white?style=plastic&amp;logo=gitea&amp;logoColor=white&amp;logoSize=auto&amp;label=gitea&amp;color=%23609926" alt="Static Badge" /></a>   <a href="https://www.jetbrains.com/store/?section=personal&amp;billing=yearly"><img src="https://badges.coresecret.dev/badge/IntelliJ-2025.1.1.1-white?style=plastic&amp;logo=intellijidea&amp;logoColor=white&amp;logoSize=auto&amp;label=IntelliJ&amp;color=%23000000" alt="Static Badge" /></a>   <a href="https://keepassxc.org/"><img src="https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&amp;logo=keepassxc&amp;logoColor=white&amp;logoSize=auto&amp;label=KeePassXC&amp;color=%236CAC4D" alt="Static Badge" /></a>   <a href="https://www.netcup.com/de"><img src="https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&amp;logo=netcup&amp;logoColor=white&amp;logoSize=auto&amp;label=powered&amp;color=%23056473" alt="Static Badge" /></a>   <a href="https://coresecret.eu/"><img src="https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&amp;logo=europeanunion&amp;logoColor=white&amp;logoSize=auto&amp;label=powered&amp;color=%230F243E" alt="Static Badge" /></a>   <a href="https://x.com/coresecret_eu"><img src="https://badges.coresecret.dev/badge/SocialMedia-@coresecret_eu-white?style=plastic&amp;logo=x&amp;logoColor=white&amp;logoSize=auto&amp;label=SocialMedia&amp;color=%23000000" alt="Static Badge" /></a>   <a href="https://coresecret.eu/spenden/#sepa"><img src="https://badges.coresecret.dev/badge/Donation-Donation-white?style=plastic&amp;logo=sepa&amp;logoColor=white&amp;logoSize=auto&amp;label=&amp;color=%230F243E" alt="Static Badge" /></a>   <a href="https://coresecret.eu/spenden/#bitcoin"><img src="https://badges.coresecret.dev/badge/bitcoin-Bitcoin-white?style=plastic&amp;logo=bitcoin&amp;logoColor=white&amp;logoSize=auto&amp;label=Donation&amp;color=%23F7931A" alt="Static Badge" /></a>   <a href="https://coresecret.eu/contact/#simplex"><img src="https://badges.coresecret.dev/badge/simplex-Simplex-white?style=plastic&amp;logo=simplex&amp;logoColor=white&amp;logoSize=auto&amp;label=Contact&amp;color=%23000000" alt="Static Badge" /></a>  </p>
+<p><a href="https://git.coresecret.dev/msw/CISS.debian.live.builder"><img src="https://badges.coresecret.dev/badge/Release-V8.03.256.2025.06.02-white?style=plastic&amp;logo=linux&amp;logoColor=white&amp;logoSize=auto&amp;label=Release&amp;color=%23FCC624" alt="Static Badge" /></a>   <a href="https://eupl.eu/1.2/en/"><img src="https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&amp;logo=europeanunion&amp;logoColor=white&amp;logoSize=auto&amp;label=Licence&amp;color=%23003399" alt="Static Badge" /></a>   <a href="https://opensource.org/license/eupl-1-2"><img src="https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&amp;logo=opensourceinitiative&amp;logoColor=white&amp;logoSize=auto&amp;label=OSI&amp;color=%233DA639" alt="Static Badge" /></a>   <a href="https://www.gnu.org/software/bash/"><img src="https://badges.coresecret.dev/badge/Bash-V5.2.15-white?style=plastic&amp;logo=gnubash&amp;logoColor=white&amp;logoSize=auto&amp;label=Bash&amp;color=%234EAA25" alt="Static Badge" /></a>   <a href="https://shellcheck.net/"><img src="https://badges.coresecret.dev/badge/shellcheck-passed-white?style=plastic&amp;logo=gnubash&amp;logoColor=white&amp;logoSize=auto&amp;label=shellcheck&amp;color=%234EAA25" alt="Static Badge" /></a>   <a href="https://github.com/mvdan/sh"><img src="https://badges.coresecret.dev/badge/shellformat-passed-white?style=plastic&amp;logo=google&amp;logoColor=white&amp;logoSize=auto&amp;label=shellformat&amp;color=%234285F4" alt="Static Badge" /></a>   <a href="https://google.github.io/styleguide/shellguide.html"><img src="https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&amp;logo=google&amp;logoColor=white&amp;logoSize=auto&amp;label=Shellstyle&amp;color=%234285F4" alt="Static Badge" /></a>   <a href="https://docs.gitea.com/"><img src="https://badges.coresecret.dev/badge/Gitea-1.23.8-white?style=plastic&amp;logo=gitea&amp;logoColor=white&amp;logoSize=auto&amp;label=gitea&amp;color=%23609926" alt="Static Badge" /></a>   <a href="https://www.jetbrains.com/store/?section=personal&amp;billing=yearly"><img src="https://badges.coresecret.dev/badge/IntelliJ-2025.1.1.1-white?style=plastic&amp;logo=intellijidea&amp;logoColor=white&amp;logoSize=auto&amp;label=IntelliJ&amp;color=%23000000" alt="Static Badge" /></a>   <a href="https://keepassxc.org/"><img src="https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&amp;logo=keepassxc&amp;logoColor=white&amp;logoSize=auto&amp;label=KeePassXC&amp;color=%236CAC4D" alt="Static Badge" /></a>   <a href="https://www.netcup.com/de"><img src="https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&amp;logo=netcup&amp;logoColor=white&amp;logoSize=auto&amp;label=powered&amp;color=%23056473" alt="Static Badge" /></a>   <a href="https://coresecret.eu/"><img src="https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&amp;logo=europeanunion&amp;logoColor=white&amp;logoSize=auto&amp;label=powered&amp;color=%230F243E" alt="Static Badge" /></a>   <a href="https://x.com/coresecret_eu"><img src="https://badges.coresecret.dev/badge/SocialMedia-@coresecret_eu-white?style=plastic&amp;logo=x&amp;logoColor=white&amp;logoSize=auto&amp;label=SocialMedia&amp;color=%23000000" alt="Static Badge" /></a>   <a href="https://coresecret.eu/spenden/#sepa"><img src="https://badges.coresecret.dev/badge/Donation-Donation-white?style=plastic&amp;logo=sepa&amp;logoColor=white&amp;logoSize=auto&amp;label=&amp;color=%230F243E" alt="Static Badge" /></a>   <a href="https://coresecret.eu/spenden/#bitcoin"><img src="https://badges.coresecret.dev/badge/bitcoin-Bitcoin-white?style=plastic&amp;logo=bitcoin&amp;logoColor=white&amp;logoSize=auto&amp;label=Donation&amp;color=%23F7931A" alt="Static Badge" /></a>   <a href="https://coresecret.eu/contact/#simplex"><img src="https://badges.coresecret.dev/badge/simplex-Simplex-white?style=plastic&amp;logo=simplex&amp;logoColor=white&amp;logoSize=auto&amp;label=Contact&amp;color=%23000000" alt="Static Badge" /></a>  </p>
 <h1 id="1-cissdebianlivebuilder">1. CISS.debian.live.builder</h1>
-<p><strong>Centurion Intelligence Consulting Agency Information Security Standard</strong><br> <em>Debian Live Build Generator for hardened live environment and CISS Debian Installer</em><br> <strong>Master Version</strong>: 8.02<br> <strong>Build</strong>: V8.03.145.2025.06.02<br></p>
+<p><strong>Centurion Intelligence Consulting Agency Information Security Standard</strong><br> <em>Debian Live Build Generator for hardened live environment and CISS Debian Installer</em><br> <strong>Master Version</strong>: 8.02<br> <strong>Build</strong>: V8.03.256.2025.06.02<br></p>
 <p>This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for cloud deployment or unattended installations via the forthcoming <code>CISS.debian.installer</code>.</p>
 <p>Check out more:</p>
 <ul>
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.127.2025.06.02-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.256.2025.06.02-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -26,11 +26,12 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.145.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
-cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`.
+cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`. The latest generic ISO is available at:
+[CISS.debian.live.ISO_PUBLIC](/docs/DL_PUB_ISO.md)

