msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Compare commits

base: msw:73d826ca2b730af5d382f32d5fca67c2d89c07d7b680766fc7cebb679af662f9
Branches Tags
msw:master
msw:v8.13.142-stable msw:v8.13.008-stable msw:v8.03.864-stable msw:v8.03.832-stable msw:v8.03.768-stable msw:v8.03.644-stable
...
compare: msw:v8.03.832-stable
Branches Tags
msw:master
msw:v8.13.142-stable msw:v8.13.008-stable msw:v8.03.864-stable msw:v8.03.832-stable msw:v8.03.768-stable msw:v8.03.644-stable

25 Commits
73d826ca2b ... v8.03.832-

Author SHA256 Message Date
Marc S. Weidner BOT
0f10a9c271 DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@4f7131c at 2025-06-24T22:34:39Z on 56dbb041e6a3

Generated at : 2025-06-24T22:34:39Z
Runner Host  : 56dbb041e6a3
Workflow ID  : 🔐 Generating a Private Live ISO FLV 1.
Git Commit   : 4f7131c HEAD -> master
 2025-06-24 22:34:39 +00:00
Marc S. Weidner BOT
4f7131ca9c DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@70d127d at 2025-06-24T21:45:55Z on ded5508cc4be

Generated at : 2025-06-24T21:45:55Z
Runner Host  : ded5508cc4be
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 70d127d HEAD -> master
 2025-06-24 21:45:55 +00:00
Marc S. Weidner
70d127dd4c V8.03.832.2025.06.24
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 50m15s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-24 23:44:04 +02:00
Marc S. Weidner BOT
d183dab1a3 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@593faf9 at 2025-06-24T20:29:03Z on f61ff70b4f60

Generated at : 2025-06-24T20:29:03Z
Runner Host  : f61ff70b4f60
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 593faf9 HEAD -> master
 2025-06-24 20:29:03 +00:00
Marc S. Weidner
593faf92b8 V8.03.832.2025.06.24
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m35s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-24 22:27:16 +02:00
Marc S. Weidner BOT
ff1a3390ec DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@3177e1f at 2025-06-24T20:24:22Z on ea1203cfbc73

Generated at : 2025-06-24T20:24:22Z
Runner Host  : ea1203cfbc73
Workflow ID  : 🔐 Generating a Private Live ISO FLV 1.
Git Commit   : 3177e1f HEAD -> master
 2025-06-24 20:24:22 +00:00
Marc S. Weidner BOT
3177e1ff40 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@e8e2fa0 at 2025-06-24T19:33:20Z on 8f31c5504ca5

Generated at : 2025-06-24T19:33:20Z
Runner Host  : 8f31c5504ca5
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : e8e2fa0 HEAD -> master
 2025-06-24 19:33:20 +00:00
Marc S. Weidner
e8e2fa0182 V8.03.832.2025.06.24
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m36s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 52m52s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-24 21:31:24 +02:00
Marc S. Weidner BOT
dfd59577b2 DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@c2d0839 at 2025-06-24T19:21:39Z on e64222ff680c

Generated at : 2025-06-24T19:21:39Z
Runner Host  : e64222ff680c
Workflow ID  : 🔐 Generating a Private Live ISO FLV 0.
Git Commit   : c2d0839 HEAD -> master
 2025-06-24 19:21:39 +00:00
Marc S. Weidner BOT
c2d0839cd2 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@f047832 at 2025-06-24T18:29:33Z on 7cf2cc345bba

Generated at : 2025-06-24T18:29:33Z
Runner Host  : 7cf2cc345bba
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : f047832 HEAD -> master
 2025-06-24 18:29:33 +00:00
Marc S. Weidner
f047832cdc V8.03.832.2025.06.24
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 53m38s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-24 20:28:02 +02:00
Marc S. Weidner BOT
668ab7ce9d DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@972749b at 2025-06-24T18:00:57Z on b959bf746d49

Generated at : 2025-06-24T18:00:57Z
Runner Host  : b959bf746d49
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 972749b HEAD -> master
 2025-06-24 18:00:57 +00:00
Marc S. Weidner
972749b607 V8.03.832.2025.06.24
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m33s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Failing after 8m47s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Failing after 8m47s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 8m42s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-24 19:58:57 +02:00
Marc S. Weidner BOT
4b3918e58d DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@55c2755 at 2025-06-24T08:57:27Z on f797403b8e29

Generated at : 2025-06-24T08:57:27Z
Runner Host  : f797403b8e29
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 55c2755 HEAD -> master
 2025-06-24 08:57:27 +00:00
Marc S. Weidner
55c27550c2 V8.03.832.2025.06.24
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m29s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-24 10:55:49 +02:00
Marc S. Weidner BOT
dcb05605d6 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@6ebf75a at 2025-06-24T08:55:24Z on 28ea8f9d1fb8

Generated at : 2025-06-24T08:55:24Z
Runner Host  : 28ea8f9d1fb8
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 6ebf75a HEAD -> master
 2025-06-24 08:55:24 +00:00
Marc S. Weidner
6ebf75a91b V8.03.832.2025.06.24
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m23s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-24 10:53:55 +02:00
Marc S. Weidner BOT
00c3853d4e DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@1411be3 at 2025-06-24T08:52:41Z on 304d6b967c3b

Generated at : 2025-06-24T08:52:41Z
Runner Host  : 304d6b967c3b
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 1411be3 HEAD -> master
 2025-06-24 08:52:41 +00:00
Marc S. Weidner BOT
1411be304d DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@7459585 at 2025-06-24T08:51:53Z on e2cd59453da4

Generated at : 2025-06-24T08:51:53Z
Runner Host  : e2cd59453da4
Workflow ID  : 🛡️ Retrieve DNSSEC status of coresecret.dev.
Git Commit   : 7459585 HEAD -> master
 2025-06-24 08:51:54 +00:00
Marc S. Weidner
7459585d20 V8.03.832.2025.06.24
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 36s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-24 10:50:24 +02:00
Marc S. Weidner BOT
df806d086f DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@4b70ca7 at 2025-06-23T17:05:19Z on 7476c59f00be

Generated at : 2025-06-23T17:05:19Z
Runner Host  : 7476c59f00be
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 4b70ca7 HEAD -> master
 2025-06-23 17:05:20 +00:00
Marc S. Weidner
4b70ca7056 V8.03.768.2025.06.23
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m35s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-23 19:03:39 +02:00
Marc S. Weidner BOT
44c3aef43d DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@81f3a89 at 2025-06-23T16:54:52Z on 4ebf85be8b8c

Generated at : 2025-06-23T16:54:52Z
Runner Host  : 4ebf85be8b8c
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 81f3a89 HEAD -> master
 2025-06-23 16:54:52 +00:00
Marc S. Weidner
81f3a89ae5 V8.03.768.2025.06.23
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m27s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-23 18:53:13 +02:00
Marc S. Weidner BOT
d0a38a82b8 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@73d826c at 2025-06-23T16:48:44Z on 066aacd189ab

Generated at : 2025-06-23T16:48:44Z
Runner Host  : 066aacd189ab
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 73d826c HEAD -> master
 2025-06-23 16:48:44 +00:00
52 changed files with 136 additions and 439 deletions
Expand all files Collapse all files

2
.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
View File

@@ -25,7 +25,7 @@ body:
attributes: attributes:
label: "Version" label: "Version"
description: "Which version are you running? Use `./ciss_live_builder.sh -v`." description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
placeholder: "e.g., Master V8.03.768.2025.06.23" placeholder: "e.g., Master V8.03.832.2025.06.24"
validations: validations:
required: true required: true

2
.gitea/TODO/dockerfile
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.768.2025.06.23 ### Version Master V8.03.832.2025.06.24
FROM debian:bookworm FROM debian:bookworm

2
.gitea/TODO/render-md-to-html.yaml
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.768.2025.06.23 ### Version Master V8.03.832.2025.06.24
name: 🔁 Render README.md to README.html. name: 🔁 Render README.md to README.html.

4
.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
View File

@@ -10,6 +10,6 @@
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
build: build:
counter: 1023 counter: 1024
version: V8.03.768.2025.06.23 version: V8.03.832.2025.06.24
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

2
.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
View File

@@ -11,5 +11,5 @@
build: build:
counter: 1023 counter: 1023
version: V8.03.768.2025.06.23 version: V8.03.832.2025.06.24
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

2
.gitea/trigger/t_generate_PUBLIC.yaml
View File

@@ -11,5 +11,5 @@
build: build:
counter: 1023 counter: 1023
version: V8.03.768.2025.06.23 version: V8.03.832.2025.06.24
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

2
.gitea/trigger/t_generate_dns.yaml
View File

@@ -11,5 +11,5 @@
build: build:
counter: 1023 counter: 1023
version: V8.03.768.2025.06.23 version: V8.03.832.2025.06.24
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

2
.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.768.2025.06.22 ### Version Master V8.03.832.2025.06.24
name: 🔐 Generating a Private Live ISO FLV 0. name: 🔐 Generating a Private Live ISO FLV 0.

2
.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.768.2025.06.22 ### Version Master V8.03.832.2025.06.24
name: 🔐 Generating a Private Live ISO FLV 1. name: 🔐 Generating a Private Live ISO FLV 1.

2
.gitea/workflows/generate_PUBLIC_iso.yaml
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.768.2025.06.22 ### Version Master V8.03.832.2025.06.24
name: 💙 Generating a PUBLIC Live ISO. name: 💙 Generating a PUBLIC Live ISO.

2
.gitea/workflows/linter_char_scripts.yaml
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.768.2025.06.23 ### Version Master V8.03.832.2025.06.24
# Gitea Workflow: Shell-Script Linting # Gitea Workflow: Shell-Script Linting
# #

2
.gitea/workflows/render-dnssec-status.yaml
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.768.2025.06.23 ### Version Master V8.03.832.2025.06.24
name: 🛡️ Retrieve DNSSEC status of coresecret.dev. name: 🛡️ Retrieve DNSSEC status of coresecret.dev.

2
.gitea/workflows/render-dot-to-png.yaml
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.768.2025.06.23 ### Version Master V8.03.832.2025.06.24
name: 🔁 Render Graphviz Diagrams. name: 🔁 Render Graphviz Diagrams.

2
.version.properties
View File

@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework." properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
properties_SPDX-PackageName="CISS.debian.live.builder" properties_SPDX-PackageName="CISS.debian.live.builder"
properties_SPDX-Security-Contact="security@coresecret.eu" properties_SPDX-Security-Contact="security@coresecret.eu"
properties_version="V8.03.768.2025.06.23" properties_version="V8.03.832.2025.06.24"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf

2
CISS.debian.live.builder.spdx
View File

@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
Created: 2025-05-07T12:00:00Z Created: 2025-05-07T12:00:00Z
Package: CISS.debian.live.builder Package: CISS.debian.live.builder
PackageName: CISS.debian.live.builder PackageName: CISS.debian.live.builder
PackageVersion: Master V8.03.768.2025.06.23 PackageVersion: Master V8.03.832.2025.06.24
PackageSupplier: Organization: Centurion Intelligence Consulting Agency PackageSupplier: Organization: Centurion Intelligence Consulting Agency
PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder

2
LINTER_RESULTS.txt
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-23T06:21:19Z". This file was automatically generated by the DEPLOY BOT on: "2025-06-24T21:45:52Z".
✅ The last linter check was successful. ✅ ✅ The last linter check was successful. ✅

14
LIVE_ISO_FLV_0.private
View File

@@ -9,19 +9,19 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-23T07:15:07Z". This file was automatically generated by the DEPLOY BOT on: "2025-06-24T19:21:36Z".
CISS.debian.live.builder ISO : CISS.debian.live.builder ISO :
"ciss-debian-live-2025_06_23T06_28_42Z-amd64.hybrid.iso" "ciss-debian-live-2025_06_24T18_36_59Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 : CISS.debian.live.builder ISO sha512 :
e0ec5e6be762858378a7eab74634676b1dd431f1cec9f3ecd57778249da4694af2df40dd5adb546360e69ddbad1379200031558ca580f55d9e8c242edb193e2f 3ca5a9635ef74a48f6d8f31696ec56e56ee95eff5317df95976e22d31e331bc503422602e24a9eaddfc30212acf6ebe96af51e94298c4c7c49c839c62abb6c2f
CISS.debian.live.builder ISO sha512 sign : CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFj++wAKCRA85KY4hzOw iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFr6wAAKCRA85KY4hzOw
IXOYAP9FahdpIrwvHpEAddsem7UDdtO/zOzzDzx+TuycmdFttQEA20BgLvFLCiDr IbgHAP4p9jlF9jZkYIw/0H8j07QUWNHxeUz2r2UXp8aN2gUEBwEAxqbznJhH8li8
2zYSWBFHsEnlOrMoqUmjwDH/rjV6wAs= 40g5sWwGLmBjlidIOe0NxeMUBkuMlQg=
=cssu =gq5w
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

14
LIVE_ISO_FLV_1.private
View File

@@ -9,19 +9,19 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-23T08:10:36Z". This file was automatically generated by the DEPLOY BOT on: "2025-06-24T22:34:36Z".
CISS.debian.live.builder ISO : CISS.debian.live.builder ISO :
"ciss-debian-live-2025_06_23T07_24_33Z-amd64.hybrid.iso" "ciss-debian-live-2025_06_24T21_53_22Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 : CISS.debian.live.builder ISO sha512 :
70fc1bcdcf3362278f77344c5c6cf5c682362afaf22e4013026f87d3279a044bcebd830b0958bdfb9c080f06d1f873a61a30ca5e56787d41668c9b758a964ad7 581d951c8ab4d8e7afd2d727f8e64bd6fff51d005b84b9800e941da8dae654985bae500e056f02729d6b274ba330dfdbec59fd5ec2c8b18c3bbf37433b73c154
CISS.debian.live.builder ISO sha512 sign : CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFkL/AAKCRA85KY4hzOw iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFsn/AAKCRA85KY4hzOw
ISe+AQC8m7ZFFP9zYtSae/IjpJy4XtDsnuO4ager49y7BDx38gEAllfQHZiMxelr IUvMAP9P1U6lblhdZ9tSROvYXRXcv0IEg2rVo3fMx9T5fozLewEAgxxo0+J1Nlvu
qryf1KI+nXUj2EgKtk0vy9SDI6H1KgY= KVZOdiuc6xdxkBHWYaA2kSXZKI+qAwA=
=NdC5 =2H0C
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

10
README.md
View File

@@ -2,7 +2,7 @@
gitea: none gitea: none
include_toc: true include_toc: true
--- ---
[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.768.2025.06.23-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder) [![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.832.2025.06.24-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
&nbsp; &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -11,8 +11,8 @@ include_toc: true
[![Static Badge](https://badges.coresecret.dev/badge/shellformat-passed-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=shellformat&color=%234285F4)](https://github.com/mvdan/sh) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/shellformat-passed-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=shellformat&color=%234285F4)](https://github.com/mvdan/sh) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=Shellstyle&color=%234285F4)](https://google.github.io/styleguide/shellguide.html) [![Static Badge](https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=Shellstyle&color=%234285F4)](https://google.github.io/styleguide/shellguide.html)
&nbsp; &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.23.8-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.24.2-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.2-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.3-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&logo=keepassxc&logoColor=white&logoSize=auto&label=KeePassXC&color=%236CAC4D)](https://keepassxc.org/) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&logo=keepassxc&logoColor=white&logoSize=auto&label=KeePassXC&color=%236CAC4D)](https://keepassxc.org/) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&logo=netcup&logoColor=white&logoSize=auto&label=powered&color=%23056473)](https://www.netcup.com/de) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&logo=netcup&logoColor=white&logoSize=auto&label=powered&color=%23056473)](https://www.netcup.com/de) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=powered&color=%230F243E)](https://coresecret.eu/) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=powered&color=%230F243E)](https://coresecret.eu/) &nbsp;
@@ -26,7 +26,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -142,7 +142,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date. This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
Example: `V8.03.768.2025.06.23` Example: `V8.03.832.2025.06.24`
`x.y.z` represents major (x), minor (y), and patch (z) version increments. `x.y.z` represents major (x), minor (y), and patch (z) version increments.

6
ciss_live_builder.sh
View File

@@ -40,9 +40,10 @@
[[ ${#} -eq 0 ]] && { [[ ${#} -eq 0 ]] && {
. ./lib/lib_usage.sh; usage; exit 1; } . ./lib/lib_usage.sh; usage; exit 1; }
### SOURCING MUST SET EARLY VARIABLES AND GUARD_SOURCING() ### SOURCING MUST SET EARLY VARIABLES, GUARD_SOURCING(), CHECK_GIT()
. ./var/early.var.sh . ./var/early.var.sh
. ./lib/lib_guard_sourcing.sh . ./lib/lib_guard_sourcing.sh
. ./lib/lib_git_var.sh
### CHECK FOR CONTACT, HELP, VERSION STRING, AND XTRACE DEBUG ### CHECK FOR CONTACT, HELP, VERSION STRING, AND XTRACE DEBUG
for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done
@@ -50,7 +51,8 @@ for arg in "$@"; do case "${arg,,}" in -h|--help) . ./lib/lib_usage.sh; usage
for arg in "$@"; do case "${arg,,}" in -v|--version) printf "\e[95mCISS.debian.live.builder Version: %s\e[0m\n" "${VAR_VERSION}"; exit 0;; esac; done for arg in "$@"; do case "${arg,,}" in -v|--version) printf "\e[95mCISS.debian.live.builder Version: %s\e[0m\n" "${VAR_VERSION}"; exit 0;; esac; done
### ALL CHECKS DONE. READY TO START THE SCRIPT ### ALL CHECKS DONE. READY TO START THE SCRIPT
for arg in "$@"; do case "${arg,,}" in -d|--debug) . ./meta_sources_debug.sh; check_git; debugger "${@}";; esac; done check_git
for arg in "$@"; do case "${arg,,}" in -d|--debug) . ./meta_sources_debug.sh; debugger "${@}";; esac; done
declare -gx VAR_SETUP="true" declare -gx VAR_SETUP="true"
### SOURCING VARIABLES ### SOURCING VARIABLES

2
config/includes.chroot/etc/ssh/sshd_config
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.768.2025.06.23 ### Version Master V8.03.832.2025.06.24
### https://www.ssh-audit.com/ ### https://www.ssh-audit.com/
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig

2
config/includes.chroot/etc/sysctl.d/99_local.hardened
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.768.2025.06.23 ### Version Master V8.03.832.2025.06.24
### https://docs.kernel.org/ ### https://docs.kernel.org/
### https://github.com/a13xp0p0v/kernel-hardening-checker/ ### https://github.com/a13xp0p0v/kernel-hardening-checker/

2
config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
View File

@@ -10,7 +10,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
declare -gr VERSION="Master V8.03.768.2025.06.23" declare -gr VERSION="Master V8.03.832.2025.06.24"
### VERY EARLY CHECK FOR DEBUGGING ### VERY EARLY CHECK FOR DEBUGGING
if [[ $* == *" --debug "* ]]; then if [[ $* == *" --debug "* ]]; then

2
config/includes.chroot/preseed/preseed.cfg
View File

@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
# Please consider donating to my work at: https://coresecret.eu/spenden/ # Please consider donating to my work at: https://coresecret.eu/spenden/
########################################################################################### ###########################################################################################
# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.23 at: 10:18:37.9542 # Written by: ./preseed_hash_generator.sh Version: Master V8.03.832.2025.06.24 at: 10:18:37.9542

2
docs/AUDIT_DNSSEC.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. DNSSEC Status # 2. DNSSEC Status

2
docs/AUDIT_HAVEGED.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. Haveged Audit on Netcup RS 2000 G11 # 2. Haveged Audit on Netcup RS 2000 G11

2
docs/AUDIT_LYNIS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. Lynis Audit: # 2. Lynis Audit:

2
docs/AUDIT_SSH.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. SSH Audit by ssh-audit.com # 2. SSH Audit by ssh-audit.com

