V8.03.644.2025.06.07

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/hooks/live/9985_clamav.chroot

@@ -58,7 +58,7 @@ ReadOnlyPaths=/
 ReadWritePaths=/var/lib/clamav /var/log/clamav /var/run/clamav
 
 MemoryDenyWriteExecute=yes
-MemoryLimit=512M
+MemoryLimit=4096M
 CPUShares=512
 
 RestrictAddressFamilies=AF_INET AF_INET6

config/hooks/live/9990_final_purge.chroot

@@ -22,7 +22,7 @@ qemu-guest-agent rmail sendmail-base sendmail-bin sendmail-cf sensible-mda sendm
 apt-mark hold exim4 exim4-daemon-light exim4-base exim4-config \
 qemu-guest-agent rmail sendmail-base sendmail-bin sendmail-cf sensible-mda sendmail-doc
 
-dpkg --get-selections | grep deinstall >> /tmp/deinstall.log || true
+dpkg --get-selections | grep deinstall >| /tmp/deinstall.log || true
 
 if [[ -s /tmp/deinstall.log ]]; then
   printf "\n"

config/hooks/live/9991_file_permissions.chroot

@@ -39,7 +39,7 @@ EOF
 
 cp -a /etc/login.defs /root/.ciss/dlb/backup/login.defs.bak
 
-sed -i 's/LOGIN_TIMEOUT       60/LOGIN_TIMEOUT       180/' /etc/login.defs
+sed -ri 's/^(#?LOGIN_TIMEOUT)[[:space:]]+[0-9]+/\1 180/' /etc/login.defs
 sed -i 's/UMASK		022/UMASK		077/' /etc/login.defs
 sed -i 's/PASS_MAX_DAYS	99999/PASS_MAX_DAYS	16384/' /etc/login.defs
 sed -i 's/PASS_MIN_DAYS	0/PASS_MIN_DAYS	1/' /etc/login.defs

config/hooks/live/9994_password_policy.chroot

@@ -51,7 +51,7 @@ difok = 4
 ### Minimum acceptable size for the new password (plus one if
 ### credits are not disabled, which is the default). (See pam_cracklib manual.)
 ### Cannot be set to a lower value than 6.
-minlen = 20
+minlen = 40
 
 ### dcredit = 0, ucredit = 0, lcredit = 0, ocredit = 0, minclass = 0
 ### NIST SP 800-63B advises against rigid complexity rules (numbers, symbols, uppercase)