DEPLOY BOT: Auto-Generate *.html from *.md [skip ci]

2025-06-02 07:32:11 +00:00
parent 8dc2bc97cd
commit a86bac8963
27 changed files with 5433 additions and 0 deletions
--- a/.html/DOCUMENTATION.html
+++ b/.html/DOCUMENTATION.html
@@ -0,0 +1,300 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="generator" content="pandoc" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
+  <title>./docs/DOCUMENTATION.md</title>
+  <style>
+    html {
+      color: #1a1a1a;
+      background-color: #fdfdfd;
+    }
+    body {
+      margin: 0 auto;
+      max-width: 36em;
+      padding-left: 50px;
+      padding-right: 50px;
+      padding-top: 50px;
+      padding-bottom: 50px;
+      hyphens: auto;
+      overflow-wrap: break-word;
+      text-rendering: optimizeLegibility;
+      font-kerning: normal;
+    }
+    @media (max-width: 600px) {
+      body {
+        font-size: 0.9em;
+        padding: 12px;
+      }
+      h1 {
+        font-size: 1.8em;
+      }
+    }
+    @media print {
+      html {
+        background-color: white;
+      }
+      body {
+        background-color: transparent;
+        color: black;
+        font-size: 12pt;
+      }
+      p, h2, h3 {
+        orphans: 3;
+        widows: 3;
+      }
+      h2, h3, h4 {
+        page-break-after: avoid;
+      }
+    }
+    p {
+      margin: 1em 0;
+    }
+    a {
+      color: #1a1a1a;
+    }
+    a:visited {
+      color: #1a1a1a;
+    }
+    img {
+      max-width: 100%;
+    }
+    h1, h2, h3, h4, h5, h6 {
+      margin-top: 1.4em;
+    }
+    h5, h6 {
+      font-size: 1em;
+      font-style: italic;
+    }
+    h6 {
+      font-weight: normal;
+    }
+    ol, ul {
+      padding-left: 1.7em;
+      margin-top: 1em;
+    }
+    li > ol, li > ul {
+      margin-top: 0;
+    }
+    blockquote {
+      margin: 1em 0 1em 1.7em;
+      padding-left: 1em;
+      border-left: 2px solid #e6e6e6;
+      color: #606060;
+    }
+    code {
+      font-family: Menlo, Monaco, Consolas, 'Lucida Console', monospace;
+      font-size: 85%;
+      margin: 0;
+      hyphens: manual;
+    }
+    pre {
+      margin: 1em 0;
+      overflow: auto;
+    }
+    pre code {
+      padding: 0;
+      overflow: visible;
+      overflow-wrap: normal;
+    }
+    .sourceCode {
+     background-color: transparent;
+     overflow: visible;
+    }
+    hr {
+      background-color: #1a1a1a;
+      border: none;
+      height: 1px;
+      margin: 1em 0;
+    }
+    table {
+      margin: 1em 0;
+      border-collapse: collapse;
+      width: 100%;
+      overflow-x: auto;
+      display: block;
+      font-variant-numeric: lining-nums tabular-nums;
+    }
+    table caption {
+      margin-bottom: 0.75em;
+    }
+    tbody {
+      margin-top: 0.5em;
+      border-top: 1px solid #1a1a1a;
+      border-bottom: 1px solid #1a1a1a;
+    }
+    th {
+      border-top: 1px solid #1a1a1a;
+      padding: 0.25em 0.5em 0.25em 0.5em;
+    }
+    td {
+      padding: 0.125em 0.5em 0.25em 0.5em;
+    }
+    header {
+      margin-bottom: 4em;
+      text-align: center;
+    }
+    #TOC li {
+      list-style: none;
+    }
+    #TOC ul {
+      padding-left: 1.3em;
+    }
+    #TOC > ul {
+      padding-left: 0;
+    }
+    #TOC a:not(:hover) {
+      text-decoration: none;
+    }
+    code{white-space: pre-wrap;}
+    span.smallcaps{font-variant: small-caps;}
+    div.columns{display: flex; gap: min(4vw, 1.5em);}
+    div.column{flex: auto; overflow-x: auto;}
+    div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
+    /* The extra [class] is a hack that increases specificity enough to
+       override a similar rule in reveal.js */
+    ul.task-list[class]{list-style: none;}
+    ul.task-list li input[type="checkbox"] {
+      font-size: inherit;
+      width: 0.8em;
+      margin: 0 0.8em 0.2em -1.6em;
+      vertical-align: middle;
+    }
+    .display.math{display: block; text-align: center; margin: 0.5rem auto;}
+  </style>
+</head>
+<body>
+<header id="title-block-header">
+<h1 class="title">./docs/DOCUMENTATION.md</h1>
+</header>
+<h1 id="1-cissdebianlivebuilder">1. CISS.debian.live.builder</h1>
+<p><strong>Centurion Intelligence Consulting Agency Information Security Standard</strong><br> <em>Debian Live Build Generator for hardened live environment and CISS Debian Installer</em><br> <strong>Master Version</strong>: 8.02<br> <strong>Build</strong>: V8.03.127.2025.06.02<br></p>
+<h1 id="2-usage">2. Usage</h1>
+<pre class="text"><code>CISS.debian.live.builder
+Master V8.03.127.2025.06.02
+
+(c) Marc S. Weidner, 2018 - 2025
+(p) Centurion Press, 2024 - 2025
+
+https://coresecret.eu/
+
+A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
+
+&quot;./ciss_live_builder.sh &lt;option&gt;&quot;, where &lt;option&gt; is one or more of:
+
+  --help, -h
+    What you&#39;re looking at.
+
+  --architecture &lt;STRING&gt; one of &lt;amd64 | arm64&gt;
+    A string reflecting the architecture of the Live System.
+    MUST be provided.
+
+  --build-directory &lt;/path/to/build_directory&gt;
+    Where the Debian Live Build Image should be generated.
+    MUST be provided.
+
+  --change-splash &lt;STRING&gt; one of &lt;club | hexagon&gt;
+    A string reflecting the GRub Boot Screen Splash you want to use.
+    If omitted defaults to &quot;./.archive/background/club.png&quot;.
+
+  --cdi (Experimental Feature)
+    This option generates a boot menu entry to start the forthcoming
+    &#39;CISS.debian.installer&#39;, which will be executed after
+    the system has successfully booted up.
+
+  --contact, -c
+    Displays contact information of the author.
+
+  --control &lt;INTEGER&gt;
+    An integer that reflects the version of your Live ISO Image.
+    MUST be provided.
+
+  --debug
+    Enables debug logging for the main program routine. Detailed logging
+    information are written to &quot;/tmp/ciss_live_builder_3764286.log&quot;
+
+  --dhcp-centurion
+    If a DHCP lease is provided, the provider&#39;s nameserver will be overridden,
+    and only the hardened, privacy-focused Centurion DNS servers will be used:
+    - https://dns01.eddns.eu/
+    - https://dns02.eddns.de/
+
+  --jump-host &lt;IP | IP | ... &gt;
+    Provide up to 10 IPs for /etc/host.allow whitelisting of SSH access.
+    Could be either IPv4 and / or IPv6 addresses and / or CCDIR notation.
+    If provided, than it MUST be a &lt;SPACE&gt; separated list.
+    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd/64].
+
+  --log-statistics-only
+    Provides statistic only after successful building a
+    CISS.debian.live-ISO. While enabling &quot;--log-statistics-only&quot;
+    the argument &quot;--build-directory&quot; MUST be provided while
+    all further options MUST be omitted.
+
+  --provider-netcup-ipv6 
+    Activates IPv6 support for Netcup Root Server. One unique
+    IPv6 address MUST be provided in this case.
+
+  --renice-priority &lt;PRIORITY&gt;
+    Reset the nice priority value of the script and all its children
+    to the desired PRIORITY. MUST be an integer (between &quot;-19&quot; and 19).
+    Negative (higher) values MUST be enclosed in double quotes &#39;&quot;&#39;.
+
+  --reionice-priority &lt;CLASS&gt; &lt;PRIORITY&gt;
+    Reset the ionice priority value of the script and all its children
+    to the desired CLASS. MUST be an integer:
+    1: realtime
+    2: best-effort
+    3: idle
+    defaults to &quot;2&quot;.
+    PRIORITY MUST be an integer:
+    between 0 (highest) and 7 (lowest) priority.
+    defaults to &quot;4&quot;.
+    A real-time I/O process can significantly slow down other processes
+    or even cause them to starve if it continuously requests I/O.
+
+  --root-password-file &lt;/path/to/password.txt&gt;
+    Password file for &#39;root&#39;, if given, MUST be a string of 20 to 64 characters,
+    and MUST NOT contain the special character &#39;&quot;&#39;.
+    If the argument is omitted, no further login authentication is required for
+    the local console. The root password is hashed with an 16 Byte &#39;/dev/random&#39;
+    generated SALT and SHA512 Hashing function and 8,388,608 rounds. Immediately
+    after Hash generation all Variables containing plain password fragments are
+    deleted. Password file SHOULD be 0400 and root:root and is deleted without
+    further prompt after password hash has been successfully generated via:
+    shred -vfzu 5 -f.
+    No tracing of any plain text password fragment in any debug log.
+
+  --ssh-port &lt;INTEGER&gt;
+    The desired Port SSH should listen to.
+    If not provided defaults to Port 22.
+
+  --ssh-pubkey &lt;/path/to/.ssh/&gt;
+    Imports the SSH Public Key(s) from the FILE &#39;authorized_keys&#39; of the
+    specified PATH into the Live ISO. MUST be provided.
+
+  --version, -v
+    Displays version of ./ciss_live_builder.sh.
+
+NOTES:
+  - You MUST be root to run this script.
+
+Contact:
+  - https://coresecret.eu/
+  - security@coresecret.eu
+    - PGP Key 2D98 07F4 1030 1776 597E BDC9 9F54 8853 35A3 C9AD
+      - https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F410301776597EBDC99F54885335A3C9AD</code></pre>
+<h1 id="3-booting">3. Booting</h1>
+<h2 id="31-grub-menu">3.1. Grub Menu</h2>
+<p><img src="/docs/screenshots/20250517_boot_grub.jpg" alt="Boot Menu" /></p>
+<h2 id="32-integrity-checks">3.2. Integrity checks</h2>
+<p><img src="screenshots/20250517_boot_integrity_check.jpg" alt="Integrity Check" /></p>
+<p><img src="screenshots/20250517_boot_integrity_success.jpg" alt="Integrity Success" /></p>
+<h2 id="33-console-login">3.3. Console Login</h2>
+<p><img src="screenshots/20250517_console_login.jpg" alt="Console Login" /></p>
+<hr />
+<p><strong><a href="https://coresecret.eu/">no tracking | no logging | no advertising | no profiling | no bullshit</a></strong></p>
+
+</body>
+</html>