diff --git a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
index 18dd0db..aaa2d8e 100644
--- a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
+++ b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
@@ -25,7 +25,7 @@ body:
attributes:
label: "Version"
description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
- placeholder: "e.g., Master V8.03.768.2025.06.19"
+ placeholder: "e.g., Master V8.03.768.2025.06.23"
validations:
required: true
diff --git a/.gitea/TODO/dockerfile b/.gitea/TODO/dockerfile
index 807fca4..9b3216e 100644
--- a/.gitea/TODO/dockerfile
+++ b/.gitea/TODO/dockerfile
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.768.2025.06.23
FROM debian:bookworm
diff --git a/.gitea/TODO/render-md-to-html.yaml b/.gitea/TODO/render-md-to-html.yaml
index 0228c97..fae5463 100644
--- a/.gitea/TODO/render-md-to-html.yaml
+++ b/.gitea/TODO/render-md-to-html.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.768.2025.06.23
name: ๐ Render README.md to README.html.
diff --git a/.gitea/trigger/t_generate_dns.yaml b/.gitea/trigger/t_generate_dns.yaml
index e4b64e8..5c21ab4 100644
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@
build:
counter: 1023
- version: V8.03.768.2025.06.19
+ version: V8.03.768.2025.06.23
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
index b7af2ae..08727e3 100644
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.768.2025.06.22
name: ๐ Generating a Private Live ISO FLV 0.
diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
index e453154..5327090 100644
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.768.2025.06.22
name: ๐ Generating a Private Live ISO FLV 1.
diff --git a/.gitea/workflows/generate_PUBLIC_iso.yaml b/.gitea/workflows/generate_PUBLIC_iso.yaml
index 1238539..3951977 100644
--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.768.2025.06.22
name: ๐ Generating a PUBLIC Live ISO.
diff --git a/.gitea/workflows/linter_char_scripts.yaml b/.gitea/workflows/linter_char_scripts.yaml
index fbadd3b..9eae465 100644
--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.768.2025.06.23
# Gitea Workflow: Shell-Script Linting
#
diff --git a/.gitea/workflows/render-dnssec-status.yaml b/.gitea/workflows/render-dnssec-status.yaml
index e4a4031..40bbdb0 100644
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.768.2025.06.23
name: ๐ก๏ธ Retrieve DNSSEC status of coresecret.dev.
diff --git a/.gitea/workflows/render-dot-to-png.yaml b/.gitea/workflows/render-dot-to-png.yaml
index 0f72eb4..7945885 100644
--- a/.gitea/workflows/render-dot-to-png.yaml
+++ b/.gitea/workflows/render-dot-to-png.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.768.2025.06.23
name: ๐ Render Graphviz Diagrams.
diff --git a/.version.properties b/.version.properties
index 5cfe1bc..848e7b9 100644
--- a/.version.properties
+++ b/.version.properties
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
properties_SPDX-PackageName="CISS.debian.live.builder"
properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.03.768.2025.06.19"
+properties_version="V8.03.768.2025.06.23"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
\ No newline at end of file
diff --git a/CISS.debian.live.builder.spdx b/CISS.debian.live.builder.spdx
index d22e194..531597e 100644
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
Created: 2025-05-07T12:00:00Z
Package: CISS.debian.live.builder
PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.03.768.2025.06.19
+PackageVersion: Master V8.03.768.2025.06.23
PackageSupplier: Organization: Centurion Intelligence Consulting Agency
PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
diff --git a/README.md b/README.md
index 71da9e6..ee29783 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
gitea: none
include_toc: true
---
-[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
[](https://eupl.eu/1.2/en/)
[](https://opensource.org/license/eupl-1-2)
@@ -26,7 +26,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -142,7 +142,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
-Example: `V8.03.768.2025.06.19`
+Example: `V8.03.768.2025.06.23`
`x.y.z` represents major (x), minor (y), and patch (z) version increments.
diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh
index ad8ce7f..143e3eb 100644
--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -41,7 +41,7 @@
. ./lib/lib_usage.sh; usage; exit 1; }
declare -gx VAR_CONTACT="security@coresecret.eu"
-declare -gx VAR_VERSION="Master V8.03.768.2025.06.19"
+declare -gx VAR_VERSION="Master V8.03.768.2025.06.23"
### CHECK FOR CONTACT, HELP, AND VERSION STRING
for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done
diff --git a/config/includes.chroot/etc/ssh/sshd_config b/config/includes.chroot/etc/ssh/sshd_config
index 4c260ed..1225eb5 100644
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.768.2025.06.23
### https://www.ssh-audit.com/
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
diff --git a/config/includes.chroot/etc/sysctl.d/99_local.hardened b/config/includes.chroot/etc/sysctl.d/99_local.hardened
index ee42d2f..c6c537e 100644
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.768.2025.06.23
### https://docs.kernel.org/
### https://github.com/a13xp0p0v/kernel-hardening-checker/
diff --git a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
index ea7e3bf..81ba62c 100644
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-declare -gr VERSION="Master V8.03.768.2025.06.19"
+declare -gr VERSION="Master V8.03.768.2025.06.23"
### VERY EARLY CHECK FOR DEBUGGING
if [[ $* == *" --debug "* ]]; then
diff --git a/config/includes.chroot/preseed/preseed.cfg b/config/includes.chroot/preseed/preseed.cfg
index e408f9e..5310cfc 100644
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
# Please consider donating to my work at: https://coresecret.eu/spenden/
###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.19 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.23 at: 10:18:37.9542
diff --git a/config/includes.chroot/root/.ciss/alias b/config/includes.chroot/root/.ciss/alias
index 2bcd1f1..7461671 100644
--- a/config/includes.chroot/root/.ciss/alias
+++ b/config/includes.chroot/root/.ciss/alias
@@ -149,13 +149,16 @@ genpasswdhash() {
mkpasswd --method=sha-512 --salt="${salt}" --rounds=8388608
}
-###########################################################################################
-# Globals: Wrapper for secure curl
+#######################################
+# Wrapper for secure curl
# Arguments:
# $1: URL from which to download a specific file
# $2: /path/to/file to be saved to
-###########################################################################################
-# shellcheck disable=SC2317
+# Returns:
+# 0: Download successful
+# 1: Usage error
+# 2: Download failure
+#######################################
scurl() {
if [[ $# -ne 2 ]]; then
printf "\e[91mโ Error: Usage: scurl .\e[0m\n" >&2
@@ -176,13 +179,16 @@ scurl() {
return 0
}
-###########################################################################################
-# Globals: Wrapper for secure wget
+#######################################
+# Wrapper for secure wget
# Arguments:
# $1: URL from which to download a specific file
# $2: /path/to/file to be saved to
-###########################################################################################
-# shellcheck disable=SC2317
+# Returns:
+# 0: Download successful
+# 1: Usage error
+# 2: Download failure
+#######################################
swget() {
if [[ $# -ne 2 ]]; then
printf "\e[91mโ Error: Usage: swget .\e[0m\n" >&2
@@ -204,26 +210,24 @@ swget() {
return 0
}
-###########################################################################################
-# Globals: Wrapper for loading CISS.2025 hardened Kernel Parameters
+#######################################
+# Wrapper for loading CISS.2025 hardened Kernel Parameters
# Arguments:
-# none
-###########################################################################################
-# shellcheck disable=SC2317
+# None
+#######################################
sysp() {
sysctl -p /etc/sysctl.d/99_local.hardened
# sleep 1
sysctl -a | grep -E 'kernel|vm|net' > /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log
}
-###########################################################################################
-# Globals: Wrapper for tree
+#######################################
+# Wrapper for tree
# Arguments:
# $1: Depth of Directory Listing
-###########################################################################################
-# shellcheck disable=SC2317
+#######################################
trel() {
- declare depth=${1:-3}
- tree -C -h --dirsfirst -L "${depth}"
+ declare depth=${1:-3}
+ tree -C -h --dirsfirst -L "${depth}"
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
diff --git a/config/package-lists/live.list.common.chroot b/config/package-lists/live.list.common.chroot
index af0e109..f4917b7 100644
--- a/config/package-lists/live.list.common.chroot
+++ b/config/package-lists/live.list.common.chroot
@@ -21,6 +21,7 @@ bc
bind9-dnsutils
bsdmainutils
btrfs-progs
+bzip2
ca-certificates
clamav
clamav-daemon
@@ -42,9 +43,11 @@ dirmngr
dmsetup
dnsviz
dosfstools
+e2fsprogs
efibootmgr
expect
fail2ban
+fdisk
figlet
fzf
gawk
@@ -79,6 +82,7 @@ man
man-db
manpages
manpages-dev
+mdadm
mtr
nano
ncat
@@ -110,11 +114,13 @@ ssl-cert
sudo
sysstat
systemd-sysv
+tar
tree
tshark
ufw
unattended-upgrades
unzip
+util-linux
virt-what
wamerican
wbritish
@@ -122,6 +128,9 @@ wfrench
wget
whois
wngerman
+xfsprogs
+xz-utils
+yq
zip
zsh
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
\ No newline at end of file
diff --git a/docs/AUDIT_DNSSEC.md b/docs/AUDIT_DNSSEC.md
index 082afda..842cfc4 100644
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. DNSSEC Status
diff --git a/docs/AUDIT_HAVEGED.md b/docs/AUDIT_HAVEGED.md
index f8d7749..3a368e8 100644
--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. Haveged Audit on Netcup RS 2000 G11
diff --git a/docs/AUDIT_LYNIS.md b/docs/AUDIT_LYNIS.md
index 20bf846..b3fea0a 100644
--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. Lynis Audit:
diff --git a/docs/AUDIT_SSH.md b/docs/AUDIT_SSH.md
index f9906d2..a36f07e 100644
--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. SSH Audit by ssh-audit.com
diff --git a/docs/AUDIT_TLS.md b/docs/AUDIT_TLS.md
index 3598008..faff7aa 100644
--- a/docs/AUDIT_TLS.md
+++ b/docs/AUDIT_TLS.md
@@ -8,14 +8,14 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. TLS Audit:
````text
#####################################################################
- testssl.sh version 3.2rc4 from https://testssl.sh/dev/
- (6746fa5 2025-04-18 13:17:50)
+ testssl.sh version 3.2.1 from https://testssl.sh/
+ (81471c3 2025-06-15 09:48:31)
This program is free software. Distribution and modification under
GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
@@ -26,7 +26,313 @@ include_toc: true
Using OpenSSL 1.0.2-bad (Mar 28 2025) [~179 ciphers]
on kali:./bin/openssl.Linux.x86_64
- Start 2025-06-02 18:04:19 -->> 152.53.110.40:443 (coresecret.dev) <<--
+ Start 2025-06-23 06:37:04 -->> 135.181.207.105:443 (dns01.eddns.eu) <<--
+
+ Further IP addresses: 2a01:4f9:c012:a813:135:181:207:105
+ rDNS (135.181.207.105): dns01.eddns.eu.
+ Service detected: HTTP
+
+ Testing protocols via sockets except NPN+ALPN
+
+ SSLv2 not offered (OK)
+ SSLv3 not offered (OK)
+ TLS 1 not offered
+ TLS 1.1 not offered
+ TLS 1.2 offered (OK)
+ TLS 1.3 offered (OK): final
+ NPN/SPDY not offered
+ ALPN/HTTP2 h2, http/1.1 (offered)
+
+ Testing for server implementation bugs
+
+ No bugs found.
+
+ Testing cipher categories
+
+ NULL ciphers (no encryption) not offered (OK)
+ Anonymous NULL Ciphers (no authentication) not offered (OK)
+ Export ciphers (w/o ADH+NULL) not offered (OK)
+ LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
+ Triple DES Ciphers / IDEA not offered
+ Obsoleted CBC ciphers (AES, ARIA etc.) not offered
+ Strong encryption (AEAD ciphers) with no FS not offered
+ Forward Secrecy strong encryption (AEAD ciphers) offered (OK)
+
+
+ Testing server's cipher preferences
+
+Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
+-----------------------------------------------------------------------------------------------------------------------------
+SSLv2
+ -
+SSLv3
+ -
+TLSv1
+ -
+TLSv1.1
+ -
+TLSv1.2 (server order)
+ xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 448 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 448 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+TLSv1.3 (server order)
+ x1302 TLS_AES_256_GCM_SHA384 ECDH 448 AESGCM 256 TLS_AES_256_GCM_SHA384
+ x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 448 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
+
+ Has server cipher order? yes (OK) -- TLS 1.3 and below
+
+
+ Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
+
+ FS is offered (OK) , ciphers follow (client/browser support is important here)
+
+Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
+-----------------------------------------------------------------------------------------------------------------------------
+ x1302 TLS_AES_256_GCM_SHA384 ECDH 448 AESGCM 256 TLS_AES_256_GCM_SHA384 available
+ x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 448 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 available
+ xcc14 ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD not a/v
+ xcc13 ECDHE-RSA-CHACHA20-POLY1305-OLD ECDH ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD not a/v
+ xcc15 DHE-RSA-CHACHA20-POLY1305-OLD DH ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD not a/v
+ xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 available
+ xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 not a/v
+ xc028 ECDHE-RSA-AES256-SHA384 ECDH AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 not a/v
+ xc024 ECDHE-ECDSA-AES256-SHA384 ECDH AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 not a/v
+ xc014 ECDHE-RSA-AES256-SHA ECDH AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA not a/v
+ xc00a ECDHE-ECDSA-AES256-SHA ECDH AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA not a/v
+ xa3 DHE-DSS-AES256-GCM-SHA384 DH AESGCM 256 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 not a/v
+ x9f DHE-RSA-AES256-GCM-SHA384 DH AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 not a/v
+ xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 not a/v
+ xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 448 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 available
+ xccaa DHE-RSA-CHACHA20-POLY1305 DH ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 not a/v
+ xc0af ECDHE-ECDSA-AES256-CCM8 ECDH AESCCM8 256 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 not a/v
+ xc0ad ECDHE-ECDSA-AES256-CCM ECDH AESCCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_CCM not a/v
+ xc0a3 DHE-RSA-AES256-CCM8 DH AESCCM8 256 TLS_DHE_RSA_WITH_AES_256_CCM_8 not a/v
+ xc09f DHE-RSA-AES256-CCM DH AESCCM 256 TLS_DHE_RSA_WITH_AES_256_CCM not a/v
+ x6b DHE-RSA-AES256-SHA256 DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 not a/v
+ x6a DHE-DSS-AES256-SHA256 DH AES 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 not a/v
+ x39 DHE-RSA-AES256-SHA DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA not a/v
+ x38 DHE-DSS-AES256-SHA DH AES 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA not a/v
+ xc077 ECDHE-RSA-CAMELLIA256-SHA384 ECDH Camellia 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 not a/v
+ xc073 ECDHE-ECDSA-CAMELLIA256-SHA384 ECDH Camellia 256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 not a/v
+ xc4 DHE-RSA-CAMELLIA256-SHA256 DH Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 not a/v
+ xc3 DHE-DSS-CAMELLIA256-SHA256 DH Camellia 256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 not a/v
+ x88 DHE-RSA-CAMELLIA256-SHA DH Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA not a/v
+ x87 DHE-DSS-CAMELLIA256-SHA DH Camellia 256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA not a/v
+ xc043 DHE-DSS-ARIA256-CBC-SHA384 DH ARIA 256 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 not a/v
+ xc045 DHE-RSA-ARIA256-CBC-SHA384 DH ARIA 256 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 not a/v
+ xc049 ECDHE-ECDSA-ARIA256-CBC-SHA384 ECDH ARIA 256 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 not a/v
+ xc04d ECDHE-RSA-ARIA256-CBC-SHA384 ECDH ARIA 256 TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 not a/v
+ xc053 DHE-RSA-ARIA256-GCM-SHA384 DH ARIAGCM 256 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 not a/v
+ xc057 DHE-DSS-ARIA256-GCM-SHA384 DH ARIAGCM 256 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 not a/v
+ xc05d ECDHE-ECDSA-ARIA256-GCM-SHA384 ECDH ARIAGCM 256 TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 not a/v
+ xc061 ECDHE-ARIA256-GCM-SHA384 ECDH ARIAGCM 256 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 not a/v
+ xc07d - DH CamelliaGCM 256 TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 not a/v
+ xc081 - DH CamelliaGCM 256 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 not a/v
+ xc087 - ECDH CamelliaGCM 256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 not a/v
+ xc08b - ECDH CamelliaGCM 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 not a/v
+ x1301 TLS_AES_128_GCM_SHA256 any AESGCM 128 TLS_AES_128_GCM_SHA256 not a/v
+ x1304 TLS_AES_128_CCM_SHA256 any AESCCM 128 TLS_AES_128_CCM_SHA256 not a/v
+ x1305 TLS_AES_128_CCM_8_SHA256 any AESCCM8 128 TLS_AES_128_CCM_8_SHA256 not a/v
+ xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 not a/v
+ xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 not a/v
+ xc027 ECDHE-RSA-AES128-SHA256 ECDH AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 not a/v
+ xc023 ECDHE-ECDSA-AES128-SHA256 ECDH AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 not a/v
+ xc013 ECDHE-RSA-AES128-SHA ECDH AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA not a/v
+ xc009 ECDHE-ECDSA-AES128-SHA ECDH AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA not a/v
+ xa2 DHE-DSS-AES128-GCM-SHA256 DH AESGCM 128 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 not a/v
+ x9e DHE-RSA-AES128-GCM-SHA256 DH AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 not a/v
+ xc0ae ECDHE-ECDSA-AES128-CCM8 ECDH AESCCM8 128 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 not a/v
+ xc0ac ECDHE-ECDSA-AES128-CCM ECDH AESCCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_CCM not a/v
+ xc0a2 DHE-RSA-AES128-CCM8 DH AESCCM8 128 TLS_DHE_RSA_WITH_AES_128_CCM_8 not a/v
+ xc09e DHE-RSA-AES128-CCM DH AESCCM 128 TLS_DHE_RSA_WITH_AES_128_CCM not a/v
+ x67 DHE-RSA-AES128-SHA256 DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 not a/v
+ x40 DHE-DSS-AES128-SHA256 DH AES 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 not a/v
+ x33 DHE-RSA-AES128-SHA DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA not a/v
+ x32 DHE-DSS-AES128-SHA DH AES 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA not a/v
+ xc076 ECDHE-RSA-CAMELLIA128-SHA256 ECDH Camellia 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 not a/v
+ xc072 ECDHE-ECDSA-CAMELLIA128-SHA256 ECDH Camellia 128 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 not a/v
+ xbe DHE-RSA-CAMELLIA128-SHA256 DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 not a/v
+ xbd DHE-DSS-CAMELLIA128-SHA256 DH Camellia 128 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 not a/v
+ x9a DHE-RSA-SEED-SHA DH SEED 128 TLS_DHE_RSA_WITH_SEED_CBC_SHA not a/v
+ x99 DHE-DSS-SEED-SHA DH SEED 128 TLS_DHE_DSS_WITH_SEED_CBC_SHA not a/v
+ x45 DHE-RSA-CAMELLIA128-SHA DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA not a/v
+ x44 DHE-DSS-CAMELLIA128-SHA DH Camellia 128 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA not a/v
+ xc042 DHE-DSS-ARIA128-CBC-SHA256 DH ARIA 128 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 not a/v
+ xc044 DHE-RSA-ARIA128-CBC-SHA256 DH ARIA 128 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 not a/v
+ xc048 ECDHE-ECDSA-ARIA128-CBC-SHA256 ECDH ARIA 128 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 not a/v
+ xc04c ECDHE-RSA-ARIA128-CBC-SHA256 ECDH ARIA 128 TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 not a/v
+ xc052 DHE-RSA-ARIA128-GCM-SHA256 DH ARIAGCM 128 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 not a/v
+ xc056 DHE-DSS-ARIA128-GCM-SHA256 DH ARIAGCM 128 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 not a/v
+ xc05c ECDHE-ECDSA-ARIA128-GCM-SHA256 ECDH ARIAGCM 128 TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 not a/v
+ xc060 ECDHE-ARIA128-GCM-SHA256 ECDH ARIAGCM 128 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 not a/v
+ xc07c - DH CamelliaGCM 128 TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 not a/v
+ xc080 - DH CamelliaGCM 128 TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 not a/v
+ xc086 - ECDH CamelliaGCM 128 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 not a/v
+ xc08a - ECDH CamelliaGCM 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 not a/v
+
+ Elliptic curves offered: secp384r1 secp521r1 X448
+ TLS 1.2 sig_algs offered: RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224
+ TLS 1.3 sig_algs offered: RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512
+
+ Testing server defaults (Server Hello)
+
+ TLS extensions (standard) "server name/#0" "max fragment length/#1" "status request/#5" "supported_groups/#10" "EC point formats/#11"
+ "application layer protocol negotiation/#16" "extended master secret/#23" "supported versions/#43" "key share/#51"
+ "renegotiation info/#65281"
+ Session Ticket RFC 5077 hint no -- no lifetime advertised
+ SSL Session ID support yes
+ Session Resumption Tickets no, ID: yes
+ TLS clock skew Random values, no fingerprinting possible
+ Certificate Compression none
+ Client Authentication none
+ Signature Algorithm SHA384 with RSA
+ Server key size RSA 4096 bits (exponent is 262147)
+ Server key usage Digital Signature, Key Encipherment
+ Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication
+ Serial A39CFE0064280D467269C012636F9EE8 (OK: length 16)
+ Fingerprints SHA1 9E19BE00A07E50CC5DB94A51419D431E845F810A
+ SHA256 92D01842FB6275890EF74AAD742990EFD76ABA0604203B327F3270E805B6F356
+ Common Name (CN) eddns.eu
+ subjectAltName (SAN) eddns.eu dns01.eddns.eu dns02.eddns.de dns03.eddns.eu eddns.de
+ Trust (hostname) Ok via SAN (same w/o SNI)
+ Chain of trust Ok
+ EV cert (experimental) no
+ Certificate Validity (UTC) 358 >= 60 days (2025-06-16 00:00 --> 2026-06-16 23:59)
+ ETS/"eTLS", visibility info not present
+ In pwnedkeys.com DB not in database
+ Certificate Revocation List --
+ OCSP URI http://zerossl.ocsp.sectigo.com, not revoked
+ OCSP stapling offered, not revoked
+ OCSP must staple extension supported
+ DNS CAA RR (experimental) available - please check for match with "Issuer" below
+ communications=error, iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl,
+ issue=letsencrypt.org;, issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
+ issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
+ issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=;
+ Certificate Transparency yes (certificate extension)
+ Certificates provided 2
+ Issuer ZeroSSL RSA Domain Secure Site CA (ZeroSSL from AT)
+ Intermediate cert validity #1: ok > 40 days (2030-01-29 23:59). ZeroSSL RSA Domain Secure Site CA <-- USERTrust RSA Certification Authority
+ Intermediate Bad OCSP (exp.) Ok
+
+
+ Testing HTTP header response @ "/"
+
+ HTTP Status Code 200 OK
+ HTTP clock skew 0 sec from localtime
+ Strict Transport Security 730 days=63072000 s, includeSubDomains, preload
+ Public Key Pinning --
+ Server banner nginx
+ Application banner --
+ Cookie(s) (none issued at "/")
+ Security headers X-Frame-Options: SAMEORIGIN
+ X-Content-Type-Options: nosniff
+ Expect-CT: max-age=86400, enforce
+ Permissions-Policy: interest-cohort=()
+ Cross-Origin-Opener-Policy: same-origin
+ Cross-Origin-Resource-Policy: cross-origin
+ Cross-Origin-Embedder-Policy: credentialless
+ X-XSS-Protection: 1; mode=block
+ Access-Control-Allow-Origin: https://dns01.eddns.eu
+ Permissions-Policy: interest-cohort=()
+ Referrer-Policy: same-origin
+ Cache-Control: no-cache
+ Reverse Proxy banner --
+
+
+ Testing vulnerabilities
+
+ Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
+ CCS (CVE-2014-0224) not vulnerable (OK)
+ Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session ticket extension
+ ROBOT Server does not support any cipher suites that use RSA key transport
+ Secure Renegotiation (RFC 5746) supported (OK)
+ Secure Client-Initiated Renegotiation not vulnerable (OK)
+ CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
+ BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/" tested
+ POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
+ TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered
+ SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
+ FREAK (CVE-2015-0204) not vulnerable (OK)
+ DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
+ make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
+ https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=92D01842FB6275890EF74AAD742990EFD76ABA0604203B327F3270E805B6F356
+ LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
+ BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1
+ LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK)
+ Winshock (CVE-2014-6321), experimental not vulnerable (OK)
+ RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
+
+
+ Running client simulations (HTTP) via sockets
+
+ Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
+------------------------------------------------------------------------------------------------
+ Android 7.0 (native) No connection
+ Android 8.1 (native) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 384 bit ECDH (P-384)
+ Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
+ Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
+ Android 11/12 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
+ Android 13/14 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
+ Android 15 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
+ Chrome 101 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
+ Chromium 137 (Win 11) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
+ Firefox 100 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
+ Firefox 137 (Win 11) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
+ IE 8 Win 7 No connection
+ IE 11 Win 7 No connection
+ IE 11 Win 8.1 No connection
+ IE 11 Win Phone 8.1 No connection
+ IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 384 bit ECDH (P-384)
+ Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 384 bit ECDH (P-384)
+ Edge 101 Win 10 21H2 TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
+ Edge 133 Win 11 23H2 TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
+ Safari 18.4 (iOS 18.4) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
+ Safari 15.4 (macOS 12.3.1) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
+ Safari 18.4 (macOS 15.4) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
+ Java 7u25 No connection
+ Java 8u442 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
+ Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
+ Java 17.0.3 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
+ Java 21.0.6 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
+ go 1.17.8 TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
+ LibreSSL 3.3.6 (macOS) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
+ OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 521 bit ECDH (P-521)
+ OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
+ OpenSSL 3.0.15 (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
+ OpenSSL 3.5.0 (git) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
+ Apple Mail (16.0) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 521 bit ECDH (P-521)
+ Thunderbird (91.9) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
+
+
+ Rating (experimental)
+
+ Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
+ Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
+ Protocol Support (weighted) 100 (30)
+ Key Exchange (weighted) 100 (30)
+ Cipher Strength (weighted) 100 (40)
+ Final Score 100
+ Overall Grade A+
+
+ Done 2025-06-23 06:38:43 [ 102s] -->> 135.181.207.105:443 (dns01.eddns.eu) <<--
+
+
+25-06-23|root@kali.ed448.eu:/root/gitea/testssl.sh/>>1|~#> ./testssl.sh --show-each --wide --phone-out --full https://git.coresecret.dev/
+
+#####################################################################
+ testssl.sh version 3.2.1 from https://testssl.sh/
+ (81471c3 2025-06-15 09:48:31)
+
+ This program is free software. Distribution and modification under
+ GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
+
+ Please file bugs @ https://testssl.sh/bugs/
+#####################################################################
+
+ Using OpenSSL 1.0.2-bad (Mar 28 2025) [~179 ciphers]
+ on kali:./bin/openssl.Linux.x86_64
+
+ Start 2025-06-23 06:55:40 -->> 152.53.110.40:443 (git.coresecret.dev) <<--
Further IP addresses: 2a0a:4cc0:80:330f:152:53:110:40
rDNS (152.53.110.40): git.coresecret.dev.
@@ -193,17 +499,21 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe
SHA256 76B6FFCE607D8514F676C286C7C76B90F5B7AE7D041631F2EF2F0079AF8D24AC
Common Name (CN) coresecret.dev
subjectAltName (SAN) coresecret.dev git.coresecret.dev lab.coresecret.dev run.coresecret.dev www.coresecret.dev
- Trust (hostname) Ok via SAN and CN (same w/o SNI)
+ Trust (hostname) Ok via SAN (same w/o SNI)
Chain of trust Ok
EV cert (experimental) no
- Certificate Validity (UTC) 174 >= 60 days (2025-05-28 09:56 --> 2025-11-23 22:59)
+ Certificate Validity (UTC) 153 >= 60 days (2025-05-28 09:56 --> 2025-11-23 22:59)
ETS/"eTLS", visibility info not present
In pwnedkeys.com DB not in database
Certificate Revocation List http://crl.buypass.no/crl/BPClass2CA5.crl, not revoked
OCSP URI http://ocsp.buypass.com, not revoked
OCSP stapling offered, not revoked
OCSP must staple extension --
- DNS CAA RR (experimental) not offered
+ DNS CAA RR (experimental) available - please check for match with "Issuer" below
+ iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl, issue=letsencrypt.org;,
+ issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
+ issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
+ issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=;
Certificate Transparency yes (certificate extension)
Certificates provided 2
Issuer Buypass Class 2 CA 5 (Buypass AS-983163327 from NO)
@@ -213,23 +523,27 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe
Testing HTTP header response @ "/"
- HTTP Status Code 301 Moved Permanently, redirecting to "https://git.coresecret.dev"
+ HTTP Status Code 200 OK
HTTP clock skew 0 sec from localtime
Strict Transport Security 730 days=63072000 s, includeSubDomains, preload
Public Key Pinning --
Server banner nginx
Application banner --
- Cookie(s) (none issued at "/") -- maybe better try target URL of 30x
+ Cookie(s) 2 issued: 2/2 secure, 2/2 HttpOnly
Security headers X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
+ Content-Security-Policy: default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self';
+ frame-src 'self'; frame-ancestors 'self'; img-src 'self' data: https://badges.coresecret.dev
+ https://uml.coresecret.dev; manifest-src 'self'; media-src 'self' data: https://badges.coresecret.dev
+ https://uml.coresecret.dev; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'none';
Expect-CT: max-age=86400, enforce
Permissions-Policy: interest-cohort=()
- Cross-Origin-Opener-Policy: same-origin
- Cross-Origin-Resource-Policy: same-origin
- Cross-Origin-Embedder-Policy: require-corp
+ Cross-Origin-Opener-Policy: cross-origin
+ Cross-Origin-Resource-Policy: cross-origin
+ Cross-Origin-Embedder-Policy: unsafe-none
X-XSS-Protection: 1; mode=block
Permissions-Policy: interest-cohort=()
- Referrer-Policy: same-origin
+ Referrer-Policy: no-referrer
Cache-Control: no-cache
Reverse Proxy banner --
@@ -268,6 +582,7 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe
Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Android 11/12 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Android 13/14 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
+ Android 15 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Chrome 101 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Chromium 137 (Win 11) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Firefox 100 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
@@ -308,7 +623,7 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe
Final Score 100
Overall Grade A+
- Done 2025-06-02 18:05:51 [ 95s] -->> 152.53.110.40:443 (coresecret.dev) <<--
+ Done 2025-06-23 06:57:01 [ 86s] -->> 152.53.110.40:443 (git.coresecret.dev) <<--
````
---
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 5f209ba..575765f 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,10 +8,14 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. Changelog
+## V8.03.768.2025.06.22
+
+* Updated [lib_clean_up.sh](../lib/lib_clean_up.sh): Lock FD and Artifacts.
+
## V8.03.768.2025.06.19
* Minor main script improvements.
diff --git a/docs/CNET.md b/docs/CNET.md
index 0d6000a..bb39902 100644
--- a/docs/CNET.md
+++ b/docs/CNET.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. Centurion Net - Developer Branch Overview
diff --git a/docs/CODING_CONVENTION.md b/docs/CODING_CONVENTION.md
index 41e229d..5fb703b 100644
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. Coding Style
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index bbd008f..2a7868c 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. Contributing / participating
diff --git a/docs/CREDITS.md b/docs/CREDITS.md
index 06be7b0..dadb440 100644
--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. Credits
diff --git a/docs/DL_PUB_ISO.md b/docs/DL_PUB_ISO.md
index 5ddfb0c..e912368 100644
--- a/docs/DL_PUB_ISO.md
+++ b/docs/DL_PUB_ISO.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. Download the latest PUBLIC CISS.debian.live.ISO
diff --git a/docs/DOCUMENTATION.md b/docs/DOCUMENTATION.md
index 3c9b2c3..9f0eb64 100644
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2.1. Usage
````text
CISS.debian.live.builder
-Master V8.03.768.2025.06.19
+Master V8.03.768.2025.06.23
A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
(c) Marc S. Weidner, 2018 - 2025
@@ -133,7 +133,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
# 2.2. Contact
````text
CISS.debian.live.builder
-Master V8.03.768.2025.06.19
+Master V8.03.768.2025.06.23
A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
(c) Marc S. Weidner, 2018 - 2025
diff --git a/docs/REFERENCES.md b/docs/REFERENCES.md
index 290b1a8..148d4f6 100644
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.03
-**Build**: V8.03.768.2025.06.19
+**Build**: V8.03.768.2025.06.23
# 2. Resources
diff --git a/lib/lib_check_provider.sh b/lib/lib_check_provider.sh
index e9584b8..930fbc4 100644
--- a/lib/lib_check_provider.sh
+++ b/lib/lib_check_provider.sh
@@ -18,7 +18,7 @@
check_provider() {
clear
cat << 'EOF' >| "${VAR_NOTES}"
-Build: Master V8.03.768.2025.06.19
+Build: Master V8.03.768.2025.06.23
Press 'EXIT' to continue with CISS.debian.live.builder.
diff --git a/lib/lib_clean_up.sh b/lib/lib_clean_up.sh
index ee5ee77..c7650d1 100644
--- a/lib/lib_clean_up.sh
+++ b/lib/lib_clean_up.sh
@@ -26,6 +26,11 @@ clean_up() {
rm -f -- "${VAR_KERNEL_INF}"
rm -f -- "${VAR_KERNEL_SRT}"
rm -f -- "${VAR_KERNEL_TMP}"
+ # Release advisory lock on FD 127.
+ flock -u 127
+ # Close file descriptor 127.
+ exec 127>&-
+ # Remove the lockfile artifact.
rm -f /run/lock/ciss_live_builder.lock
if (( clean_exit_code == 0 )); then rm -f -- "${LOG_ERROR}"; fi
if [[ -f "${VAR_WORKDIR}/hosts.allow" ]]; then
diff --git a/lib/lib_contact.sh b/lib/lib_contact.sh
index d3d4660..c02b05a 100644
--- a/lib/lib_contact.sh
+++ b/lib/lib_contact.sh
@@ -21,7 +21,7 @@ contact() {
clear
cat << EOF
$(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.768.2025.06.19\e[0m")
+$(echo -e "\e[92mMaster V8.03.768.2025.06.23\e[0m")
$(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
$(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
diff --git a/lib/lib_debug.sh b/lib/lib_debug.sh
index 1601ccf..7d41bba 100644
--- a/lib/lib_debug.sh
+++ b/lib/lib_debug.sh
@@ -36,7 +36,7 @@ debugger() {
} | sort >| "${VAR_DUMP_VARS_INITIAL}"
declare -gx VAR_EARLY_DEBUG=true
### Set a verbose PS4 prompt including timestamp, source, line, exit status, and function name
- declare -grx PS4='\e[97m+\e[0m\e[96m$(date +%Y-%m-%dT%H:%M:%S.%4N)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m '
+ declare -grx PS4='\e[97m+\e[0m\e[96m$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m '
# shellcheck disable=SC2155
declare -grx LOG_DEBUG="/tmp/ciss_live_builder_$$_debug.log"
### Generates empty LOG_DEBUG
diff --git a/lib/lib_debug_header.sh b/lib/lib_debug_header.sh
index df66bd1..08aef83 100644
--- a/lib/lib_debug_header.sh
+++ b/lib/lib_debug_header.sh
@@ -30,27 +30,30 @@
debug_header() {
declare -r arg_counter="$1"
declare -r arg_string="$2"
+ # shellcheck disable=SC2155
+ declare git_head=$(git rev-parse HEAD)
{
- printf "\e[97m+\e[0m\e[92m%s: CISS.debian.live.builder Debug Log \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)"
- printf "\e[97m+\e[0m\e[92m%s: Version : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${VAR_VERSION}"
- printf "\e[97m+\e[0m\e[92m%s: Epoch : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${EPOCHREALTIME}"
- printf "\e[97m+\e[0m\e[92m%s: Bash MAJ Release : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${BASH_VERSINFO[0]}"
- printf "\e[97m+\e[0m\e[92m%s: Bash MIN Version : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${BASH_VERSINFO[1]}"
- printf "\e[97m+\e[0m\e[92m%s: Bash Patch Level : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${BASH_VERSINFO[2]}"
- printf "\e[97m+\e[0m\e[92m%s: Bash Build Version : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${BASH_VERSINFO[3]}"
- printf "\e[97m+\e[0m\e[92m%s: Bash Release : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${BASH_VERSINFO[4]}"
- printf "\e[97m+\e[0m\e[92m%s: UID : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${UID}"
- printf "\e[97m+\e[0m\e[92m%s: EUID : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${EUID}"
- printf "\e[97m+\e[0m\e[92m%s: Hostname : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${HOSTNAME}"
- printf "\e[97m+\e[0m\e[92m%s: Script name : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "$0"
- printf "\e[97m+\e[0m\e[92m%s: Argument Counter : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${arg_counter}"
- printf "\e[97m+\e[0m\e[92m%s: Argument String Original : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${arg_string}"
- printf "\e[97m+\e[0m\e[92m%s: Script PID : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "$$"
- printf "\e[97m+\e[0m\e[92m%s: Script Parent PID : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${PPID}"
- printf "\e[97m+\e[0m\e[92m%s: Script work DIR : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${PWD}"
- printf "\e[97m+\e[0m\e[92m%s: Shell Options : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "$-"
- printf "\e[97m+\e[0m\e[92m%s: BASHOPTS : %s \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)" "${BASHOPTS}"
- printf "\e[97m+\e[0m\e[92m%s: ==== Debug Log Begin ==== : \e[0m\n" "$(date +%Y-%m-%dT%H:%M:%S.%4N)"
+ printf "\e[97m+\e[0m\e[92m%s: CISS.debian.live.builder Debug Log \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
+ printf "\e[97m+\e[0m\e[92m%s: Git Commit : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${git_head}"
+ printf "\e[97m+\e[0m\e[92m%s: Version : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_VERSION}"
+ printf "\e[97m+\e[0m\e[92m%s: Epoch : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EPOCHREALTIME}"
+ printf "\e[97m+\e[0m\e[92m%s: Bash MAJ Release : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[0]}"
+ printf "\e[97m+\e[0m\e[92m%s: Bash MIN Version : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[1]}"
+ printf "\e[97m+\e[0m\e[92m%s: Bash Patch Level : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[2]}"
+ printf "\e[97m+\e[0m\e[92m%s: Bash Build Version : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[3]}"
+ printf "\e[97m+\e[0m\e[92m%s: Bash Release : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[4]}"
+ printf "\e[97m+\e[0m\e[92m%s: UID : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${UID}"
+ printf "\e[97m+\e[0m\e[92m%s: EUID : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EUID}"
+ printf "\e[97m+\e[0m\e[92m%s: Hostname : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${HOSTNAME}"
+ printf "\e[97m+\e[0m\e[92m%s: Script name : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$0"
+ printf "\e[97m+\e[0m\e[92m%s: Argument Counter : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${arg_counter}"
+ printf "\e[97m+\e[0m\e[92m%s: Argument String Original : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${arg_string}"
+ printf "\e[97m+\e[0m\e[92m%s: Script PID : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$$"
+ printf "\e[97m+\e[0m\e[92m%s: Script Parent PID : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${PPID}"
+ printf "\e[97m+\e[0m\e[92m%s: Script work DIR : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${PWD}"
+ printf "\e[97m+\e[0m\e[92m%s: Shell Options : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$-"
+ printf "\e[97m+\e[0m\e[92m%s: BASHOPTS : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASHOPTS}"
+ printf "\e[97m+\e[0m\e[92m%s: ==== Debug Log Begin ==== : \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
} >&42
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
diff --git a/lib/lib_trap_on_exit.sh b/lib/lib_trap_on_exit.sh
index 1a5aa32..df887bc 100644
--- a/lib/lib_trap_on_exit.sh
+++ b/lib/lib_trap_on_exit.sh
@@ -18,20 +18,20 @@
# $1: $?
#######################################
trap_on_exit() {
- declare -r trap_on_exit_code="$1"
+ declare -r var_trap_on_exit_code="$1"
trap - EXIT
- if (( trap_on_exit_code == 0 )); then
+ if (( var_trap_on_exit_code == 0 )); then
if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
- clean_up "${trap_on_exit_code}"
- print_scr_exit "${trap_on_exit_code}"
- exit 0
+ clean_up "${var_trap_on_exit_code}"
+ print_scr_exit "${var_trap_on_exit_code}"
+ exit "${var_trap_on_exit_code}"
else
- exit "${trap_on_exit_code}"
+ exit "${var_trap_on_exit_code}"
fi
}
#######################################
-# Print Success Message for Trap on 'EXIT' on 'stdout'
+# Print Success Message for Trap on 'EXIT' on 'stdout'.
# Globals:
# LOG_DEBUG
# LOG_VAR
@@ -40,16 +40,16 @@ trap_on_exit() {
# VAR_HANDLER_BUILD_DIR
# VAR_SCRIPT_SUCCESS
# Arguments:
-# $1: ${trap_on_exit_code} of trap_on_exit()
+# $1: ${var_trap_on_exit_code} of trap_on_exit()
#######################################
print_scr_exit() {
- declare -r print_scr_exit_code="$1"
- if (( print_scr_exit_code == 0 )); then
+ declare -r var_print_scr_exit_code="$1"
+ if (( var_print_scr_exit_code == 0 )); then
if [[ "${VAR_SCRIPT_SUCCESS}" == "true" ]]; then
printf "\n"
printf "\e[92mโ
CISS.debian.live.builder Script successful. \e[0m\n"
printf "\e[92mโ
Aide Initial DB at: %s \e[0m\n" "${VAR_HANDLER_BUILD_DIR}/.integrity/"
- printf "\e[92mโ
Exited with Status: %s \e[0m\n" "${print_scr_exit_code}"
+ printf "\e[92mโ
Exited with Status: %s \e[0m\n" "${var_print_scr_exit_code}"
printf "\n"
if [[ "${VAR_EARLY_DEBUG}" == "true" ]]; then
printf "\e[92mโ
Script Runtime : %s \e[0m\n" "${SECONDS}"
diff --git a/lib/lib_usage.sh b/lib/lib_usage.sh
index 4e36171..17afc40 100644
--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -21,7 +21,7 @@ usage() {
clear
cat << EOF
$(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.768.2025.06.19\e[0m")
+$(echo -e "\e[92mMaster V8.03.768.2025.06.23\e[0m")
$(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
$(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
diff --git a/scripts/9000-cdi-starter b/scripts/9000-cdi-starter
index 7b65e7f..3d20119 100644
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐งช '%s' starting ... \e[0m\n" "
# sleep 1
[[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.03.768.2025.06.19 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.03.768.2025.06.23 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh