DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci]

X-CI-Metadata: master@4f7131c at 2025-06-24T22:34:39Z on 56dbb041e6a3 Generated at : 2025-06-24T22:34:39Z Runner Host : 56dbb041e6a3 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : 4f7131c HEAD -> master
DEPLOY BOT : 🛡️ Shell Script Linting [skip ci]
2025-06-24 22:34:39 +00:00 · 2025-06-24 21:45:55 +00:00 · 2025-06-24 23:44:04 +02:00 · 2025-06-24 20:29:03 +00:00 · 2025-06-24 22:27:16 +02:00 · 2025-06-24 20:24:22 +00:00
75 changed files with 320 additions and 444 deletions
--- a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
+++ b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
@@ -25,7 +25,7 @@ body:
    attributes:
      label: "Version"
      description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
-      placeholder: "e.g., Master V8.03.768.2025.06.23"
+      placeholder: "e.g., Master V8.03.832.2025.06.24"
    validations:
      required: true

--- a/.gitea/TODO/dockerfile
+++ b/.gitea/TODO/dockerfile
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.832.2025.06.24

 FROM debian:bookworm

--- a/.gitea/TODO/render-md-to-html.yaml
+++ b/.gitea/TODO/render-md-to-html.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.832.2025.06.24

 name: 🔁 Render README.md to README.html.

--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
@@ -10,6 +10,6 @@
 # SPDX-Security-Contact: security@coresecret.eu

 build:
-  counter: 1023
-  version: V8.03.768.2025.06.23
+  counter: 1024
+  version: V8.03.832.2025.06.24
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
@@ -11,5 +11,5 @@

 build:
  counter: 1023
-  version: V8.03.768.2025.06.23
+  version: V8.03.832.2025.06.24
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PUBLIC.yaml
+++ b/.gitea/trigger/t_generate_PUBLIC.yaml
@@ -11,5 +11,5 @@

 build:
  counter: 1023
-  version: V8.03.768.2025.06.23
+  version: V8.03.832.2025.06.24
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@

 build:
  counter: 1023
-  version: V8.03.768.2025.06.23
+  version: V8.03.832.2025.06.24
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.768.2025.06.22
+### Version Master V8.03.832.2025.06.24

 name: 🔐 Generating a Private Live ISO FLV 0.

--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.768.2025.06.22
+### Version Master V8.03.832.2025.06.24

 name: 🔐 Generating a Private Live ISO FLV 1.

--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.768.2025.06.22
+### Version Master V8.03.832.2025.06.24

 name: 💙 Generating a PUBLIC Live ISO.

--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.832.2025.06.24

 # Gitea Workflow: Shell-Script Linting
 #
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.832.2025.06.24

 name: 🛡️ Retrieve DNSSEC status of coresecret.dev.

--- a/.gitea/workflows/render-dot-to-png.yaml
+++ b/.gitea/workflows/render-dot-to-png.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.832.2025.06.24

 name: 🔁 Render Graphviz Diagrams.

--- a/.version.properties
+++ b/.version.properties
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
 properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
 properties_SPDX-PackageName="CISS.debian.live.builder"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.03.768.2025.06.23"
+properties_version="V8.03.832.2025.06.24"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
 Created: 2025-05-07T12:00:00Z
 Package: CISS.debian.live.builder
 PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.03.768.2025.06.23
+PackageVersion: Master V8.03.832.2025.06.24
 PackageSupplier: Organization: Centurion Intelligence Consulting Agency
 PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
 PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
--- a/LINTER_RESULTS.txt
+++ b/LINTER_RESULTS.txt
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-This file was automatically generated by the DEPLOY BOT on: "2025-06-23T06:21:19Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-06-24T21:45:52Z".

 ✅ The last linter check was successful. ✅

--- a/LIVE_ISO_FLV_0.private
+++ b/LIVE_ISO_FLV_0.private
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-This file was automatically generated by the DEPLOY BOT on: "2025-06-23T07:15:07Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-06-24T19:21:36Z".

 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_06_23T06_28_42Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_06_24T18_36_59Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  e0ec5e6be762858378a7eab74634676b1dd431f1cec9f3ecd57778249da4694af2df40dd5adb546360e69ddbad1379200031558ca580f55d9e8c242edb193e2f
+  3ca5a9635ef74a48f6d8f31696ec56e56ee95eff5317df95976e22d31e331bc503422602e24a9eaddfc30212acf6ebe96af51e94298c4c7c49c839c62abb6c2f
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----

-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFj++wAKCRA85KY4hzOw
-IXOYAP9FahdpIrwvHpEAddsem7UDdtO/zOzzDzx+TuycmdFttQEA20BgLvFLCiDr
-2zYSWBFHsEnlOrMoqUmjwDH/rjV6wAs=
-=cssu
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFr6wAAKCRA85KY4hzOw
+IbgHAP4p9jlF9jZkYIw/0H8j07QUWNHxeUz2r2UXp8aN2gUEBwEAxqbznJhH8li8
+40g5sWwGLmBjlidIOe0NxeMUBkuMlQg=
+=gq5w
 -----END PGP SIGNATURE-----

 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/LIVE_ISO_FLV_1.private
+++ b/LIVE_ISO_FLV_1.private
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-This file was automatically generated by the DEPLOY BOT on: "2025-06-23T08:10:36Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-06-24T22:34:36Z".

 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_06_23T07_24_33Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_06_24T21_53_22Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  70fc1bcdcf3362278f77344c5c6cf5c682362afaf22e4013026f87d3279a044bcebd830b0958bdfb9c080f06d1f873a61a30ca5e56787d41668c9b758a964ad7
+  581d951c8ab4d8e7afd2d727f8e64bd6fff51d005b84b9800e941da8dae654985bae500e056f02729d6b274ba330dfdbec59fd5ec2c8b18c3bbf37433b73c154
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----

-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFkL/AAKCRA85KY4hzOw
-ISe+AQC8m7ZFFP9zYtSae/IjpJy4XtDsnuO4ager49y7BDx38gEAllfQHZiMxelr
-qryf1KI+nXUj2EgKtk0vy9SDI6H1KgY=
-=NdC5
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFsn/AAKCRA85KY4hzOw
+IUvMAP9P1U6lblhdZ9tSROvYXRXcv0IEg2rVo3fMx9T5fozLewEAgxxo0+J1Nlvu
+KVZOdiuc6xdxkBHWYaA2kSXZKI+qAwA=
+=2H0C
 -----END PGP SIGNATURE-----

 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.768.2025.06.23-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.832.2025.06.24-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -11,8 +11,8 @@ include_toc: true
 [![Static Badge](https://badges.coresecret.dev/badge/shellformat-passed-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=shellformat&color=%234285F4)](https://github.com/mvdan/sh) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=Shellstyle&color=%234285F4)](https://google.github.io/styleguide/shellguide.html)
 &nbsp;
-[![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.23.8-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp;
-[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.2-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
+[![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.24.2-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp;
+[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.3-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&logo=keepassxc&logoColor=white&logoSize=auto&label=KeePassXC&color=%236CAC4D)](https://keepassxc.org/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&logo=netcup&logoColor=white&logoSize=auto&label=powered&color=%23056473)](https://www.netcup.com/de) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=powered&color=%230F243E)](https://coresecret.eu/) &nbsp;
@@ -26,7 +26,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -142,7 +142,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-

 This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.

