From c53fe4cf924d39d4a4b3606ddd3bceca80830679cf07f9ed4aa47ee077bd24c7 Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Tue, 12 Aug 2025 01:26:09 +0200
Subject: [PATCH] V8.04.002.2025.08.11

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 .gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml |  2 +-
 .gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml |  2 +-
 .gitea/workflows/generate_PUBLIC_iso.yaml            |  2 +-
 .gitea/workflows/linter_char_scripts.yaml            |  4 ++--
 config/hooks/live/9996_auditd.chroot                 | 10 +++++-----
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
index b30ef33..49969c4 100644
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
@@ -381,7 +381,7 @@ jobs:
           # SPDX-PackageName: CISS.debian.live.builder
           # SPDX-Security-Contact: security@coresecret.eu
 
-          This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
+          This file was automatically generated by the DEPLOY BOT on: "${timestamp}"
 
           CISS.debian.live.builder ISO :
             "${VAR_ISO_FILE_NAME}"
diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
index 94b587f..a288bcc 100644
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
@@ -378,7 +378,7 @@ jobs:
           # SPDX-PackageName: CISS.debian.live.builder
           # SPDX-Security-Contact: security@coresecret.eu
 
-          This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
+          This file was automatically generated by the DEPLOY BOT on: "${timestamp}"
 
           CISS.debian.live.builder ISO :
             "${VAR_ISO_FILE_NAME}"
diff --git a/.gitea/workflows/generate_PUBLIC_iso.yaml b/.gitea/workflows/generate_PUBLIC_iso.yaml
index 9708756..3638630 100644
--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -378,7 +378,7 @@ jobs:
           # SPDX-PackageName: CISS.debian.live.builder
           # SPDX-Security-Contact: security@coresecret.eu
 
-          This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
+          This file was automatically generated by the DEPLOY BOT on: "${timestamp}"
 
           CISS.debian.live.builder ISO :
             "${VAR_ISO_FILE_NAME}"
diff --git a/.gitea/workflows/linter_char_scripts.yaml b/.gitea/workflows/linter_char_scripts.yaml
index db20a8e..1e4de1a 100644
--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -216,7 +216,7 @@ jobs:
           # SPDX-PackageName: CISS.debian.live.builder
           # SPDX-Security-Contact: security@coresecret.eu
 
-          This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
+          This file was automatically generated by the DEPLOY BOT on: "${timestamp}"
 
           ⚠️ The last linter check was NOT successful. ⚠️
 
@@ -239,7 +239,7 @@ jobs:
           # SPDX-PackageName: CISS.debian.live.builder
           # SPDX-Security-Contact: security@coresecret.eu
 
-          This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
+          This file was automatically generated by the DEPLOY BOT on: "${timestamp}"
 
           ✅ The last linter check was successful. ✅
 
diff --git a/config/hooks/live/9996_auditd.chroot b/config/hooks/live/9996_auditd.chroot
index 4c2ab8c..1a7315e 100644
--- a/config/hooks/live/9996_auditd.chroot
+++ b/config/hooks/live/9996_auditd.chroot
@@ -48,20 +48,20 @@ cat << EOF >| /etc/audit/rules.d/11-loginuid.rules
 EOF
 
 ############################################################### /etc/audit/rules.d/20-dont-audit.rules
-cat << EOF >| /etc/audit/rules.d/20-dont-audit.rules
+#cat << EOF >| /etc/audit/rules.d/20-dont-audit.rules
 ## This is for don't audit rules. We put these early because audit
 ### is a first match wins system. Uncomment the rules you want.
 
 ## Cron jobs fill the logs with stuff we normally don't want
--a never,user -F subj_type=crond_t
+#-a never,user -F subj_type=crond_t
 
 ## This prevents chrony from overwhelming the logs
--a never,exit -F arch=x86_64 -S adjtimex -F auid=unset -F uid=_chrony -F subj_type=chronyd_t
+#-a never,exit -F arch=x86_64 -S adjtimex -F auid=unset -F uid=_chrony -F subj_type=chronyd_t
 
 ### This is not very interesting and wastes a lot of space if
 ### the server is public facing
--a always,exclude -F msgtype=CRYPTO_KEY_USER
-EOF
+#-a always,exclude -F msgtype=CRYPTO_KEY_USER
+#EOF
 
 ############################################################### /etc/audit/rules.d/21-no32bit.rules
 cat << EOF >| /etc/audit/rules.d/21-no32bit.rules