V8.03.768.2025.06.23
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
### Version Master V8.03.768.2025.06.19
|
||||
### Version Master V8.03.768.2025.06.23
|
||||
|
||||
### https://www.ssh-audit.com/
|
||||
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
### Version Master V8.03.768.2025.06.19
|
||||
### Version Master V8.03.768.2025.06.23
|
||||
|
||||
### https://docs.kernel.org/
|
||||
### https://github.com/a13xp0p0v/kernel-hardening-checker/
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
declare -gr VERSION="Master V8.03.768.2025.06.19"
|
||||
declare -gr VERSION="Master V8.03.768.2025.06.23"
|
||||
|
||||
### VERY EARLY CHECK FOR DEBUGGING
|
||||
if [[ $* == *" --debug "* ]]; then
|
||||
|
||||
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
|
||||
|
||||
# Please consider donating to my work at: https://coresecret.eu/spenden/
|
||||
###########################################################################################
|
||||
# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.19 at: 10:18:37.9542
|
||||
# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.23 at: 10:18:37.9542
|
||||
|
||||
@@ -149,13 +149,16 @@ genpasswdhash() {
|
||||
mkpasswd --method=sha-512 --salt="${salt}" --rounds=8388608
|
||||
}
|
||||
|
||||
###########################################################################################
|
||||
# Globals: Wrapper for secure curl
|
||||
#######################################
|
||||
# Wrapper for secure curl
|
||||
# Arguments:
|
||||
# $1: URL from which to download a specific file
|
||||
# $2: /path/to/file to be saved to
|
||||
###########################################################################################
|
||||
# shellcheck disable=SC2317
|
||||
# Returns:
|
||||
# 0: Download successful
|
||||
# 1: Usage error
|
||||
# 2: Download failure
|
||||
#######################################
|
||||
scurl() {
|
||||
if [[ $# -ne 2 ]]; then
|
||||
printf "\e[91m❌ Error: Usage: scurl <URL> <path/to/file>.\e[0m\n" >&2
|
||||
@@ -176,13 +179,16 @@ scurl() {
|
||||
return 0
|
||||
}
|
||||
|
||||
###########################################################################################
|
||||
# Globals: Wrapper for secure wget
|
||||
#######################################
|
||||
# Wrapper for secure wget
|
||||
# Arguments:
|
||||
# $1: URL from which to download a specific file
|
||||
# $2: /path/to/file to be saved to
|
||||
###########################################################################################
|
||||
# shellcheck disable=SC2317
|
||||
# Returns:
|
||||
# 0: Download successful
|
||||
# 1: Usage error
|
||||
# 2: Download failure
|
||||
#######################################
|
||||
swget() {
|
||||
if [[ $# -ne 2 ]]; then
|
||||
printf "\e[91m❌ Error: Usage: swget <URL> <path/to/file>.\e[0m\n" >&2
|
||||
@@ -204,26 +210,24 @@ swget() {
|
||||
return 0
|
||||
}
|
||||
|
||||
###########################################################################################
|
||||
# Globals: Wrapper for loading CISS.2025 hardened Kernel Parameters
|
||||
#######################################
|
||||
# Wrapper for loading CISS.2025 hardened Kernel Parameters
|
||||
# Arguments:
|
||||
# none
|
||||
###########################################################################################
|
||||
# shellcheck disable=SC2317
|
||||
# None
|
||||
#######################################
|
||||
sysp() {
|
||||
sysctl -p /etc/sysctl.d/99_local.hardened
|
||||
# sleep 1
|
||||
sysctl -a | grep -E 'kernel|vm|net' > /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log
|
||||
}
|
||||
|
||||
###########################################################################################
|
||||
# Globals: Wrapper for tree
|
||||
#######################################
|
||||
# Wrapper for tree
|
||||
# Arguments:
|
||||
# $1: Depth of Directory Listing
|
||||
###########################################################################################
|
||||
# shellcheck disable=SC2317
|
||||
#######################################
|
||||
trel() {
|
||||
declare depth=${1:-3}
|
||||
tree -C -h --dirsfirst -L "${depth}"
|
||||
declare depth=${1:-3}
|
||||
tree -C -h --dirsfirst -L "${depth}"
|
||||
}
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
|
||||
@@ -21,6 +21,7 @@ bc
|
||||
bind9-dnsutils
|
||||
bsdmainutils
|
||||
btrfs-progs
|
||||
bzip2
|
||||
ca-certificates
|
||||
clamav
|
||||
clamav-daemon
|
||||
@@ -42,9 +43,11 @@ dirmngr
|
||||
dmsetup
|
||||
dnsviz
|
||||
dosfstools
|
||||
e2fsprogs
|
||||
efibootmgr
|
||||
expect
|
||||
fail2ban
|
||||
fdisk
|
||||
figlet
|
||||
fzf
|
||||
gawk
|
||||
@@ -79,6 +82,7 @@ man
|
||||
man-db
|
||||
manpages
|
||||
manpages-dev
|
||||
mdadm
|
||||
mtr
|
||||
nano
|
||||
ncat
|
||||
@@ -110,11 +114,13 @@ ssl-cert
|
||||
sudo
|
||||
sysstat
|
||||
systemd-sysv
|
||||
tar
|
||||
tree
|
||||
tshark
|
||||
ufw
|
||||
unattended-upgrades
|
||||
unzip
|
||||
util-linux
|
||||
virt-what
|
||||
wamerican
|
||||
wbritish
|
||||
@@ -122,6 +128,9 @@ wfrench
|
||||
wget
|
||||
whois
|
||||
wngerman
|
||||
xfsprogs
|
||||
xz-utils
|
||||
yq
|
||||
zip
|
||||
zsh
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
Reference in New Issue
Block a user