-Example: `V8.03.768.2025.06.23`
+Example: `V8.03.832.2025.06.24`

 `x.y.z` represents major (x), minor (y), and patch (z) version increments.

--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -40,23 +40,20 @@
 [[ ${#} -eq 0 ]] && {
  . ./lib/lib_usage.sh; usage; exit 1; }

-declare -gx VAR_CONTACT="security@coresecret.eu"
-declare -gx VAR_VERSION="Master V8.03.768.2025.06.23"
+### SOURCING MUST SET EARLY VARIABLES, GUARD_SOURCING(), CHECK_GIT()
+. ./var/early.var.sh
+. ./lib/lib_guard_sourcing.sh
+. ./lib/lib_git_var.sh

-### CHECK FOR CONTACT, HELP, AND VERSION STRING
+### CHECK FOR CONTACT, HELP, VERSION STRING, AND XTRACE DEBUG
 for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -h|--help)    . ./lib/lib_usage.sh; usage; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -v|--version) printf "\e[95mCISS.debian.live.builder Version: %s\e[0m\n" "${VAR_VERSION}"; exit 0;; esac; done
-declare -gx VAR_SETUP="true"

-### CHECK FOR XTRACE DEBUG
-if [[ $* == *" --debug "* ]]; then
-  . ./lib/lib_debug.sh
-  . ./lib/lib_debug_header.sh
-  debugger "${@}"
-else
-  declare -gx VAR_EARLY_DEBUG="false"
-fi
+### ALL CHECKS DONE. READY TO START THE SCRIPT
+check_git
+for arg in "$@"; do case "${arg,,}" in -d|--debug)   . ./meta_sources_debug.sh; debugger "${@}";; esac; done
+declare -gx VAR_SETUP="true"

 ### SOURCING VARIABLES
 [[ "${VAR_SETUP}" == true ]] && {
@@ -109,9 +106,7 @@ if ! flock -x -n 127; then
 fi

 ### CHECK FOR AUTOBUILD MODE
-declare -gx VAR_HANDLER_AUTOBUILD="false"
-for arg in "$@"; do case "${arg,,}" in -a=*|--autobuild=*) declare -gx VAR_HANDLER_AUTOBUILD="true"; declare -gx VAR_KERNEL="${arg#*=}";; esac; done
-unset arg
+for arg in "$@"; do case "${arg,,}" in -a=*|--autobuild=*) declare -gx VAR_HANDLER_AUTOBUILD="true"; declare -gx VAR_KERNEL="${arg#*=}";; esac; done; unset arg
 for dir in /usr/local/sbin /usr/sbin; do case ":${PATH}:" in *":${dir}:"*) ;; *) PATH="${PATH}:${dir}" ;; esac; done; export PATH; unset dir

 ### CHECKING REQUIRED PACKAGES
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.832.2025.06.24

 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.832.2025.06.24

 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-declare -gr VERSION="Master V8.03.768.2025.06.23"
+declare -gr VERSION="Master V8.03.832.2025.06.24"

 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh

 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.23 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.03.832.2025.06.24 at: 10:18:37.9542
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. DNSSEC Status

--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. Haveged Audit on Netcup RS 2000 G11

--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. Lynis Audit:

--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. SSH Audit by ssh-audit.com

--- a/docs/AUDIT_TLS.md
+++ b/docs/AUDIT_TLS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. TLS Audit:

@@ -26,313 +26,7 @@ include_toc: true
  Using OpenSSL 1.0.2-bad (Mar 28 2025)  [~179 ciphers]
  on kali:./bin/openssl.Linux.x86_64

- Start 2025-06-23 06:37:04        -->> 135.181.207.105:443 (dns01.eddns.eu) <<--
-
- Further IP addresses:   2a01:4f9:c012:a813:135:181:207:105
- rDNS (135.181.207.105): dns01.eddns.eu.
- Service detected:       HTTP
-
- Testing protocols via sockets except NPN+ALPN
-
- SSLv2      not offered (OK)
- SSLv3      not offered (OK)
- TLS 1      not offered
- TLS 1.1    not offered
- TLS 1.2    offered (OK)
- TLS 1.3    offered (OK): final
- NPN/SPDY   not offered
- ALPN/HTTP2 h2, http/1.1 (offered)
-
- Testing for server implementation bugs
-
- No bugs found.
-
- Testing cipher categories
-
- NULL ciphers (no encryption)                      not offered (OK)
- Anonymous NULL Ciphers (no authentication)        not offered (OK)
- Export ciphers (w/o ADH+NULL)                     not offered (OK)
- LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export)      not offered (OK)
- Triple DES Ciphers / IDEA                         not offered
- Obsoleted CBC ciphers (AES, ARIA etc.)            not offered
- Strong encryption (AEAD ciphers) with no FS       not offered
- Forward Secrecy strong encryption (AEAD ciphers)  offered (OK)
-
-
- Testing server's cipher preferences
-
-Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
-SSLv2
- -
-SSLv3
- -
-TLSv1
- -
-TLSv1.1
- -
-TLSv1.2 (server order)
- xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 448   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 448   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-TLSv1.3 (server order)
- x1302   TLS_AES_256_GCM_SHA384            ECDH 448   AESGCM      256      TLS_AES_256_GCM_SHA384
- x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 448   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
-
- Has server cipher order?     yes (OK) -- TLS 1.3 and below
-
-
- Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
-
- FS is offered (OK) , ciphers follow (client/browser support is important here)
-
-Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
- x1302   TLS_AES_256_GCM_SHA384            ECDH 448   AESGCM      256      TLS_AES_256_GCM_SHA384                             available
- x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 448   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       available
- xcc14   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD  not a/v
- xcc13   ECDHE-RSA-CHACHA20-POLY1305-OLD   ECDH       ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD    not a/v
- xcc15   DHE-RSA-CHACHA20-POLY1305-OLD     DH         ChaCha20    256      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD      not a/v
- xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 521   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              available
- xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH       AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            not a/v
- xc028   ECDHE-RSA-AES256-SHA384           ECDH       AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              not a/v
- xc024   ECDHE-ECDSA-AES256-SHA384         ECDH       AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384            not a/v
- xc014   ECDHE-RSA-AES256-SHA              ECDH       AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 not a/v
- xc00a   ECDHE-ECDSA-AES256-SHA            ECDH       AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA               not a/v
- xa3     DHE-DSS-AES256-GCM-SHA384         DH         AESGCM      256      TLS_DHE_DSS_WITH_AES_256_GCM_SHA384                not a/v
- x9f     DHE-RSA-AES256-GCM-SHA384         DH         AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                not a/v
- xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      not a/v
- xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 448   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256        available
- xccaa   DHE-RSA-CHACHA20-POLY1305         DH         ChaCha20    256      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256          not a/v
- xc0af   ECDHE-ECDSA-AES256-CCM8           ECDH       AESCCM8     256      TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8                 not a/v
- xc0ad   ECDHE-ECDSA-AES256-CCM            ECDH       AESCCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_CCM                   not a/v
- xc0a3   DHE-RSA-AES256-CCM8               DH         AESCCM8     256      TLS_DHE_RSA_WITH_AES_256_CCM_8                     not a/v
- xc09f   DHE-RSA-AES256-CCM                DH         AESCCM      256      TLS_DHE_RSA_WITH_AES_256_CCM                       not a/v
- x6b     DHE-RSA-AES256-SHA256             DH         AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                not a/v
- x6a     DHE-DSS-AES256-SHA256             DH         AES         256      TLS_DHE_DSS_WITH_AES_256_CBC_SHA256                not a/v
- x39     DHE-RSA-AES256-SHA                DH         AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   not a/v
- x38     DHE-DSS-AES256-SHA                DH         AES         256      TLS_DHE_DSS_WITH_AES_256_CBC_SHA                   not a/v
- xc077   ECDHE-RSA-CAMELLIA256-SHA384      ECDH       Camellia    256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384         not a/v
- xc073   ECDHE-ECDSA-CAMELLIA256-SHA384    ECDH       Camellia    256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384       not a/v
- xc4     DHE-RSA-CAMELLIA256-SHA256        DH         Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256           not a/v
- xc3     DHE-DSS-CAMELLIA256-SHA256        DH         Camellia    256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256           not a/v
- x88     DHE-RSA-CAMELLIA256-SHA           DH         Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              not a/v
- x87     DHE-DSS-CAMELLIA256-SHA           DH         Camellia    256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA              not a/v
- xc043   DHE-DSS-ARIA256-CBC-SHA384        DH         ARIA        256      TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384               not a/v
- xc045   DHE-RSA-ARIA256-CBC-SHA384        DH         ARIA        256      TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384               not a/v
- xc049   ECDHE-ECDSA-ARIA256-CBC-SHA384    ECDH       ARIA        256      TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384           not a/v
- xc04d   ECDHE-RSA-ARIA256-CBC-SHA384      ECDH       ARIA        256      TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384             not a/v
- xc053   DHE-RSA-ARIA256-GCM-SHA384        DH         ARIAGCM     256      TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384               not a/v
- xc057   DHE-DSS-ARIA256-GCM-SHA384        DH         ARIAGCM     256      TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384               not a/v
- xc05d   ECDHE-ECDSA-ARIA256-GCM-SHA384    ECDH       ARIAGCM     256      TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384           not a/v
- xc061   ECDHE-ARIA256-GCM-SHA384          ECDH       ARIAGCM     256      TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384             not a/v
- xc07d   -                                 DH         CamelliaGCM 256      TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384           not a/v
- xc081   -                                 DH         CamelliaGCM 256      TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384           not a/v
- xc087   -                                 ECDH       CamelliaGCM 256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384       not a/v
- xc08b   -                                 ECDH       CamelliaGCM 256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384         not a/v
- x1301   TLS_AES_128_GCM_SHA256            any        AESGCM      128      TLS_AES_128_GCM_SHA256                             not a/v
- x1304   TLS_AES_128_CCM_SHA256            any        AESCCM      128      TLS_AES_128_CCM_SHA256                             not a/v
- x1305   TLS_AES_128_CCM_8_SHA256          any        AESCCM8     128      TLS_AES_128_CCM_8_SHA256                           not a/v
- xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH       AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              not a/v
- xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH       AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            not a/v
- xc027   ECDHE-RSA-AES128-SHA256           ECDH       AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256              not a/v
- xc023   ECDHE-ECDSA-AES128-SHA256         ECDH       AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256            not a/v
- xc013   ECDHE-RSA-AES128-SHA              ECDH       AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 not a/v
- xc009   ECDHE-ECDSA-AES128-SHA            ECDH       AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA               not a/v
- xa2     DHE-DSS-AES128-GCM-SHA256         DH         AESGCM      128      TLS_DHE_DSS_WITH_AES_128_GCM_SHA256                not a/v
- x9e     DHE-RSA-AES128-GCM-SHA256         DH         AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                not a/v
- xc0ae   ECDHE-ECDSA-AES128-CCM8           ECDH       AESCCM8     128      TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8                 not a/v
- xc0ac   ECDHE-ECDSA-AES128-CCM            ECDH       AESCCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_CCM                   not a/v
- xc0a2   DHE-RSA-AES128-CCM8               DH         AESCCM8     128      TLS_DHE_RSA_WITH_AES_128_CCM_8                     not a/v
- xc09e   DHE-RSA-AES128-CCM                DH         AESCCM      128      TLS_DHE_RSA_WITH_AES_128_CCM                       not a/v
- x67     DHE-RSA-AES128-SHA256             DH         AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256                not a/v
- x40     DHE-DSS-AES128-SHA256             DH         AES         128      TLS_DHE_DSS_WITH_AES_128_CBC_SHA256                not a/v
- x33     DHE-RSA-AES128-SHA                DH         AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   not a/v
- x32     DHE-DSS-AES128-SHA                DH         AES         128      TLS_DHE_DSS_WITH_AES_128_CBC_SHA                   not a/v
- xc076   ECDHE-RSA-CAMELLIA128-SHA256      ECDH       Camellia    128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256         not a/v
- xc072   ECDHE-ECDSA-CAMELLIA128-SHA256    ECDH       Camellia    128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256       not a/v
- xbe     DHE-RSA-CAMELLIA128-SHA256        DH         Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256           not a/v
- xbd     DHE-DSS-CAMELLIA128-SHA256        DH         Camellia    128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256           not a/v
- x9a     DHE-RSA-SEED-SHA                  DH         SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA                      not a/v
- x99     DHE-DSS-SEED-SHA                  DH         SEED        128      TLS_DHE_DSS_WITH_SEED_CBC_SHA                      not a/v
- x45     DHE-RSA-CAMELLIA128-SHA           DH         Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              not a/v
- x44     DHE-DSS-CAMELLIA128-SHA           DH         Camellia    128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA              not a/v
- xc042   DHE-DSS-ARIA128-CBC-SHA256        DH         ARIA        128      TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256               not a/v
- xc044   DHE-RSA-ARIA128-CBC-SHA256        DH         ARIA        128      TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256               not a/v
- xc048   ECDHE-ECDSA-ARIA128-CBC-SHA256    ECDH       ARIA        128      TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256           not a/v
- xc04c   ECDHE-RSA-ARIA128-CBC-SHA256      ECDH       ARIA        128      TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256             not a/v
- xc052   DHE-RSA-ARIA128-GCM-SHA256        DH         ARIAGCM     128      TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256               not a/v
- xc056   DHE-DSS-ARIA128-GCM-SHA256        DH         ARIAGCM     128      TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256               not a/v
- xc05c   ECDHE-ECDSA-ARIA128-GCM-SHA256    ECDH       ARIAGCM     128      TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256           not a/v
- xc060   ECDHE-ARIA128-GCM-SHA256          ECDH       ARIAGCM     128      TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256             not a/v
- xc07c   -                                 DH         CamelliaGCM 128      TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256           not a/v
- xc080   -                                 DH         CamelliaGCM 128      TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256           not a/v
- xc086   -                                 ECDH       CamelliaGCM 128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256       not a/v
- xc08a   -                                 ECDH       CamelliaGCM 128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256         not a/v
-
- Elliptic curves offered:     secp384r1 secp521r1 X448
- TLS 1.2 sig_algs offered:    RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224
- TLS 1.3 sig_algs offered:    RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512
-
- Testing server defaults (Server Hello)
-
- TLS extensions (standard)    "server name/#0" "max fragment length/#1" "status request/#5" "supported_groups/#10" "EC point formats/#11"
-                              "application layer protocol negotiation/#16" "extended master secret/#23" "supported versions/#43" "key share/#51"
-                              "renegotiation info/#65281"
- Session Ticket RFC 5077 hint no -- no lifetime advertised
- SSL Session ID support       yes
- Session Resumption           Tickets no, ID: yes
- TLS clock skew               Random values, no fingerprinting possible
- Certificate Compression      none
- Client Authentication        none
- Signature Algorithm          SHA384 with RSA
- Server key size              RSA 4096 bits (exponent is 262147)
- Server key usage             Digital Signature, Key Encipherment
- Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
- Serial                       A39CFE0064280D467269C012636F9EE8 (OK: length 16)
- Fingerprints                 SHA1 9E19BE00A07E50CC5DB94A51419D431E845F810A
-                              SHA256 92D01842FB6275890EF74AAD742990EFD76ABA0604203B327F3270E805B6F356
- Common Name (CN)             eddns.eu
- subjectAltName (SAN)         eddns.eu dns01.eddns.eu dns02.eddns.de dns03.eddns.eu eddns.de
- Trust (hostname)             Ok via SAN (same w/o SNI)
- Chain of trust               Ok
- EV cert (experimental)       no
- Certificate Validity (UTC)   358 >= 60 days (2025-06-16 00:00 --> 2026-06-16 23:59)
- ETS/"eTLS", visibility info  not present
- In pwnedkeys.com DB          not in database
- Certificate Revocation List  --
- OCSP URI                     http://zerossl.ocsp.sectigo.com, not revoked
- OCSP stapling                offered, not revoked
- OCSP must staple extension   supported
- DNS CAA RR (experimental)    available - please check for match with "Issuer" below
-                              communications=error, iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl,
-                              issue=letsencrypt.org;, issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
-                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
-                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=;
- Certificate Transparency     yes (certificate extension)
- Certificates provided        2
- Issuer                       ZeroSSL RSA Domain Secure Site CA (ZeroSSL from AT)
- Intermediate cert validity   #1: ok > 40 days (2030-01-29 23:59). ZeroSSL RSA Domain Secure Site CA <-- USERTrust RSA Certification Authority
- Intermediate Bad OCSP (exp.) Ok
-
-
- Testing HTTP header response @ "/"
-
- HTTP Status Code             200 OK
- HTTP clock skew              0 sec from localtime
- Strict Transport Security    730 days=63072000 s, includeSubDomains, preload
- Public Key Pinning           --
- Server banner                nginx
- Application banner           --
- Cookie(s)                    (none issued at "/")
- Security headers             X-Frame-Options: SAMEORIGIN
-                              X-Content-Type-Options: nosniff
-                              Expect-CT: max-age=86400, enforce
-                              Permissions-Policy: interest-cohort=()
-                              Cross-Origin-Opener-Policy: same-origin
-                              Cross-Origin-Resource-Policy: cross-origin
-                              Cross-Origin-Embedder-Policy: credentialless
-                              X-XSS-Protection: 1; mode=block
-                              Access-Control-Allow-Origin: https://dns01.eddns.eu
-                              Permissions-Policy: interest-cohort=()
-                              Referrer-Policy: same-origin
-                              Cache-Control: no-cache
- Reverse Proxy banner         --
-
-
- Testing vulnerabilities
-
- Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
- CCS (CVE-2014-0224)                       not vulnerable (OK)
- Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), no session ticket extension
- ROBOT                                     Server does not support any cipher suites that use RSA key transport
- Secure Renegotiation (RFC 5746)           supported (OK)
- Secure Client-Initiated Renegotiation     not vulnerable (OK)
- CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
- BREACH (CVE-2013-3587)                    no gzip/deflate/compress/br HTTP compression (OK)  - only supplied "/" tested
- POODLE, SSL (CVE-2014-3566)               not vulnerable (OK), no SSLv3 support
- TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible (OK), no protocol below TLS 1.2 offered
- SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
- FREAK (CVE-2015-0204)                     not vulnerable (OK)
- DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
-                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
-                                           https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=92D01842FB6275890EF74AAD742990EFD76ABA0604203B327F3270E805B6F356
- LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
- BEAST (CVE-2011-3389)                     not vulnerable (OK), no SSL3 or TLS1
- LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
- Winshock (CVE-2014-6321), experimental    not vulnerable (OK)
- RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
-
-
- Running client simulations (HTTP) via sockets
-
- Browser                      Protocol  Cipher Suite Name (OpenSSL)       Forward Secrecy
------------------------------------------------------------------------------------------------
- Android 7.0 (native)         No connection
- Android 8.1 (native)         TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       384 bit ECDH (P-384)
- Android 9.0 (native)         TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
- Android 10.0 (native)        TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
- Android 11/12 (native)       TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
- Android 13/14 (native)       TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
- Android 15 (native)          TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
- Chrome 101 (Win 10)          TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
- Chromium 137 (Win 11)        TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
- Firefox 100 (Win 10)         TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
- Firefox 137 (Win 11)         TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
- IE 8 Win 7                   No connection
- IE 11 Win 7                  No connection
- IE 11 Win 8.1                No connection
- IE 11 Win Phone 8.1          No connection
- IE 11 Win 10                 TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       384 bit ECDH (P-384)
- Edge 15 Win 10               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       384 bit ECDH (P-384)
- Edge 101 Win 10 21H2         TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
- Edge 133 Win 11 23H2         TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
- Safari 18.4 (iOS 18.4)       TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
- Safari 15.4 (macOS 12.3.1)   TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
- Safari 18.4 (macOS 15.4)     TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
- Java 7u25                    No connection
- Java 8u442 (OpenJDK)         TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
- Java 11.0.2 (OpenJDK)        TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
- Java 17.0.3 (OpenJDK)        TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
- Java 21.0.6 (OpenJDK)        TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
- go 1.17.8                    TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
- LibreSSL 3.3.6 (macOS)       TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
- OpenSSL 1.0.2e               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       521 bit ECDH (P-521)
- OpenSSL 1.1.1d (Debian)      TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
- OpenSSL 3.0.15 (Debian)      TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
- OpenSSL 3.5.0 (git)          TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
- Apple Mail (16.0)            TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       521 bit ECDH (P-521)
- Thunderbird (91.9)           TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
-
-
- Rating (experimental)
-
- Rating specs (not complete)  SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
- Specification documentation  https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
- Protocol Support (weighted)  100 (30)
- Key Exchange     (weighted)  100 (30)
- Cipher Strength  (weighted)  100 (40)
- Final Score                  100
- Overall Grade                A+
-
- Done 2025-06-23 06:38:43 [ 102s] -->> 135.181.207.105:443 (dns01.eddns.eu) <<--
-
-
-25-06-23|root@kali.ed448.eu:/root/gitea/testssl.sh/>>1|~#> ./testssl.sh --show-each --wide --phone-out --full https://git.coresecret.dev/
-
-#####################################################################
-  testssl.sh version 3.2.1 from https://testssl.sh/
-  (81471c3 2025-06-15 09:48:31)
-
-  This program is free software. Distribution and modification under
-  GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
-
-  Please file bugs @ https://testssl.sh/bugs/
-#####################################################################
-
-  Using OpenSSL 1.0.2-bad (Mar 28 2025)  [~179 ciphers]
-  on kali:./bin/openssl.Linux.x86_64
-
- Start 2025-06-23 06:55:40        -->> 152.53.110.40:443 (git.coresecret.dev) <<--
+ Start 2025-06-23 17:58:48        -->> 152.53.110.40:443 (git.coresecret.dev) <<--

 Further IP addresses:   2a0a:4cc0:80:330f:152:53:110:40
 rDNS (152.53.110.40):   git.coresecret.dev.
@@ -510,8 +204,8 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 OCSP stapling                offered, not revoked
 OCSP must staple extension   --
 DNS CAA RR (experimental)    available - please check for match with "Issuer" below
-                              iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl, issue=letsencrypt.org;,
-                              issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
+                              communications=error, iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl,
+                              issue=letsencrypt.org;, issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=;
 Certificate Transparency     yes (certificate extension)
@@ -623,7 +317,7 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 Final Score                  100
 Overall Grade                A+

- Done 2025-06-23 06:57:01 [  86s] -->> 152.53.110.40:443 (git.coresecret.dev) <<--
+ Done 2025-06-23 18:00:16 [  99s] -->> 152.53.110.40:443 (git.coresecret.dev) <<--
 ````

 ---
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,13 +8,26 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. Changelog

-## V8.03.768.2025.06.22
+## V8.03.832.2025.06.24

-* Updated [lib_clean_up.sh](../lib/lib_clean_up.sh): Lock FD and Artifacts.
+* Updated:
+  * [lib_check_provider.sh](../lib/lib_check_provider.sh)
+  * [lib_debug_header.sh](../lib/lib_debug_header.sh)
+  * [lib_trap_on_err.sh](../lib/lib_trap_on_err.sh)
+* The Debian package ``bat`` will be installed to enable smooth log reading.
+
+## V8.03.768.2025.06.23
+
+* Updated [lib_clean_up.sh](../lib/lib_clean_up.sh): Removal of Lock FD and Artifacts.
+* Rearranged VARs sourcing: [early.var.sh](../var/early.var.sh)
+* Rearranged DEBUG XTRACE sourcing: [meta_sources_debug.sh](../meta_sources_debug.sh)
+* Added Git Repo specific VARs: [lib_debug_var_git.sh](../lib/lib_git_var.sh)
+* Added ``guard_sourcing()``: [lib_guard_sourcing.sh](../lib/lib_guard_sourcing.sh)
+  * to prevent the caller LIB-file from being sourced twice.

 ## V8.03.768.2025.06.19

--- a/docs/CNET.md
+++ b/docs/CNET.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. Centurion Net - Developer Branch Overview

--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. Coding Style

--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. Contributing / participating

--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. Credits

--- a/docs/DL_PUB_ISO.md
+++ b/docs/DL_PUB_ISO.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. Download the latest PUBLIC CISS.debian.live.ISO

--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2.1. Usage
 ````text
 CISS.debian.live.builder
-Master V8.03.768.2025.06.23
+Master V8.03.832.2025.06.24
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.

