V8.03.768.2025.06.18

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

docs/DOCUMENTATION.md

@@ -10,18 +10,15 @@ include_toc: true
 **Master Version**: 8.03<br>
 **Build**: V8.03.768.2025.06.18<br>
 
-# 2. Usage
+# 2.1. Usage
 ````text
 CISS.debian.live.builder
 Master V8.03.768.2025.06.18
+A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 
 (c) Marc S. Weidner, 2018 - 2025
 (p) Centurion Press, 2024 - 2025
 
-https://coresecret.eu/
-
-A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
-
 "./ciss_live_builder.sh <option>", where <option> is one or more of:
 
   --help, -h
@@ -30,7 +27,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
   --autobuild=*, -a=*
     Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel
     selector dialog. Change '*' to your desired Linux kernel and trim the
-    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.22+bpo-amd64'.
+    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.30+bpo-amd64'.
 
   --architecture <STRING> one of <amd64 | arm64>
     A string reflecting the architecture of the Live System.
@@ -58,19 +55,20 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
 
   --debug
     Enables debug logging for the main program routine. Detailed logging
-    information are written to "/tmp/ciss_live_builder_3764286.log"
+    information are written to "/tmp/ciss_live_builder_274132.log"
 
   --dhcp-centurion
     If a DHCP lease is provided, the provider's nameserver will be overridden,
     and only the hardened, privacy-focused Centurion DNS servers will be used:
-    - https://dns01.eddns.eu/
-    - https://dns02.eddns.de/
+      - https://dns01.eddns.eu/
+      - https://dns02.eddns.de/
+      - https://dns03.eddns.eu/
 
   --jump-host <IP | IP | ... >
     Provide up to 10 IPs for /etc/host.allow whitelisting of SSH access.
     Could be either IPv4 and / or IPv6 addresses and / or CCDIR notation.
     If provided, than it MUST be a <SPACE> separated list.
-    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd/64].
+    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd]/64.
 
   --log-statistics-only
     Provides statistic only after successful building a
@@ -80,23 +78,25 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
 
   --provider-netcup-ipv6
     Activates IPv6 support for Netcup Root Server. One unique
-    IPv6 address MUST be provided in this case.
+    IPv6 address MUST be provided in this case and MUST be encapsulated
+    with [], e.g., [1234::abcd].
 
   --renice-priority <PRIORITY>
     Reset the nice priority value of the script and all its children
-    to the desired PRIORITY. MUST be an integer (between "-19" and 19).
+    to the desired <PRIORITY>. MUST be an integer (between "-19" and 19).
     Negative (higher) values MUST be enclosed in double quotes '"'.
 
   --reionice-priority <CLASS> <PRIORITY>
     Reset the ionice priority value of the script and all its children
-    to the desired CLASS. MUST be an integer:
-    1: realtime
-    2: best-effort
-    3: idle
-    defaults to "2".
-    PRIORITY MUST be an integer:
-    between 0 (highest) and 7 (lowest) priority.
-    defaults to "4".
+    to the desired <CLASS>. MUST be an integer:
+      1: realtime
+      2: best-effort
+      3: idle
+    Defaults to '2'.
+    Whereas <PRIORITY> MUST be an integer as well between:
+      0: highest priority and
+      7: lowest priority.
+    Defaults to '4'.
     A real-time I/O process can significantly slow down other processes
     or even cause them to starve if it continuously requests I/O.
 
@@ -107,9 +107,9 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
     the local console. The root password is hashed with an 16 Byte '/dev/random'
     generated SALT and SHA512 Hashing function and 8,388,608 rounds. Immediately
     after Hash generation all Variables containing plain password fragments are
-    deleted. Password file SHOULD be 0400 and root:root and is deleted without
+    deleted. Password file SHOULD be '0400' and 'root:root' and is deleted without
     further prompt after password hash has been successfully generated via:
-    shred -vfzu 5 -f.
+    'shred -vfzu 5 -f'.
     No tracing of any plain text password fragment in any debug log.
 
   --ssh-port <INTEGER>
@@ -123,14 +123,30 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
   --version, -v
     Displays version of ./ciss_live_builder.sh.
 
-NOTES:
-  - You MUST be root to run this script.
+💡 Notes:
+🔵 You MUST be 'root' to run this script.
 
-Contact:
-  - https://coresecret.eu/
-  - security@coresecret.eu
-    - PGP Key 2D98 07F4 1030 1776 597E BDC9 9F54 8853 35A3 C9AD
-      - https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F410301776597EBDC99F54885335A3C9AD
+💷 Please consider donating to my work at:
+🌐 https://coresecret.eu/spenden/
+````
+
+# 2.2. Contact
+````text
+CISS.debian.live.builder
+Master V8.03.768.2025.06.18
+A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
+
+(c) Marc S. Weidner, 2018 - 2025
+(p) Centurion Press, 2024 - 2025
+
+💬 Contact:
+🌐 https://coresecret.eu/
+📧 security@coresecret.eu
+🔑 PGP Key 2D98 07F4 1030 1776 597E BDC9 9F54 8853 35A3 C9AD
+🔗 https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F410301776597EBDC99F54885335A3C9AD
+
+💷 Please consider donating to my work at:
+🌐 https://coresecret.eu/spenden/
 ````
 
 # 3. Booting

lib/lib_contact.sh

@@ -35,6 +35,7 @@ $(echo -e "\e[95m🔗 https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F4103
 
 $(echo -e "\e[95m💷 Please consider donating to my work at:\e[0m")
 $(echo -e "\e[95m🌐 https://coresecret.eu/spenden/         \e[0m")
+
 EOF
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh