msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.03.912.2025.07.23
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 47s
Details
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 50s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 1h0m24s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 59m3s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 59m10s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-07-23 21:11:43 +02:00
parent c969ed6e88
commit a0140a7b53
43 changed files with 149 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
config/includes.chroot/root/.ciss/alias
View File

@@ -11,16 +11,6 @@
# SPDX-Security-Contact: security@coresecret.eu
########################################################################################### Alpha
#######################################
# Outputs a 16-character random printable string
# Arguments:
# None
#######################################
genstring() {
(haveged -n 1000 -f - 2>/dev/null | tr -cd '[:graph:]' | fold -w 16 && echo ) | head
}
# Generates 1,048,576 random bytes into a timestamped file
alias genkeyfile='haveged -n 1048576 >| /tmp/secure_keyfile_$(date +%s)'
########################################################################################### Bash
@@ -105,11 +95,11 @@ alias whatpurge='dpkg --get-selections | grep deinstall'
########################################################################################### Functions
###########################################################################################
#######################################
# Generates Secure (/dev/random) Passwords
# Arguments:
# Length of Password, e.g., 32, and --base64 in case of encoding in BASE64.
###########################################################################################
#######################################
# shellcheck disable=SC2317
genpasswd() {
declare -i length=32
@@ -129,6 +119,7 @@ genpasswd() {
done
declare passwd
# shellcheck disable=SC2312
passwd=$(tr -dc 'A-Za-z0-9_' < /dev/random | head -c "${length}")
if [[ ${usebase64} -eq 1 ]]; then
@@ -146,12 +137,27 @@ genpasswd() {
# shellcheck disable=SC2317
genpasswdhash() {
declare salt
# shellcheck disable=SC2312
salt=$(tr -dc 'A-Za-z0-9' < /dev/random | head -c 16)
mkpasswd --method=sha-512 --salt="${salt}" --rounds=8388608
}
#######################################
# Outputs a 16-character random printable string
# Arguments:
# None
#######################################
genstring() {
# shellcheck disable=SC2312
(haveged -n 1000 -f - 2>/dev/null | tr -cd '[:graph:]' | fold -w 16 && echo ) | head
}
#######################################
# Wrapper for secure curl
# Globals:
# CRED
# CRES
# NL
# Arguments:
# 1: URL from which to download a specific file
# 2: /path/to/file to be saved to
@@ -162,7 +168,7 @@ genpasswdhash() {
#######################################
scurl() {
if [[ $# -ne 2 ]]; then
printf "\e[91m❌ Error: Usage: scurl <URL> <path/to/file>.\e[0m\n" >&2
printf "%s❌ Error: Usage: scurl <URL> <path/to/file>. %s%s" "${CRED}" "${CRES}" "${NL}" >&2
return 1
fi
declare url="$1"
@@ -174,7 +180,7 @@ scurl() {
-o "${output_path}" \
"${url}"
then
printf "\e[91m❌ Error: Download failed for URL: '%s'.\e[0m\n" "${url}" >&2
printf "%s❌ Error: Download failed for URL: '%s'. %s%s" "${CRED}" "${url}" "${CRES}" "${NL}" >&2
return 2
fi
return 0
@@ -182,6 +188,10 @@ scurl() {
#######################################
# Wrapper for secure wget
# Globals:
# CRED
# CRES
# NL
# Arguments:
# 1: URL from which to download a specific file
# 2: /path/to/file to be saved to
@@ -192,7 +202,7 @@ scurl() {
#######################################
swget() {
if [[ $# -ne 2 ]]; then
printf "\e[91m❌ Error: Usage: swget <URL> <path/to/file>.\e[0m\n" >&2
printf "%s❌ Error: Usage: swget <URL> <path/to/file>. %s%s" "${CRED}" "${CRES}" "${NL}" >&2
return 1
fi
declare url="$1"
@@ -205,21 +215,22 @@ swget() {
-qO "${output_path}" \
"${url}"
then
printf "\e[91m❌ Error: Download failed for URL: '%s'.\e[0m\n" "$url" >&2
printf "%s❌ Error: Download failed for URL: '%s'. %s%s" "${CRED}" "${url}" "${CRES}" "${NL}" >&2
return 2
fi
return 0
}
#######################################
# Wrapper for loading CISS.2025 hardened Kernel Parameters
# Wrapper for loading CISS.2025 hardened Kernel Parameters.
# Arguments:
# None
#######################################
sysp() {
sysctl -p /etc/sysctl.d/99_local.hardened
# sleep 1
sysctl -a | grep -E 'kernel|vm|net' > /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log
# shellcheck disable=SC2312
sysctl -a | grep -E 'kernel|vm|net' >| /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log
}
#######################################
@@ -239,9 +250,10 @@ trel() {
#######################################
whichpackage() {
if ! command -v "$1" >/dev/null 2>&1; then
printf 'Error: Program '%s' not found.\n' "$1" >&2
printf '%s❌ Error: Program '%s' not found. %s%s' "${CRED}" "$1" "${CRES}" "${NL}" >&2
exit 1
fi
# shellcheck disable=SC2230,SC2312
dpkg -S "$(which "$1")"
}
@@ -253,6 +265,7 @@ whichpackage() {
# 3: Number of Entries (defaults 16)
#######################################
whichused() {
# shellcheck disable=SC2312
du -h --max-depth="${2:-1}" "${1:-/var}" | sort -hr | head -n "${3:-16}"
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh