V8.03.256.2025.06.02
Some checks failed
Generating a PUBLIC Live ISO. / Generating a PUBLIC Live ISO. (push) Has been cancelled
Some checks failed
Generating a PUBLIC Live ISO. / Generating a PUBLIC Live ISO. (push) Has been cancelled
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
21
README.md
21
README.md
@@ -30,8 +30,10 @@ include_toc: true
|
||||
|
||||
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
|
||||
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
|
||||
cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`. The latest generic ISO is available at:
|
||||
[CISS.debian.live.ISO_PUBLIC](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/DL_PUB_ISO.md)
|
||||
cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`. Additionally, automated CI workflows
|
||||
based on Gitea Actions are provided, enabling reproducible ISO generation. A generic ISO is automatically built upon significant
|
||||
changes and made publicly available for download. The latest generic ISO is available at:
|
||||
[CISS.debian.live.ISO PUBLIC](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/DL_PUB_ISO.md)
|
||||
|
||||
Check out more:
|
||||
* [CenturionNet Services](https://coresecret.eu/cnet/)
|
||||
@@ -89,11 +91,11 @@ After build and configuration, the following audit reports can be generated:
|
||||
* **SSH Audit Report**: Verifies SSH daemon configuration against the latest best-practice cipher, KEX, and MAC recommendations.
|
||||
Type `ssh-audit <IP>:<PORT>`. See example report: [SSH Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_SSH.md)
|
||||
|
||||
## 1.2. Preview
|
||||
## 1.3. Preview
|
||||
|
||||
|
||||
|
||||
## 1.3. Caution. Significant information for those considering using D-I.
|
||||
## 1.4. Caution. Significant information for those considering using D-I.
|
||||
|
||||
**The Debian Installer (d-i) will ALWAYS boot a new system.**<br>
|
||||
|
||||
@@ -124,6 +126,17 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
|
||||
* Logging (rsyslog, journald) ✘ not active,
|
||||
* preseed control over the network is possible (but without any protection).
|
||||
|
||||
## 1.5. Versioning Schema
|
||||
|
||||
This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
|
||||
|
||||
Example: `8.03.256.2025.06.02`
|
||||
|
||||
x.y.z represents major (x), minor (y), and patch (z) version increments.
|
||||
|
||||
Date (YYYY.MM.DD) denotes the build or release date, facilitating clear tracking of incremental changes and ensuring
|
||||
reproducibility and traceability.
|
||||
|
||||
# 2. Features & Rationale
|
||||
|
||||
Below is a breakdown of each hardening component, with a summary of why each is critical to your security posture.
|
||||
|
||||
Reference in New Issue
Block a user