 (c) Marc S. Weidner, 2018 - 2025
@@ -133,7 +133,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
 # 2.2. Contact
 ````text
 CISS.debian.live.builder
-Master V8.03.768.2025.06.23
+Master V8.03.832.2025.06.24
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.

 (c) Marc S. Weidner, 2018 - 2025
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.832.2025.06.24<br>

 # 2. Resources

--- a/docs/SECURITY/coresecret.dev.png
+++ b/docs/SECURITY/coresecret.dev.png
--- a/lib/lib_arg_parser.sh
+++ b/lib/lib_arg_parser.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Argument Parser
 # Globals:
--- a/lib/lib_arg_priority_check.sh
+++ b/lib/lib_arg_priority_check.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Check and setup Script Priorities
 # Globals:
--- a/lib/lib_boot_screen.sh
+++ b/lib/lib_boot_screen.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Set up a gauge Dialog Wrapper.
 # Globals:
--- a/lib/lib_cdi.sh
+++ b/lib/lib_cdi.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # CISS.2025.debian.installer GRUB and Autostart Generator
 # Globals:
--- a/lib/lib_change_splash.sh
+++ b/lib/lib_change_splash.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Change Grub Boot Screen Splash
 # Globals:
--- a/lib/lib_check_dhcp.sh
+++ b/lib/lib_check_dhcp.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Check if hardened Centurion DNS servers are desired.
 # Globals:
--- a/lib/lib_check_hooks.sh
+++ b/lib/lib_check_hooks.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Check and apply 0755 Permissions on every ./config/hooks/live/*.chroot file
 # Globals:
--- a/lib/lib_check_kernel.sh
+++ b/lib/lib_check_kernel.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Kernel Image Selector
 # Globals:
--- a/lib/lib_check_pkgs.sh
+++ b/lib/lib_check_pkgs.sh
@@ -10,13 +10,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Check for required Deb Packages to run the script.
 # Arguments:
 #  None
 #######################################
 check_pkgs() {
-  apt-get update -y
+  apt-get update -y > /dev/null 2>&1
+
+  if [[ -z "$(command -v batcat || true)" ]]; then
+    apt-get install -y --no-install-recommends bat
+  fi

  if [[ -z "$(command -v lsb_release || true)" ]]; then
    apt-get install -y --no-install-recommends lsb-release
@@ -43,8 +49,7 @@ check_pkgs() {
  fi

  if [[ -z "$(command -v mkpasswd || true)" ]]; then
-    apt-get update -y
-    apt-get install --no-install-recommends whois -y
+    apt-get install -y --no-install-recommends whois
  fi
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_provider.sh
+++ b/lib/lib_check_provider.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Notes Textbox
 # Arguments:
@@ -17,8 +19,9 @@
 #######################################
 check_provider() {
  clear
-  cat << 'EOF' >| "${VAR_NOTES}"
-Build: Master V8.03.768.2025.06.23
+  cat << EOF >| "${VAR_NOTES}"
+Build  : ${VAR_VERSION}
+Commit : ${VAR_GIT_REL}

 Press 'EXIT' to continue with CISS.debian.live.builder.

--- a/lib/lib_check_stats.sh
+++ b/lib/lib_check_stats.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Check if analysis run is desired only.
 # Globals:
--- a/lib/lib_check_var.sh
+++ b/lib/lib_check_var.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Unbound Variable Check and call Trap on ERR
 # Globals:
--- a/lib/lib_clean_screen.sh
+++ b/lib/lib_clean_screen.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Terminal cleaner before Trap on Error
 # Arguments:
--- a/lib/lib_clean_up.sh
+++ b/lib/lib_clean_up.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Clean Up Wrapper on Trap on 'ERR' and 'EXIT'.
 # Globals:
--- a/lib/lib_contact.sh
+++ b/lib/lib_contact.sh
@@ -21,7 +21,7 @@ contact() {
  clear
  cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.768.2025.06.23\e[0m")
+$(echo -e "\e[92mMaster V8.03.832.2025.06.24\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")

 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
--- a/lib/lib_copy_integrity.sh
+++ b/lib/lib_copy_integrity.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Copy Initial ISO aide Database into Host System
 # Globals:
--- a/lib/lib_debug.sh
+++ b/lib/lib_debug.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Debugger Wrapper for xtrace to Debug Log
 # Globals:
@@ -34,13 +36,15 @@ debugger() {
      declare -p "${var}" 2>/dev/null
    done < <(compgen -v | grep -Ev '^(BASH|_).*')
  } | sort >| "${VAR_DUMP_VARS_INITIAL}"
-  declare -gx VAR_EARLY_DEBUG=true
+  declare -gx VAR_EARLY_DEBUG="true"
  ### Set a verbose PS4 prompt including timestamp, source, line, exit status, and function name
  declare -grx PS4='\e[97m+\e[0m\e[96m$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m '
  # shellcheck disable=SC2155
  declare -grx LOG_DEBUG="/tmp/ciss_live_builder_$$_debug.log"
-  ### Generates empty LOG_DEBUG
+  declare -grx LOG_VAR="/tmp/ciss_live_builder_$$_var.log"
+  ### Generates empty LOG_DEBUG and LOG_VAR
  touch "${LOG_DEBUG}" && chmod 0600 "${LOG_DEBUG}"
+  touch "${LOG_VAR}" && chmod 0600 "${LOG_VAR}"
  ### Open file descriptor 42 for writing to the debug log
  exec 42>| "${LOG_DEBUG}"
  ### Write Debug Log Header https://www.gnu.org/software/bash/manual/html_node/Bash-Variables
--- a/lib/lib_debug_header.sh
+++ b/lib/lib_debug_header.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Generates Debug Log Header
 # Globals:
@@ -30,11 +32,9 @@
 debug_header() {
  declare -r arg_counter="$1"
  declare -r arg_string="$2"
-  # shellcheck disable=SC2155
-  declare git_head=$(git rev-parse HEAD)
  {
    printf "\e[97m+\e[0m\e[92m%s: CISS.debian.live.builder Debug Log \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
-    printf "\e[97m+\e[0m\e[92m%s: Git Commit                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${git_head}"
+    printf "\e[97m+\e[0m\e[92m%s: Git Commit                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_GIT_REL}"
    printf "\e[97m+\e[0m\e[92m%s: Version                   : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_VERSION}"
    printf "\e[97m+\e[0m\e[92m%s: Epoch                     : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EPOCHREALTIME}"
    printf "\e[97m+\e[0m\e[92m%s: Bash MAJ Release          : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[0]}"
@@ -45,6 +45,7 @@ debug_header() {
    printf "\e[97m+\e[0m\e[92m%s: UID                       : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${UID}"
    printf "\e[97m+\e[0m\e[92m%s: EUID                      : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EUID}"
    printf "\e[97m+\e[0m\e[92m%s: Hostname                  : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${HOSTNAME}"
+    printf "\e[97m+\e[0m\e[92m%s: Hostsystem                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_SYSTEM}"
    printf "\e[97m+\e[0m\e[92m%s: Script name               : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$0"
    printf "\e[97m+\e[0m\e[92m%s: Argument Counter          : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${arg_counter}"
    printf "\e[97m+\e[0m\e[92m%s: Argument String Original  : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${arg_string}"
@@ -53,6 +54,7 @@ debug_header() {
    printf "\e[97m+\e[0m\e[92m%s: Script work DIR           : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${PWD}"
    printf "\e[97m+\e[0m\e[92m%s: Shell Options             : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$-"
    printf "\e[97m+\e[0m\e[92m%s: BASHOPTS                  : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASHOPTS}"
+    printf "\e[97m+\e[0m\e[92m%s: SHELLOPTS                 : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${SHELLOPTS}"
    printf "\e[97m+\e[0m\e[92m%s: ==== Debug Log Begin ==== : \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
  } >&42
 }
--- a/lib/lib_git_var.sh
+++ b/lib/lib_git_var.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Define Git Repo related Variables.
+# Globals:
+#   VAR_GIT_HEAD
+#   VAR_GIT_REL
+#   VAR_GIT_REL_DATE
+#   VAR_GIT_REL_DATE_TIME
+#   VAR_GIT_REL_SHORT
+# Arguments:
+#   None
+#######################################
+check_git() {
+  # shellcheck disable=SC2155
+  if git rev-parse --is-inside-work-tree &>/dev/null; then
+    declare -grx VAR_GIT_REL="$(git log --format='%h %ci' -1 2>/dev/null | awk '{ print $1" "$2" "$3 }')"
+    declare -grx VAR_GIT_REL_SHORT="${VAR_GIT_REL%% *}"
+    declare -grx VAR_GIT_REL_DATE_TIME="${VAR_GIT_REL#* }"
+    declare -grx VAR_GIT_REL_DATE="${VAR_GIT_REL_DATE_TIME% *}"
+    declare -grx VAR_GIT_HEAD_FULL="$(git rev-parse HEAD)"
+  fi
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_guard_sourcing.sh
+++ b/lib/lib_guard_sourcing.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+#######################################
+# Prevent the caller LIB-file from being sourced twice.
+# Derive a safe guard-variable name from the caller script filename.
+# Globals:
+#   BASH_SOURCE
+# Arguments:
+#   $1: Explicitly provided Argument: filename of the caller LIB. (Better let the guard_sourcing() determine dynamically.)
+# Returns:
+#   0: Returns '0' in both cases as they are intended to be successful.
+#######################################
+guard_sourcing() {
+  ### Determine the caller script (the library being sourced).
+  declare var_src="${1:-${BASH_SOURCE[1]}}"
+  ### Strip path, keep only filename
+  declare var_file_name="${var_src##*/}"
+  ### Sanitize to valid var name.
+  declare var_safe_name="${var_file_name//[^a-zA-Z0-9_]/_}"
+  ### Build guard-variable name.
+  declare var_guard_var="_${var_safe_name}_LOADED"
+
+  ### If already loaded, abort sourcing
+  if [[ -n "${!var_guard_var:-}" ]]; then
+    return 0
+  fi
+
+  ### Mark as loaded (readonly + exported)
+  declare -grx "${var_guard_var}"=1
+  return 0
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_hardening_root_pw.sh
+++ b/lib/lib_hardening_root_pw.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Updates the Live ISO to use root password authentication for local console access.
 # Globals:
--- a/lib/lib_hardening_ssh.sh
+++ b/lib/lib_hardening_ssh.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # SSH Hardening Ultra via TCP Wrapper
 # Globals:
--- a/lib/lib_hardening_ultra.sh
+++ b/lib/lib_hardening_ultra.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Wrapper for accompanying all CISS.debian.hardening features into the Live ISO image.
 # Globals:
--- a/lib/lib_helper_ip.sh
+++ b/lib/lib_helper_ip.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # IP Notation cleaner for pure IP output only
 # Globals:
--- a/lib/lib_lb_build_start.sh
+++ b/lib/lib_lb_build_start.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Wrapper to write a new 'lb config' environment.
 # Globals:
--- a/lib/lib_lb_config_start.sh
+++ b/lib/lib_lb_config_start.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Wrapper for 'lb config' - set up a build environment or deleting old build artifacts.
 # Globals:
--- a/lib/lib_lb_config_write.sh
+++ b/lib/lib_lb_config_write.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Wrapper to write a new 'lb config' environment.
 # Globals:
--- a/lib/lib_provider_netcup.sh
+++ b/lib/lib_provider_netcup.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Notes Textbox
 # Arguments:
--- a/lib/lib_run_analysis.sh
+++ b/lib/lib_run_analysis.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Wrapper for statistic functions of the final build.
 # Globals:
--- a/lib/lib_sanitizer.sh
+++ b/lib/lib_sanitizer.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Argument Check Wrapper
 # Arguments:
--- a/lib/lib_trap_on_err.sh
+++ b/lib/lib_trap_on_err.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Print Error Message for Trap on 'ERR' in ${ERROR_LOG}
 # Globals:
@@ -34,8 +36,9 @@
 print_file_err() {
  {
    printf "❌ CISS.debian.live.builder Script failed. \n"
+    printf "❌ Git Commit             : %s \n" "${VAR_GIT_REL}"
    printf "❌ Version                : %s \n" "${VAR_VERSION}"
-    printf "❌ Environment         : %s \n" "${VAR_SYSTEM}"
+    printf "❌ Hostsystem             : %s \n" "${VAR_SYSTEM}"
    printf "❌ Error                  : %s \n" "${ERRCODE}"
    printf "❌ Line                   : %s \n" "${ERRLINE}"
    printf "❌ Script                 : %s \n" "${ERRSCRT}"
@@ -48,7 +51,7 @@ print_file_err() {
    if "${VAR_EARLY_DEBUG}"; then
      printf "❌ Vars Dump saved at     : %s \n" "${LOG_VAR}"
      printf "❌ Debug Log saved at     : %s \n" "${LOG_DEBUG}"
-      printf "❌                   cat %s \n" "${LOG_DEBUG}"
+      printf "❌ batcat --pager='less -r' %s \n" "${LOG_DEBUG}"
    fi
    printf "\n"
  } >> "${LOG_ERROR}"
@@ -77,8 +80,9 @@ print_file_err() {
 #######################################
 print_scr_err() {
  printf "\e[91m❌ CISS.debian.live.builder Script failed. \e[0m\n" >&2
+  printf "\e[91m❌ Git Commit             : %s \e[0m\n" "${VAR_GIT_REL}" >&2
  printf "\e[91m❌ Version                : %s \e[0m\n" "${VAR_VERSION}" >&2
-  printf "\e[91m❌ Environment         : %s \e[0m\n" "${VAR_SYSTEM}" >&2
+  printf "\e[91m❌ Hostsystem             : %s \e[0m\n" "${VAR_SYSTEM}" >&2
  printf "\e[91m❌ Error                  : %s \e[0m\n" "${ERRCODE}" >&2
  printf "\e[91m❌ Line                   : %s \e[0m\n" "${ERRLINE}" >&2
  printf "\e[91m❌ Script                 : %s \e[0m\n" "${ERRSCRT}" >&2
@@ -89,11 +93,11 @@ print_scr_err() {
  printf "\e[91m❌ Arguments Original     : %s \e[0m\n" "${ARG_STR_ORG_INPUT}" >&2
  printf "\e[91m❌ Arguments Sanitized    : %s \e[0m\n" "${VAR_ARG_SANITIZED}" >&2
  printf "\e[91m❌ Error Log saved at     : %s \e[0m\n" "${LOG_ERROR}" >&2
-  printf "\e[91m❌                   cat %s \e[0m\n" "${LOG_ERROR}" >&2
+  printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_ERROR}" >&2
  if "${VAR_EARLY_DEBUG}"; then
    printf "\e[91m❌ Vars Dump saved at     : %s \e[0m\n" "${LOG_VAR}" >&2
    printf "\e[91m❌ Debug Log saved at     : %s \e[0m\n" "${LOG_DEBUG}" >&2
-    printf "\e[91m❌                   cat %s \e[0m\n" "${LOG_DEBUG}" >&2
+    printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_DEBUG}" >&2
  fi
  printf "\n"
 }
@@ -115,12 +119,12 @@ print_scr_err() {
 #   $5: ${BASH_COMMAND}
 #######################################
 trap_on_err() {
+  trap - ERR
  declare -g ERRCODE="$1"
  declare -g ERRSCRT="$2"
  declare -g ERRLINE="$3"
  declare -g ERRFUNC="$4"
  declare -g ERRCMMD="$5"
-  trap - ERR
  if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
  clean_up "${ERRCODE}"
  if ! $VAR_HANDLER_AUTOBUILD; then clean_screen; fi
--- a/lib/lib_trap_on_exit.sh
+++ b/lib/lib_trap_on_exit.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Trap function to be called on 'EXIT'.
 # Globals:
@@ -18,8 +20,8 @@
 #   $1: $?
 #######################################
 trap_on_exit() {
-  declare -r var_trap_on_exit_code="$1"
  trap - EXIT
+  declare -r var_trap_on_exit_code="$1"
  if (( var_trap_on_exit_code == 0 )); then
    if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
    clean_up "${var_trap_on_exit_code}"
@@ -55,7 +57,7 @@ print_scr_exit() {
        printf "\e[92m✅ Script Runtime         : %s \e[0m\n" "${SECONDS}"
        printf "\e[92m✅ Vars Dump saved at     : %s \e[0m\n" "${LOG_VAR}"
        printf "\e[92m✅ Debug Log saved at     : %s \e[0m\n" "${LOG_DEBUG}"
-        printf "\e[92m✅                 cat %s \e[0m\n" "${LOG_DEBUG}"
+        printf "\e[92m✅ batcat --pager='less -r' %s \e[0m\n" "${LOG_DEBUG}"
        printf "\n"
      fi
      printf "\e[95m💷 Please consider donating to my work at: \e[0m\n"
--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -21,7 +21,7 @@ usage() {
  clear
  cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.768.2025.06.23\e[0m")
+$(echo -e "\e[92mMaster V8.03.832.2025.06.24\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")

 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
--- a/meta_sources_debug.sh
+++ b/meta_sources_debug.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+### Sourcing Debug Libs
+. ./lib/lib_debug.sh
+. ./lib/lib_debug_header.sh
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
 # sleep 1

 [[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.03.768.2025.06.23 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.03.832.2025.06.24 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log

 if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
  chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh
--- a/var/early.var.sh
+++ b/var/early.var.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+### Definition of MUST set early Variables
+
+# shellcheck disable=SC2155
+declare -agx ARY_PARAM_ARRAY=("$@")
+declare -grx VAR_PARAM_COUNT="$#"
+declare -grx VAR_PARAM_STRNG="$*"
+declare -grx VAR_CONTACT="security@coresecret.eu"
+declare -grx VAR_VERSION="Master V8.03.832.2025.06.24"
+declare -grx VAR_SYSTEM="$(uname -a)"
+declare -gx  VAR_EARLY_DEBUG="false"
+declare -gx  VAR_HANDLER_AUTOBUILD="false"
+umask 0022
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/var/global.var.sh
+++ b/var/global.var.sh
@@ -10,24 +10,13 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-# shellcheck disable=SC2155
-declare -gr VAR_SYSTEM="$(uname -a)"
 # shellcheck disable=SC2155
 declare -gr VAR_ISO8601="$(date +%Y_%m_%d_%H_%M_%S)"
-# shellcheck disable=SC2155
 declare -gr VAR_KERNEL_INF="$(mktemp)"
-# shellcheck disable=SC2155
 declare -gr VAR_KERNEL_TMP="$(mktemp)"
-# shellcheck disable=SC2155
 declare -gr VAR_KERNEL_SRT="$(mktemp)"
-# shellcheck disable=SC2155
 declare -gr VAR_NOTES="$(mktemp)"

-if "${VAR_EARLY_DEBUG}"; then
-  declare -gr LOG_VAR="/tmp/ciss_live_builder_$$_var.log"
-  touch "${LOG_VAR}" && chmod 0600 "${LOG_VAR}"
-fi
-
 declare -gr LOG_ERROR="/tmp/ciss_live_builder_$$_error.log"
 touch "${LOG_ERROR}" && chmod 0600 "${LOG_ERROR}"
Author	SHA256	Message	Date
Marc S. Weidner BOT	0f10a9c271	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@4f7131c at 2025-06-24T22:34:39Z on 56dbb041e6a3 Generated at : 2025-06-24T22:34:39Z Runner Host : 56dbb041e6a3 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `4f7131c` HEAD -> master	2025-06-24 22:34:39 +00:00
Marc S. Weidner BOT	4f7131ca9c	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@70d127d at 2025-06-24T21:45:55Z on ded5508cc4be Generated at : 2025-06-24T21:45:55Z Runner Host : ded5508cc4be Workflow ID : 🛡️ Shell Script Linting Git Commit : `70d127d` HEAD -> master	2025-06-24 21:45:55 +00:00
Marc S. Weidner	70d127dd4c	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 50m15s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 23:44:04 +02:00
Marc S. Weidner BOT	d183dab1a3	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@593faf9 at 2025-06-24T20:29:03Z on f61ff70b4f60 Generated at : 2025-06-24T20:29:03Z Runner Host : f61ff70b4f60 Workflow ID : 🛡️ Shell Script Linting Git Commit : `593faf9` HEAD -> master	2025-06-24 20:29:03 +00:00
Marc S. Weidner	593faf92b8	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m35s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 22:27:16 +02:00
Marc S. Weidner BOT	ff1a3390ec	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@3177e1f at 2025-06-24T20:24:22Z on ea1203cfbc73 Generated at : 2025-06-24T20:24:22Z Runner Host : ea1203cfbc73 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `3177e1f` HEAD -> master	2025-06-24 20:24:22 +00:00
Marc S. Weidner BOT	3177e1ff40	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@e8e2fa0 at 2025-06-24T19:33:20Z on 8f31c5504ca5 Generated at : 2025-06-24T19:33:20Z Runner Host : 8f31c5504ca5 Workflow ID : 🛡️ Shell Script Linting Git Commit : `e8e2fa0` HEAD -> master	2025-06-24 19:33:20 +00:00
Marc S. Weidner	e8e2fa0182	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m36s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 52m52s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 21:31:24 +02:00
Marc S. Weidner BOT	dfd59577b2	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@c2d0839 at 2025-06-24T19:21:39Z on e64222ff680c Generated at : 2025-06-24T19:21:39Z Runner Host : e64222ff680c Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `c2d0839` HEAD -> master	2025-06-24 19:21:39 +00:00
Marc S. Weidner BOT	c2d0839cd2	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@f047832 at 2025-06-24T18:29:33Z on 7cf2cc345bba Generated at : 2025-06-24T18:29:33Z Runner Host : 7cf2cc345bba Workflow ID : 🛡️ Shell Script Linting Git Commit : `f047832` HEAD -> master	2025-06-24 18:29:33 +00:00
Marc S. Weidner	f047832cdc	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 53m38s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 20:28:02 +02:00
Marc S. Weidner BOT	668ab7ce9d	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@972749b at 2025-06-24T18:00:57Z on b959bf746d49 Generated at : 2025-06-24T18:00:57Z Runner Host : b959bf746d49 Workflow ID : 🛡️ Shell Script Linting Git Commit : `972749b` HEAD -> master	2025-06-24 18:00:57 +00:00
Marc S. Weidner	972749b607	V8.03.832.2025.06.24 Some checks failed 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m33s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Failing after 8m47s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Failing after 8m47s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 8m42s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 19:58:57 +02:00
Marc S. Weidner BOT	4b3918e58d	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@55c2755 at 2025-06-24T08:57:27Z on f797403b8e29 Generated at : 2025-06-24T08:57:27Z Runner Host : f797403b8e29 Workflow ID : 🛡️ Shell Script Linting Git Commit : `55c2755` HEAD -> master	2025-06-24 08:57:27 +00:00
Marc S. Weidner	55c27550c2	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m29s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 10:55:49 +02:00
Marc S. Weidner BOT	dcb05605d6	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@6ebf75a at 2025-06-24T08:55:24Z on 28ea8f9d1fb8 Generated at : 2025-06-24T08:55:24Z Runner Host : 28ea8f9d1fb8 Workflow ID : 🛡️ Shell Script Linting Git Commit : `6ebf75a` HEAD -> master	2025-06-24 08:55:24 +00:00
Marc S. Weidner	6ebf75a91b	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m23s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 10:53:55 +02:00
Marc S. Weidner BOT	00c3853d4e	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@1411be3 at 2025-06-24T08:52:41Z on 304d6b967c3b Generated at : 2025-06-24T08:52:41Z Runner Host : 304d6b967c3b Workflow ID : 🛡️ Shell Script Linting Git Commit : `1411be3` HEAD -> master	2025-06-24 08:52:41 +00:00
Marc S. Weidner BOT	1411be304d	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@7459585 at 2025-06-24T08:51:53Z on e2cd59453da4 Generated at : 2025-06-24T08:51:53Z Runner Host : e2cd59453da4 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `7459585` HEAD -> master	2025-06-24 08:51:54 +00:00
Marc S. Weidner	7459585d20	V8.03.832.2025.06.24 All checks were successful 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 36s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 10:50:24 +02:00
Marc S. Weidner BOT	df806d086f	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@4b70ca7 at 2025-06-23T17:05:19Z on 7476c59f00be Generated at : 2025-06-23T17:05:19Z Runner Host : 7476c59f00be Workflow ID : 🛡️ Shell Script Linting Git Commit : `4b70ca7` HEAD -> master	2025-06-23 17:05:20 +00:00
Marc S. Weidner	4b70ca7056	V8.03.768.2025.06.23 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m35s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-23 19:03:39 +02:00
Marc S. Weidner BOT	44c3aef43d	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@81f3a89 at 2025-06-23T16:54:52Z on 4ebf85be8b8c Generated at : 2025-06-23T16:54:52Z Runner Host : 4ebf85be8b8c Workflow ID : 🛡️ Shell Script Linting Git Commit : `81f3a89` HEAD -> master	2025-06-23 16:54:52 +00:00
Marc S. Weidner	81f3a89ae5	V8.03.768.2025.06.23 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m27s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-23 18:53:13 +02:00
Marc S. Weidner BOT	d0a38a82b8	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@73d826c at 2025-06-23T16:48:44Z on 066aacd189ab Generated at : 2025-06-23T16:48:44Z Runner Host : 066aacd189ab Workflow ID : 🛡️ Shell Script Linting Git Commit : `73d826c` HEAD -> master	2025-06-23 16:48:44 +00:00
Marc S. Weidner	73d826ca2b	Merge remote-tracking branch 'origin/master' All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m34s Details	2025-06-23 18:47:08 +02:00
Marc S. Weidner	87905d693c	V8.03.768.2025.06.23 Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-23 18:46:10 +02:00