V8.02.512.2025.05.30
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
212
config/includes.chroot/root/.ciss/alias
Normal file
212
config/includes.chroot/root/.ciss/alias
Normal file
@@ -0,0 +1,212 @@
|
||||
#!/bin/bash
|
||||
# SPDX-Version: 3.0
|
||||
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
|
||||
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
|
||||
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
|
||||
# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
|
||||
# SPDX-FileType: SOURCE
|
||||
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
|
||||
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
########################################################################################### ℵ
|
||||
#######################################
|
||||
# Outputs a 16-character random printable string
|
||||
# Arguments:
|
||||
# None
|
||||
#######################################
|
||||
genstring() {
|
||||
(haveged -n 1000 -f - 2>/dev/null | tr -cd '[:graph:]' | fold -w 16 && echo ) | head
|
||||
}
|
||||
|
||||
# Generates 1,048,576 random bytes into a timestamped file
|
||||
alias genkeyfile='haveged -n 1048576 >| /tmp/secure_keyfile_$(date +%s)'
|
||||
|
||||
########################################################################################### Bash
|
||||
alias clear="printf '\033c'"
|
||||
alias c='clear'
|
||||
alias q='exit'
|
||||
|
||||
########################################################################################### Chrony
|
||||
alias cytr='echo "tracking -a -v" | chronyc'
|
||||
alias cysd='echo "selectdata -a -v" | chronyc'
|
||||
alias cyss='echo "sourcestats -a -v" | chronyc'
|
||||
|
||||
########################################################################################### fail2ban & ufw
|
||||
alias f2ball='fail2ban-client status'
|
||||
alias f2bubn='fail2ban-client unban --all'
|
||||
alias f2bufw='fail2ban-client status ufw'
|
||||
alias usn='ufw status numbered'
|
||||
alias usv='ufw status verbose'
|
||||
|
||||
########################################################################################### ls
|
||||
alias ls='eza --group-directories-first --icons=always --oneline --long --all --group --header --blocksize --inode --flags --binary --octal-permissions --total-size --sort extension'
|
||||
alias lsf='eza --group-directories-first --icons=always --oneline --long --all --absolute --group --header --blocksize --inode --flags --binary --octal-permissions --total-size --sort extension'
|
||||
alias lss='eza --group-directories-first --icons=always --oneline --long --all --absolute --group --header --blocksize --inode --flags --binary --octal-permissions --total-size --sort extension --extended'
|
||||
alias la='ls'
|
||||
alias ll=ls
|
||||
alias l=ls
|
||||
|
||||
########################################################################################### Package Management
|
||||
alias aptac='apt autoclean'
|
||||
alias aptap='apt autopurge'
|
||||
alias aptar='apt autoremove'
|
||||
alias aptcheck='apt-get check'
|
||||
alias aptdep='apt-cache depends'
|
||||
alias aptdl='apt-get install --download-only'
|
||||
alias aptfug='apt full-upgrade'
|
||||
alias aptupd='apt update'
|
||||
alias aptupg='apt upgrade'
|
||||
alias apti='apt install'
|
||||
alias aptp='apt purge'
|
||||
alias aptr='apt remove'
|
||||
alias aptse='apt search'
|
||||
alias aptsh='apt show'
|
||||
alias aptimage='apt-cache search linux-image | grep linux-image | grep amd64 | grep -v "dbg" | grep -v "meta-package" | grep -v "cloud" | grep -v "PREEMPT"'
|
||||
|
||||
########################################################################################### Readability
|
||||
alias df='df -h'
|
||||
alias free='free -m'
|
||||
alias mkdir='mkdir -pv'
|
||||
|
||||
########################################################################################### Service restart
|
||||
alias rsban='systemctl restart fail2ban'
|
||||
alias rsweb='systemctl restart nginx php8.4-fpm redis'
|
||||
|
||||
########################################################################################### System maintaining
|
||||
alias boot='reboot -h now'
|
||||
alias cscan='clamscan -r --bell -i'
|
||||
alias chkhvg='haveged -n 0 | dieharder -g 200 -a'
|
||||
alias dev='lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH'
|
||||
alias i='echo "$(whoami) @ $(uname -a)"'
|
||||
alias ipunused='iptables -L -v -n'
|
||||
alias jboot='journalctl --boot=0'
|
||||
alias lsadt='lynis audit system --auditor Centurion_Intelligence_Consulting_Agency'
|
||||
alias lsadtdoc='lynis audit system --auditor Centurion_Intelligence_Consulting_Agency > /root/lynis-$(date +%F_%H-%M-%S).txt 2>&1'
|
||||
alias n='nano'
|
||||
alias nstat='netstat -tlpnvWa'
|
||||
alias s='sudo -i'
|
||||
alias sas='systemd-analyze security'
|
||||
alias shut='shutdown -h now'
|
||||
alias ssa='systemctl status'
|
||||
alias ssf='systemctl status --failed'
|
||||
alias sysdr='systemctl daemon-reload'
|
||||
alias syses='systemctl edit'
|
||||
alias sysrl='systemctl reload'
|
||||
alias sysrs='systemctl restart'
|
||||
alias syssp='systemctl stop'
|
||||
alias sysst='systemctl start'
|
||||
alias v='nvim'
|
||||
alias whatdelete='lsof | grep deleted'
|
||||
alias whatimage='dpkg --list | grep linux-image'
|
||||
alias whatpurge='dpkg --get-selections | grep deinstall'
|
||||
|
||||
########################################################################################### Functions
|
||||
|
||||
###########################################################################################
|
||||
# Generates Secure (/dev/random) Passwords
|
||||
# Arguments:
|
||||
# Length of Password, e.g., 32, and --base64 in case of encoding in BASE64.
|
||||
###########################################################################################
|
||||
# shellcheck disable=SC2317
|
||||
genpasswd() {
|
||||
declare -i length=32
|
||||
declare -i usebase64=0
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--base64)
|
||||
usebase64=1
|
||||
;;
|
||||
'' | *[!0-9]*) ;;
|
||||
*)
|
||||
length="$1"
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
declare passwd
|
||||
passwd=$(tr -dc 'A-Za-z0-9_' < /dev/random | head -c "${length}")
|
||||
|
||||
if [[ ${usebase64} -eq 1 ]]; then
|
||||
echo -n "${passwd}" | base64
|
||||
else
|
||||
echo "${passwd}"
|
||||
fi
|
||||
}
|
||||
|
||||
###########################################################################################
|
||||
# Generates Secure (/dev/random) Passwords
|
||||
# Arguments:
|
||||
# none
|
||||
###########################################################################################
|
||||
# shellcheck disable=SC2317
|
||||
genpasswdhash() {
|
||||
declare salt
|
||||
salt=$(tr -dc 'A-Za-z0-9' < /dev/random | head -c 16)
|
||||
mkpasswd --method=sha-512 --salt="${salt}" --rounds=8388608
|
||||
}
|
||||
|
||||
###########################################################################################
|
||||
# Globals: Wrapper for secure curl
|
||||
# Arguments:
|
||||
# $1: URL from which to download a specific file
|
||||
# $2: /path/to/file to be saved to
|
||||
###########################################################################################
|
||||
# shellcheck disable=SC2317
|
||||
scurl() {
|
||||
if [[ $# -ne 2 ]]; then
|
||||
printf "\e[91m❌ Error: Usage: scurl <URL> <path/to/file>. \e[0m\n" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! curl --proto '=https' --tlsv1.3 -sSf -o "${2}" "${1}"; then
|
||||
printf "\e[91m❌ Error: Download failed for URL: '%s'. \e[0m\n" "${1}" >&2
|
||||
return 2
|
||||
fi
|
||||
}
|
||||
|
||||
###########################################################################################
|
||||
# Globals: Wrapper for secure wget
|
||||
# Arguments:
|
||||
# $1: URL from which to download a specific file
|
||||
# $2: /path/to/file to be saved to
|
||||
###########################################################################################
|
||||
# shellcheck disable=SC2317
|
||||
swget() {
|
||||
if [[ $# -ne 2 ]]; then
|
||||
printf "\e[91m❌ Error: Usage: swget <URL> <path/to/file>. \e[0m\n" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! wget --no-clobber --https-only --secure-protocol=TLSv1_3 -qO "${2}" "${1}"; then
|
||||
printf "\e[91m❌ Error: Download failed for URL: '%s'. \e[0m\n" "${1}" >&2
|
||||
return 2
|
||||
fi
|
||||
}
|
||||
|
||||
###########################################################################################
|
||||
# Globals: Wrapper for loading CISS.2025 hardened Kernel Parameters
|
||||
# Arguments:
|
||||
# none
|
||||
###########################################################################################
|
||||
# shellcheck disable=SC2317
|
||||
sysp() {
|
||||
sysctl -p /etc/sysctl.d/99_local.hardened
|
||||
# sleep 1
|
||||
sysctl -a | grep -E 'kernel|vm|net' > /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log
|
||||
}
|
||||
|
||||
###########################################################################################
|
||||
# Globals: Wrapper for tree
|
||||
# Arguments:
|
||||
# $1: Depth of Directory Listing
|
||||
###########################################################################################
|
||||
# shellcheck disable=SC2317
|
||||
trel() {
|
||||
declare depth=${1:-3}
|
||||
tree -C -h --dirsfirst -L "${depth}"
|
||||
}
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
Reference in New Issue
Block a user