msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.440.2025.11.19
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m18s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m34s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-19 05:46:31 +00:00
parent 3260f2f2f9
commit d380e11c57
41 changed files with 60 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/AUDIT_DNSSEC.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. DNSSEC Status

2
docs/AUDIT_HAVEGED.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. Haveged Audit on Netcup RS 2000 G11

2
docs/AUDIT_LYNIS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. Lynis Audit:

2
docs/AUDIT_SSH.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. SSH Audit by ssh-audit.com

2
docs/AUDIT_TLS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. TLS Audit:
````text

2
docs/BOOTPARAMS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. Hardened Kernel Boot Parameters

9
docs/CHANGELOG.md
View File

@@ -8,10 +8,17 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. Changelog
## V8.13.440.2025.11.19
* **Bugfixes**: [0022-ciss-overlay-tmpfs](../config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs)
* **Bugfixes**: [0024-ciss-crypt-squash](../config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash)
* **Bugfixes**: [0026-ciss-early-sysctl](../config/includes.chroot/usr/lib/live/boot/0026-ciss-early-sysctl)
* **Bugfixes**: [0030-ciss-verify-checksums](../config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums)
* **Bugfixes**: [0042-ciss-post-decrypt-attest](../config/includes.chroot/usr/lib/live/boot/0042-ciss-post-decrypt-attest)
## V8.13.432.2025.11.18
* **Bugfixes**: [0003_cdi_autostart.chroot](../config/hooks/live/0003_cdi_autostart.chroot)
* **Bugfixes**: [9999_cdi_starter.sh](../scripts/usr/local/sbin/9999_cdi_starter.sh)

2
docs/CNET.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. Centurion Net - Developer Branch Overview

2
docs/CODING_CONVENTION.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. Coding Style

2
docs/CONTRIBUTING.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. Contributing / participating

2
docs/CREDITS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. Credits

2
docs/DL_PUB_ISO.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. Download the latest PUBLIC CISS.debian.live.ISO

6
docs/DOCUMENTATION.md
View File

@@ -8,14 +8,14 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2.1. Usage
````text
CDLB(1) CISS.debian.live.builder CDLB(1)
CISS.debian.live.builder from https://git.coresecret.dev/msw
Master V8.13.432.2025.11.18
Master V8.13.440.2025.11.19
A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
(c) Marc S. Weidner, 2018 - 2025
@@ -146,7 +146,7 @@ A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
💷 Please consider donating to my work at:
🌐 https://coresecret.eu/spenden/
V8.13.432.2025.11.18 2025-11-06 CDLB(1)
V8.13.440.2025.11.19 2025-11-06 CDLB(1)
````
# 3. Booting

16
docs/MAN_CISS_ISO_BOOT_CHAIN.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. CISS.debian.live.builder Boot & Trust Chain (Technical Documentation)
@@ -65,7 +65,6 @@ flowchart TD
0070 e07@--> 0080["Decompress Kernel"];
0080 e08@--> 0090["/init Phase"];
0090 e09@--> 0100["Starting CISS.hardened dropbear"];
0100 -.-> 9000["Living CISS.hardened dropbear"];
0100 e10@--> 0110["Executing live-boot, mounting ISO FS"];
0110 e11@--> 0122["Executing 0022-ciss: Hardening tmpfs for OverlayFS upper/work"];
0122 e12@--> 0124["Executing 0024-ciss: LUKS open (dm-crypt & integrity)"];
@@ -74,12 +73,11 @@ flowchart TD
ROOT e15@--> 0126["Executing 0026-ciss: Hardening early sysctls"];
0126 e16@--> 0130["Executing 0030-ciss: Verification of authenticity and integrity via embedded and pinned GPG of ISO edge"];
0130 e17@--> |SUCCESSFUL| 0142["Executing 0042-ciss: Attestation of RootFS"];
0142 e18@--> |SUCCESSFUL| 9050["Switching root (run-init / pivot_root)"];
0142 e19@--> |SUCCESSFUL| 0145["init-bottom: stop CISS.hardened dropbear, tear down initramfs net"];
0145 e20@--> 9050;
9050 e21@--> 9010["Starting /sbin/init -> systemd"];
9000 e22@--> 9010["Starting /sbin/init -> systemd"];
9010 e23@--> 9020["Starting Target Units"];
0142 e18@--> 0145["init-bottom: stop CISS.hardened dropbear, tear down initramfs net"];
0145 e19@--> 9050["Switching root (run-init / pivot_root)"];
9050 e20@--> 9010["Starting /sbin/init -> systemd"];
9010 e21@--> 9020["Starting Target Units"];
0100 -.-> 0145;
e06@{ animation: fast }
e07@{ animation: fast }
e08@{ animation: fast }
@@ -96,8 +94,6 @@ flowchart TD
e19@{ animation: fast }
e20@{ animation: fast }
e21@{ animation: fast }
e22@{ animation: fast }
e23@{ animation: fast }
end
subgraph Finale State

2
docs/MAN_SSH_Host_Key_Policy.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. SSH Host Key Policy CISS.debian.live.builder / CISS.debian.installer

2
docs/REFERENCES.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. Resources