 Check out more:
 * [CenturionNet Services](https://coresecret.eu/cnet/) 
@@ -53,7 +54,7 @@ Please note that `coresecret.dev` is included in the [(HSTS Preload List)](https
 add_header Expect-CT                 "max-age=86400, enforce"                       always;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
 ````
-Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_DNSSEC.md)
+Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](/docs/AUDIT_DNSSEC.md)

 ## 1.2. Immutable Source-of-Truth System

@@ -82,11 +83,11 @@ source-defined infrastructure logic.<br>
 After build and configuration, the following audit reports can be generated:

 * **Haveged Audit Report**: Validates entropy daemon health and confirms '/dev/random' seeding performance.
-  Type `chkhvg` at the prompt. See example report: [Haveged Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_HAVEGED.md)
+  Type `chkhvg` at the prompt. See example report: [Haveged Audit Report](/docs/AUDIT_HAVEGED.md)
 * **Lynis Audit Report**: Outputs a detailed security score and recommendations, confirming a 91%+ hardening baseline.
-  Type `lsadt` at the prompt. See example report: [Lynis Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_LYNIS.md)
+  Type `lsadt` at the prompt. See example report: [Lynis Audit Report](/docs/AUDIT_LYNIS.md)
 * **SSH Audit Report**: Verifies SSH daemon configuration against the latest best-practice cipher, KEX, and MAC recommendations.
-  Type `ssh-audit <IP>:<PORT>`. See example report: [SSH Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_SSH.md)
+  Type `ssh-audit <IP>:<PORT>`. See example report: [SSH Audit Report](/docs/AUDIT_SSH.md)

 ## 1.2. Preview

--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -40,7 +40,7 @@

 declare -g VAR_HANDLER_AUTOBUILD="false"
 declare -gr VAR_CONTACT="security@coresecret.eu"
-declare -gr VAR_VERSION="Master V8.03.127.2025.06.02"
+declare -gr VAR_VERSION="Master V8.03.256.2025.06.02"

 ### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING
 declare arg
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.127.2025.06.02
+### Version Master V8.03.256.2025.06.02

 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.127.2025.06.02
+### Version Master V8.03.256.2025.06.02

 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-declare -gr VERSION="Master V8.03.127.2025.06.02"
+declare -gr VERSION="Master V8.03.256.2025.06.02"

 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh

 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.03.127.2025.06.02 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.03.256.2025.06.02 at: 10:18:37.9542
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. DNSSEC Status

--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Haveged Audit on Netcup RS 2000 G11

--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Lynis Audit:

--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. SSH Audit by ssh-audit.com

--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,9 +8,9 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

-# TBA
+# 2. Changelog

 ---
 **[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Coding Style

@@ -39,8 +39,7 @@ neat features. Here's how you make use of them. Besides those short hints here,
 * `read` often can replace `awk`: `IFS=, read -ra a b c <<< "$line_with_comma"`
 * Bash can also deal perfectly with regular expressions, see
  e.g., [here](https://www.networkworld.com/article/2693361/unix-tip-using-bash-s-regular-expressions.html)
-  and [here](https://unix.stackexchange.com/questions/421460/bash-regex-and-https-regex101-com). You can as well have a look @
-  `is_ipv4addr()` or `is_ipv6addr()`.
+  and [here](https://unix.stackexchange.com/questions/421460/bash-regex-and-https-regex101-com).
 * If you still need to use any of `tr`, `sed` and `awk`: try to avoid a mix of several external binaries e.g., if you can
  achieve the same with e.g. `awk`.
 * Be careful with very advanced bash features. Mac OS X is still using bash version
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Contributors

--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Credits

--- a/docs/DL_PUB_ISO.md
+++ b/docs/DL_PUB_ISO.md
@@ -0,0 +1,77 @@
+---
+gitea: none
+include_toc: true
+---
+
+# 1. CISS.debian.live.builder
+
+**Centurion Intelligence Consulting Agency Information Security Standard**<br>
+*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
+**Master Version**: 8.02<br>
+**Build**: V8.03.256.2025.06.02<br>
+
+# 2. Download the latest PUBLIC CISS.debian.live.ISO
+
+## 2.1. URL
+
+Download the latest Auto-Generated [CISS.debian.live.ISO_PUBLIC](https://cloud.e2ee.li/s/E7FoctLroB4oF7P).
+
+## 2.2. Root Passwd
+
+Use the following Root Passwd:
+````text
+Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
+````
+
+## 2.3. Root SSH Keys
+
+Use the following Root SSH Key Material:
+
+### 2.3.1. SSH Public Key
+````text
+---- BEGIN SSH2 PUBLIC KEY ----
+Comment: "2025_ciss.debian.live.ISO_PUBLIC_ONLY"
+AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
+8uSY
+---- END SSH2 PUBLIC KEY ----
+````
+
+### 2.3.2. SSH Private Key OPENSSH
+````text
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0
+MkzTOHVgNHQSoGBPlJ49AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAINAY
+ZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS8uSYAAAAsAO6qB+tMUOkUm1n3EG5
+X6RyDOYYzY2yuwXHwLD2uAkG7cv/IoO1Dgol+Ugm6ryh5BnFWeyXCxwUmgc54kaV
+bHkYWrHVqC8kANbMzt9V2WicNrgktjlV6OoYm0nD5M0+dYYxnMUoY1ghjmvF05Jf
+xdsw83HOA1m0ZbDxX8/4GrL/HNSj6/1hm/x8KNvy9NN7jFfAcP3rNlNO+B6ckq66
+Clw5PIdM7+BObTSD0g99dLFI
+-----END OPENSSH PRIVATE KEY-----
+````
+
+### 2.3.3. SSH Private Key
+````text
+PuTTY-User-Key-File-3: ssh-ed25519
+Encryption: aes256-cbc
+Comment: 2025_ciss.debian.live.ISO_PUBLIC_ONLY
+Public-Lines: 2
+AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
+8uSY
+Key-Derivation: Argon2id
+Argon2-Memory: 8192
+Argon2-Passes: 13
+Argon2-Parallelism: 1
+Argon2-Salt: e93b747ffd3d55f3865502c848b07ec7
+Private-Lines: 1
+onOztqghDo2kzYMa7VosVQ+TMr1AHLknwGPMIpuDEb0GyfdVB6LqV3rAKEJRRXJg
+Private-MAC: 3c87f88ee5306c56e7b2240d7bddda3ce4369d6d296b9101d8a8c5834fdf5e25
+````
+
+### 2.3.4. SSH Private Key Encryption Key (KEK)
+````text
+Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
+````
+
+---
+**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
+<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Usage
 ````text
 CISS.debian.live.builder
-Master V8.03.127.2025.06.02
+Master V8.03.256.2025.06.02

 (c) Marc S. Weidner, 2018 - 2025
 (p) Centurion Press, 2024 - 2025
@@ -27,6 +27,11 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
  --help, -h
    What you're looking at.
    
+  --autobuild=*, -a=*
+    Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel
+    selector dialog. Change '*' to your desired Linux kernel and trim the
+    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.22+bpo-amd64'.
+
  --architecture <STRING> one of <amd64 | arm64>
    A string reflecting the architecture of the Live System.
    MUST be provided.
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.03.127.2025.06.02<br>
+**Build**: V8.03.256.2025.06.02<br>

 # 2. Resources

--- a/lib/lib_check_provider.sh
+++ b/lib/lib_check_provider.sh
@@ -18,7 +18,7 @@
 check_provider() {
  clear
  cat << 'EOF' >| "${VAR_NOTES}"
-Build: Master V8.03.127.2025.06.02
+Build: Master V8.03.256.2025.06.02

 Press 'EXIT' to continue with CISS.debian.live.builder.

--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -22,7 +22,7 @@ usage() {
  cat << EOF

 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.127.2025.06.02\e[0m")
+$(echo -e "\e[92mMaster V8.03.256.2025.06.02\e[0m")

 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
 $(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m")
@@ -36,6 +36,11 @@ $(echo -e "\e[97mA lightweight Shell Wrapper for building a hardened Debian Book
  --help, -h
    What you're looking at.

+  --autobuild=*, -a=*
+    Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel
+    selector dialog. Change '*' to your desired Linux kernel and trim the
+    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.22+bpo-amd64'.
+
  --architecture <STRING> one of <amd64 | arm64>
    A string reflecting the architecture of the Live System.
    MUST be provided.
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
 # sleep 1

 [[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.03.127.2025.06.02 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.03.256.2025.06.02 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log

 if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
  chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh