From 93fbf258f2b3d71f7a56e1c9d336920000d05071b20dfefadc3de6d302896a86 Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Fri, 24 Oct 2025 20:28:40 +0100 Subject: [PATCH] V8.13.288.2025.10.24 Signed-off-by: Marc S. Weidner --- .gitea/trigger/t_generate_PRIVATE_trixie_1.yaml | 2 +- config/hooks/live/0860_sops.chroot | 4 +++- config/hooks/live/9950_hardening_fail2ban.chroot | 1 - 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml b/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml index 00bece4..eacc55c 100644 --- a/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml +++ b/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml @@ -10,6 +10,6 @@ # SPDX-Security-Contact: security@coresecret.eu build: - counter: 1023 + counter: 1024 version: V8.13.288.2025.10.24 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml diff --git a/config/hooks/live/0860_sops.chroot b/config/hooks/live/0860_sops.chroot index 583d8e1..6ee0099 100644 --- a/config/hooks/live/0860_sops.chroot +++ b/config/hooks/live/0860_sops.chroot @@ -51,9 +51,11 @@ rm -f "/tmp/sops-${SOPS_VER}.checksums.sig" umask 0077 mkdir -p /root/.config/sops/age -cat << 'EOF' /root/.config/sops/age/keys.txt + +cat << 'EOF' >| /root/.config/sops/age/keys.txt {{ secrets.CISS_PHYS_AGE }} EOF + chmod 0400 /root/.config/sops/age/keys.txt printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}" diff --git a/config/hooks/live/9950_hardening_fail2ban.chroot b/config/hooks/live/9950_hardening_fail2ban.chroot index e517e80..2d7ca17 100644 --- a/config/hooks/live/9950_hardening_fail2ban.chroot +++ b/config/hooks/live/9950_hardening_fail2ban.chroot @@ -102,7 +102,6 @@ protocol = tcp # CISS aggressive approach: # Any valid client communicating with our server should be going directly to the service ports opened in ufw (ssh, 80, ...). # Any client touching other ports is treated as malicious and therefore should be blocked access to ALL ports after 1 attempt. -# There is no necessity to ping our servers excessively. Any client pinging us more than 1 times will be blocked. # [ufw]