316
docs/AUDIT_TLS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. TLS Audit: # 2. TLS Audit:
@@ -26,313 +26,7 @@ include_toc: true
Using OpenSSL 1.0.2-bad (Mar 28 2025) [~179 ciphers] Using OpenSSL 1.0.2-bad (Mar 28 2025) [~179 ciphers]
on kali:./bin/openssl.Linux.x86_64 on kali:./bin/openssl.Linux.x86_64
Start 2025-06-23 06:37:04 -->> 135.181.207.105:443 (dns01.eddns.eu) <<-- Start 2025-06-23 17:58:48 -->> 152.53.110.40:443 (git.coresecret.dev) <<--
Further IP addresses: 2a01:4f9:c012:a813:135:181:207:105
rDNS (135.181.207.105): dns01.eddns.eu.
Service detected: HTTP
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY not offered
ALPN/HTTP2 h2, http/1.1 (offered)
Testing for server implementation bugs
No bugs found.
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered
Obsoleted CBC ciphers (AES, ARIA etc.) not offered
Strong encryption (AEAD ciphers) with no FS not offered
Forward Secrecy strong encryption (AEAD ciphers) offered (OK)
Testing server's cipher preferences
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
-
SSLv3
-
TLSv1
-
TLSv1.1
-
TLSv1.2 (server order)
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 448 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 448 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLSv1.3 (server order)
x1302 TLS_AES_256_GCM_SHA384 ECDH 448 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 448 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
Has server cipher order? yes (OK) -- TLS 1.3 and below
Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
FS is offered (OK) , ciphers follow (client/browser support is important here)
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
x1302 TLS_AES_256_GCM_SHA384 ECDH 448 AESGCM 256 TLS_AES_256_GCM_SHA384 available
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 448 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 available
xcc14 ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD not a/v
xcc13 ECDHE-RSA-CHACHA20-POLY1305-OLD ECDH ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD not a/v
xcc15 DHE-RSA-CHACHA20-POLY1305-OLD DH ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD not a/v
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 available
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 not a/v
xc028 ECDHE-RSA-AES256-SHA384 ECDH AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 not a/v
xc024 ECDHE-ECDSA-AES256-SHA384 ECDH AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 not a/v
xc014 ECDHE-RSA-AES256-SHA ECDH AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA not a/v
xc00a ECDHE-ECDSA-AES256-SHA ECDH AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA not a/v
xa3 DHE-DSS-AES256-GCM-SHA384 DH AESGCM 256 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 not a/v
x9f DHE-RSA-AES256-GCM-SHA384 DH AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 not a/v
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 not a/v
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 448 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 available
xccaa DHE-RSA-CHACHA20-POLY1305 DH ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 not a/v
xc0af ECDHE-ECDSA-AES256-CCM8 ECDH AESCCM8 256 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 not a/v
xc0ad ECDHE-ECDSA-AES256-CCM ECDH AESCCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_CCM not a/v
xc0a3 DHE-RSA-AES256-CCM8 DH AESCCM8 256 TLS_DHE_RSA_WITH_AES_256_CCM_8 not a/v
xc09f DHE-RSA-AES256-CCM DH AESCCM 256 TLS_DHE_RSA_WITH_AES_256_CCM not a/v
x6b DHE-RSA-AES256-SHA256 DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 not a/v
x6a DHE-DSS-AES256-SHA256 DH AES 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 not a/v
x39 DHE-RSA-AES256-SHA DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA not a/v
x38 DHE-DSS-AES256-SHA DH AES 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA not a/v
xc077 ECDHE-RSA-CAMELLIA256-SHA384 ECDH Camellia 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 not a/v
xc073 ECDHE-ECDSA-CAMELLIA256-SHA384 ECDH Camellia 256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 not a/v
xc4 DHE-RSA-CAMELLIA256-SHA256 DH Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 not a/v
xc3 DHE-DSS-CAMELLIA256-SHA256 DH Camellia 256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 not a/v
x88 DHE-RSA-CAMELLIA256-SHA DH Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA not a/v
x87 DHE-DSS-CAMELLIA256-SHA DH Camellia 256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA not a/v
xc043 DHE-DSS-ARIA256-CBC-SHA384 DH ARIA 256 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 not a/v
xc045 DHE-RSA-ARIA256-CBC-SHA384 DH ARIA 256 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 not a/v
xc049 ECDHE-ECDSA-ARIA256-CBC-SHA384 ECDH ARIA 256 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 not a/v
xc04d ECDHE-RSA-ARIA256-CBC-SHA384 ECDH ARIA 256 TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 not a/v
xc053 DHE-RSA-ARIA256-GCM-SHA384 DH ARIAGCM 256 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 not a/v
xc057 DHE-DSS-ARIA256-GCM-SHA384 DH ARIAGCM 256 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 not a/v
xc05d ECDHE-ECDSA-ARIA256-GCM-SHA384 ECDH ARIAGCM 256 TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 not a/v
xc061 ECDHE-ARIA256-GCM-SHA384 ECDH ARIAGCM 256 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 not a/v
xc07d - DH CamelliaGCM 256 TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 not a/v
xc081 - DH CamelliaGCM 256 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 not a/v
xc087 - ECDH CamelliaGCM 256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 not a/v
xc08b - ECDH CamelliaGCM 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 not a/v
x1301 TLS_AES_128_GCM_SHA256 any AESGCM 128 TLS_AES_128_GCM_SHA256 not a/v
x1304 TLS_AES_128_CCM_SHA256 any AESCCM 128 TLS_AES_128_CCM_SHA256 not a/v
x1305 TLS_AES_128_CCM_8_SHA256 any AESCCM8 128 TLS_AES_128_CCM_8_SHA256 not a/v
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 not a/v
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 not a/v
xc027 ECDHE-RSA-AES128-SHA256 ECDH AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 not a/v
xc023 ECDHE-ECDSA-AES128-SHA256 ECDH AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 not a/v
xc013 ECDHE-RSA-AES128-SHA ECDH AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA not a/v
xc009 ECDHE-ECDSA-AES128-SHA ECDH AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA not a/v
xa2 DHE-DSS-AES128-GCM-SHA256 DH AESGCM 128 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 not a/v
x9e DHE-RSA-AES128-GCM-SHA256 DH AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 not a/v
xc0ae ECDHE-ECDSA-AES128-CCM8 ECDH AESCCM8 128 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 not a/v
xc0ac ECDHE-ECDSA-AES128-CCM ECDH AESCCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_CCM not a/v
xc0a2 DHE-RSA-AES128-CCM8 DH AESCCM8 128 TLS_DHE_RSA_WITH_AES_128_CCM_8 not a/v
xc09e DHE-RSA-AES128-CCM DH AESCCM 128 TLS_DHE_RSA_WITH_AES_128_CCM not a/v
x67 DHE-RSA-AES128-SHA256 DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 not a/v
x40 DHE-DSS-AES128-SHA256 DH AES 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 not a/v
x33 DHE-RSA-AES128-SHA DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA not a/v
x32 DHE-DSS-AES128-SHA DH AES 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA not a/v
xc076 ECDHE-RSA-CAMELLIA128-SHA256 ECDH Camellia 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 not a/v
xc072 ECDHE-ECDSA-CAMELLIA128-SHA256 ECDH Camellia 128 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 not a/v
xbe DHE-RSA-CAMELLIA128-SHA256 DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 not a/v
xbd DHE-DSS-CAMELLIA128-SHA256 DH Camellia 128 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 not a/v
x9a DHE-RSA-SEED-SHA DH SEED 128 TLS_DHE_RSA_WITH_SEED_CBC_SHA not a/v
x99 DHE-DSS-SEED-SHA DH SEED 128 TLS_DHE_DSS_WITH_SEED_CBC_SHA not a/v
x45 DHE-RSA-CAMELLIA128-SHA DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA not a/v
x44 DHE-DSS-CAMELLIA128-SHA DH Camellia 128 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA not a/v
xc042 DHE-DSS-ARIA128-CBC-SHA256 DH ARIA 128 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 not a/v
xc044 DHE-RSA-ARIA128-CBC-SHA256 DH ARIA 128 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 not a/v
xc048 ECDHE-ECDSA-ARIA128-CBC-SHA256 ECDH ARIA 128 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 not a/v
xc04c ECDHE-RSA-ARIA128-CBC-SHA256 ECDH ARIA 128 TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 not a/v
xc052 DHE-RSA-ARIA128-GCM-SHA256 DH ARIAGCM 128 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 not a/v
xc056 DHE-DSS-ARIA128-GCM-SHA256 DH ARIAGCM 128 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 not a/v
xc05c ECDHE-ECDSA-ARIA128-GCM-SHA256 ECDH ARIAGCM 128 TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 not a/v
xc060 ECDHE-ARIA128-GCM-SHA256 ECDH ARIAGCM 128 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 not a/v
xc07c - DH CamelliaGCM 128 TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 not a/v
xc080 - DH CamelliaGCM 128 TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 not a/v
xc086 - ECDH CamelliaGCM 128 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 not a/v
xc08a - ECDH CamelliaGCM 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 not a/v
Elliptic curves offered: secp384r1 secp521r1 X448
TLS 1.2 sig_algs offered: RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224
TLS 1.3 sig_algs offered: RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512
Testing server defaults (Server Hello)
TLS extensions (standard) "server name/#0" "max fragment length/#1" "status request/#5" "supported_groups/#10" "EC point formats/#11"
"application layer protocol negotiation/#16" "extended master secret/#23" "supported versions/#43" "key share/#51"
"renegotiation info/#65281"
Session Ticket RFC 5077 hint no -- no lifetime advertised
SSL Session ID support yes
Session Resumption Tickets no, ID: yes
TLS clock skew Random values, no fingerprinting possible
Certificate Compression none
Client Authentication none
Signature Algorithm SHA384 with RSA
Server key size RSA 4096 bits (exponent is 262147)
Server key usage Digital Signature, Key Encipherment
Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication
Serial A39CFE0064280D467269C012636F9EE8 (OK: length 16)
Fingerprints SHA1 9E19BE00A07E50CC5DB94A51419D431E845F810A
SHA256 92D01842FB6275890EF74AAD742990EFD76ABA0604203B327F3270E805B6F356
Common Name (CN) eddns.eu
subjectAltName (SAN) eddns.eu dns01.eddns.eu dns02.eddns.de dns03.eddns.eu eddns.de
Trust (hostname) Ok via SAN (same w/o SNI)
Chain of trust Ok
EV cert (experimental) no
Certificate Validity (UTC) 358 >= 60 days (2025-06-16 00:00 --> 2026-06-16 23:59)
ETS/"eTLS", visibility info not present
In pwnedkeys.com DB not in database
Certificate Revocation List --
OCSP URI http://zerossl.ocsp.sectigo.com, not revoked
OCSP stapling offered, not revoked
OCSP must staple extension supported
DNS CAA RR (experimental) available - please check for match with "Issuer" below
communications=error, iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl,
issue=letsencrypt.org;, issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=;
Certificate Transparency yes (certificate extension)
Certificates provided 2
Issuer ZeroSSL RSA Domain Secure Site CA (ZeroSSL from AT)
Intermediate cert validity #1: ok > 40 days (2030-01-29 23:59). ZeroSSL RSA Domain Secure Site CA <-- USERTrust RSA Certification Authority
Intermediate Bad OCSP (exp.) Ok
Testing HTTP header response @ "/"
HTTP Status Code 200 OK
HTTP clock skew 0 sec from localtime
Strict Transport Security 730 days=63072000 s, includeSubDomains, preload
Public Key Pinning --
Server banner nginx
Application banner --
Cookie(s) (none issued at "/")
Security headers X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Expect-CT: max-age=86400, enforce
Permissions-Policy: interest-cohort=()
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Embedder-Policy: credentialless
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: https://dns01.eddns.eu
Permissions-Policy: interest-cohort=()
Referrer-Policy: same-origin
Cache-Control: no-cache
Reverse Proxy banner --
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session ticket extension
ROBOT Server does not support any cipher suites that use RSA key transport
Secure Renegotiation (RFC 5746) supported (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/" tested
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=92D01842FB6275890EF74AAD742990EFD76ABA0604203B327F3270E805B6F356
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1
LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK)
Winshock (CVE-2014-6321), experimental not vulnerable (OK)
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Running client simulations (HTTP) via sockets
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 7.0 (native) No connection
Android 8.1 (native) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 384 bit ECDH (P-384)
Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Android 11/12 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Android 13/14 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Android 15 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Chrome 101 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Chromium 137 (Win 11) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Firefox 100 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
Firefox 137 (Win 11) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
IE 8 Win 7 No connection
IE 11 Win 7 No connection
IE 11 Win 8.1 No connection
IE 11 Win Phone 8.1 No connection
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 384 bit ECDH (P-384)
Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 384 bit ECDH (P-384)
Edge 101 Win 10 21H2 TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Edge 133 Win 11 23H2 TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Safari 18.4 (iOS 18.4) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
Safari 15.4 (macOS 12.3.1) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
Safari 18.4 (macOS 15.4) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
Java 7u25 No connection
Java 8u442 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
Java 17.0.3 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
Java 21.0.6 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
go 1.17.8 TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
LibreSSL 3.3.6 (macOS) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 521 bit ECDH (P-521)
OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
OpenSSL 3.0.15 (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
OpenSSL 3.5.0 (git) TLSv1.3 TLS_AES_256_GCM_SHA384 448 bit ECDH (X448)
Apple Mail (16.0) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 521 bit ECDH (P-521)
Thunderbird (91.9) TLSv1.3 TLS_AES_256_GCM_SHA384 521 bit ECDH (P-521)
Rating (experimental)
Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
Protocol Support (weighted) 100 (30)
Key Exchange (weighted) 100 (30)
Cipher Strength (weighted) 100 (40)
Final Score 100
Overall Grade A+
Done 2025-06-23 06:38:43 [ 102s] -->> 135.181.207.105:443 (dns01.eddns.eu) <<--
25-06-23|root@kali.ed448.eu:/root/gitea/testssl.sh/>>1|~#> ./testssl.sh --show-each --wide --phone-out --full https://git.coresecret.dev/
#####################################################################
testssl.sh version 3.2.1 from https://testssl.sh/
(81471c3 2025-06-15 09:48:31)
This program is free software. Distribution and modification under
GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
Please file bugs @ https://testssl.sh/bugs/
#####################################################################
Using OpenSSL 1.0.2-bad (Mar 28 2025) [~179 ciphers]
on kali:./bin/openssl.Linux.x86_64
Start 2025-06-23 06:55:40 -->> 152.53.110.40:443 (git.coresecret.dev) <<--
Further IP addresses: 2a0a:4cc0:80:330f:152:53:110:40 Further IP addresses: 2a0a:4cc0:80:330f:152:53:110:40
rDNS (152.53.110.40): git.coresecret.dev. rDNS (152.53.110.40): git.coresecret.dev.
@@ -510,8 +204,8 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe
OCSP stapling offered, not revoked OCSP stapling offered, not revoked
OCSP must staple extension -- OCSP must staple extension --
DNS CAA RR (experimental) available - please check for match with "Issuer" below DNS CAA RR (experimental) available - please check for match with "Issuer" below
iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl, issue=letsencrypt.org;, communications=error, iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl,
issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issue=letsencrypt.org;, issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=; issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=;
Certificate Transparency yes (certificate extension) Certificate Transparency yes (certificate extension)
@@ -623,7 +317,7 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe
Final Score 100 Final Score 100
Overall Grade A+ Overall Grade A+
Done 2025-06-23 06:57:01 [ 86s] -->> 152.53.110.40:443 (git.coresecret.dev) <<-- Done 2025-06-23 18:00:16 [ 99s] -->> 152.53.110.40:443 (git.coresecret.dev) <<--
```` ````
--- ---

19
docs/CHANGELOG.md
View File

@@ -8,13 +8,26 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. Changelog # 2. Changelog
## V8.03.768.2025.06.22 ## V8.03.832.2025.06.24
* Updated [lib_clean_up.sh](../lib/lib_clean_up.sh): Lock FD and Artifacts. * Updated:
* [lib_check_provider.sh](../lib/lib_check_provider.sh)
* [lib_debug_header.sh](../lib/lib_debug_header.sh)
* [lib_trap_on_err.sh](../lib/lib_trap_on_err.sh)
* The Debian package ``bat`` will be installed to enable smooth log reading.
## V8.03.768.2025.06.23
* Updated [lib_clean_up.sh](../lib/lib_clean_up.sh): Removal of Lock FD and Artifacts.
* Rearranged VARs sourcing: [early.var.sh](../var/early.var.sh)
* Rearranged DEBUG XTRACE sourcing: [meta_sources_debug.sh](../meta_sources_debug.sh)
* Added Git Repo specific VARs: [lib_debug_var_git.sh](../lib/lib_git_var.sh)
* Added ``guard_sourcing()``: [lib_guard_sourcing.sh](../lib/lib_guard_sourcing.sh)
* to prevent the caller LIB-file from being sourced twice.
## V8.03.768.2025.06.19 ## V8.03.768.2025.06.19

2
docs/CNET.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. Centurion Net - Developer Branch Overview # 2. Centurion Net - Developer Branch Overview

2
docs/CODING_CONVENTION.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. Coding Style # 2. Coding Style

2
docs/CONTRIBUTING.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. Contributing / participating # 2. Contributing / participating

2
docs/CREDITS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. Credits # 2. Credits

2
docs/DL_PUB_ISO.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. Download the latest PUBLIC CISS.debian.live.ISO # 2. Download the latest PUBLIC CISS.debian.live.ISO

6
docs/DOCUMENTATION.md
View File

@@ -8,12 +8,12 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2.1. Usage # 2.1. Usage
````text ````text
CISS.debian.live.builder CISS.debian.live.builder
Master V8.03.768.2025.06.23 Master V8.03.832.2025.06.24
A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image. A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
(c) Marc S. Weidner, 2018 - 2025 (c) Marc S. Weidner, 2018 - 2025
@@ -133,7 +133,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
# 2.2. Contact # 2.2. Contact
````text ````text
CISS.debian.live.builder CISS.debian.live.builder
Master V8.03.768.2025.06.23 Master V8.03.832.2025.06.24
A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image. A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
(c) Marc S. Weidner, 2018 - 2025 (c) Marc S. Weidner, 2018 - 2025

2
docs/REFERENCES.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br> **Master Version**: 8.03<br>
**Build**: V8.03.768.2025.06.23<br> **Build**: V8.03.832.2025.06.24<br>
# 2. Resources # 2. Resources

BIN
docs/SECURITY/coresecret.dev.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 185 KiB

After

Width:  |  Height:  |  Size: 186 KiB

7
lib/lib_check_pkgs.sh
View File

@@ -20,6 +20,10 @@ guard_sourcing
check_pkgs() { check_pkgs() {
apt-get update -y > /dev/null 2>&1 apt-get update -y > /dev/null 2>&1
if [[ -z "$(command -v batcat || true)" ]]; then
apt-get install -y --no-install-recommends bat
fi
if [[ -z "$(command -v lsb_release || true)" ]]; then if [[ -z "$(command -v lsb_release || true)" ]]; then
apt-get install -y --no-install-recommends lsb-release apt-get install -y --no-install-recommends lsb-release
fi fi
@@ -45,8 +49,7 @@ check_pkgs() {
fi fi
if [[ -z "$(command -v mkpasswd || true)" ]]; then if [[ -z "$(command -v mkpasswd || true)" ]]; then
apt-get update -y apt-get install -y --no-install-recommends whois
apt-get install --no-install-recommends whois -y
fi fi
} }
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

5
lib/lib_check_provider.sh
View File

@@ -19,8 +19,9 @@ guard_sourcing
####################################### #######################################
check_provider() { check_provider() {
clear clear
cat << 'EOF' >| "${VAR_NOTES}" cat << EOF >| "${VAR_NOTES}"
Build: Master V8.03.768.2025.06.23 Build : ${VAR_VERSION}
Commit : ${VAR_GIT_REL}
Press 'EXIT' to continue with CISS.debian.live.builder. Press 'EXIT' to continue with CISS.debian.live.builder.

2
lib/lib_contact.sh
View File

@@ -21,7 +21,7 @@ contact() {
clear clear
cat << EOF cat << EOF
$(echo -e "\e[92mCISS.debian.live.builder\e[0m") $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
$(echo -e "\e[92mMaster V8.03.768.2025.06.23\e[0m") $(echo -e "\e[92mMaster V8.03.832.2025.06.24\e[0m")
$(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m") $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
$(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m") $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")

4
lib/lib_debug.sh
View File

@@ -41,8 +41,10 @@ debugger() {
declare -grx PS4='\e[97m+\e[0m\e[96m$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m ' declare -grx PS4='\e[97m+\e[0m\e[96m$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m '
# shellcheck disable=SC2155 # shellcheck disable=SC2155
declare -grx LOG_DEBUG="/tmp/ciss_live_builder_$$_debug.log" declare -grx LOG_DEBUG="/tmp/ciss_live_builder_$$_debug.log"
### Generates empty LOG_DEBUG declare -grx LOG_VAR="/tmp/ciss_live_builder_$$_var.log"
### Generates empty LOG_DEBUG and LOG_VAR
touch "${LOG_DEBUG}" && chmod 0600 "${LOG_DEBUG}" touch "${LOG_DEBUG}" && chmod 0600 "${LOG_DEBUG}"
touch "${LOG_VAR}" && chmod 0600 "${LOG_VAR}"
### Open file descriptor 42 for writing to the debug log ### Open file descriptor 42 for writing to the debug log
exec 42>| "${LOG_DEBUG}" exec 42>| "${LOG_DEBUG}"
### Write Debug Log Header https://www.gnu.org/software/bash/manual/html_node/Bash-Variables ### Write Debug Log Header https://www.gnu.org/software/bash/manual/html_node/Bash-Variables

2
lib/lib_debug_header.sh
View File

@@ -34,7 +34,7 @@ debug_header() {
declare -r arg_string="$2" declare -r arg_string="$2"
{ {
printf "\e[97m+\e[0m\e[92m%s: CISS.debian.live.builder Debug Log \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" printf "\e[97m+\e[0m\e[92m%s: CISS.debian.live.builder Debug Log \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
printf "\e[97m+\e[0m\e[92m%s: Git Commit : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_GIT_HEAD_FULL}" printf "\e[97m+\e[0m\e[92m%s: Git Commit : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_GIT_REL}"
printf "\e[97m+\e[0m\e[92m%s: Version : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_VERSION}" printf "\e[97m+\e[0m\e[92m%s: Version : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_VERSION}"
printf "\e[97m+\e[0m\e[92m%s: Epoch : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EPOCHREALTIME}" printf "\e[97m+\e[0m\e[92m%s: Epoch : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EPOCHREALTIME}"
printf "\e[97m+\e[0m\e[92m%s: Bash MAJ Release : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[0]}" printf "\e[97m+\e[0m\e[92m%s: Bash MAJ Release : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[0]}"

0
lib/lib_debug_var_git.sh → lib/lib_git_var.sh
View File

2
lib/lib_guard_sourcing.sh
View File

@@ -16,7 +16,7 @@
# Globals: # Globals:
# BASH_SOURCE # BASH_SOURCE
# Arguments: # Arguments:
# $1: Explicitly provided Argument: filename of the caller LIB. (Better let the guard_sourcing() determine dynamically. # $1: Explicitly provided Argument: filename of the caller LIB. (Better let the guard_sourcing() determine dynamically.)
# Returns: # Returns:
# 0: Returns '0' in both cases as they are intended to be successful. # 0: Returns '0' in both cases as they are intended to be successful.
####################################### #######################################

10
lib/lib_trap_on_err.sh
View File

@@ -36,6 +36,7 @@ guard_sourcing
print_file_err() { print_file_err() {
{ {
printf "❌ CISS.debian.live.builder Script failed. \n" printf "❌ CISS.debian.live.builder Script failed. \n"
printf "❌ Git Commit : %s \n" "${VAR_GIT_REL}"
printf "❌ Version : %s \n" "${VAR_VERSION}" printf "❌ Version : %s \n" "${VAR_VERSION}"
printf "❌ Hostsystem : %s \n" "${VAR_SYSTEM}" printf "❌ Hostsystem : %s \n" "${VAR_SYSTEM}"
printf "❌ Error : %s \n" "${ERRCODE}" printf "❌ Error : %s \n" "${ERRCODE}"
@@ -50,7 +51,7 @@ print_file_err() {
if "${VAR_EARLY_DEBUG}"; then if "${VAR_EARLY_DEBUG}"; then
printf "❌ Vars Dump saved at : %s \n" "${LOG_VAR}" printf "❌ Vars Dump saved at : %s \n" "${LOG_VAR}"
printf "❌ Debug Log saved at : %s \n" "${LOG_DEBUG}" printf "❌ Debug Log saved at : %s \n" "${LOG_DEBUG}"
printf "❌ cat %s \n" "${LOG_DEBUG}" printf "❌ batcat --pager='less -r' %s \n" "${LOG_DEBUG}"
fi fi
printf "\n" printf "\n"
} >> "${LOG_ERROR}" } >> "${LOG_ERROR}"
@@ -79,6 +80,7 @@ print_file_err() {
####################################### #######################################
print_scr_err() { print_scr_err() {
printf "\e[91m❌ CISS.debian.live.builder Script failed. \e[0m\n" >&2 printf "\e[91m❌ CISS.debian.live.builder Script failed. \e[0m\n" >&2
printf "\e[91m❌ Git Commit : %s \e[0m\n" "${VAR_GIT_REL}" >&2
printf "\e[91m❌ Version : %s \e[0m\n" "${VAR_VERSION}" >&2 printf "\e[91m❌ Version : %s \e[0m\n" "${VAR_VERSION}" >&2
printf "\e[91m❌ Hostsystem : %s \e[0m\n" "${VAR_SYSTEM}" >&2 printf "\e[91m❌ Hostsystem : %s \e[0m\n" "${VAR_SYSTEM}" >&2
printf "\e[91m❌ Error : %s \e[0m\n" "${ERRCODE}" >&2 printf "\e[91m❌ Error : %s \e[0m\n" "${ERRCODE}" >&2
@@ -91,11 +93,11 @@ print_scr_err() {
printf "\e[91m❌ Arguments Original : %s \e[0m\n" "${ARG_STR_ORG_INPUT}" >&2 printf "\e[91m❌ Arguments Original : %s \e[0m\n" "${ARG_STR_ORG_INPUT}" >&2
printf "\e[91m❌ Arguments Sanitized : %s \e[0m\n" "${VAR_ARG_SANITIZED}" >&2 printf "\e[91m❌ Arguments Sanitized : %s \e[0m\n" "${VAR_ARG_SANITIZED}" >&2
printf "\e[91m❌ Error Log saved at : %s \e[0m\n" "${LOG_ERROR}" >&2 printf "\e[91m❌ Error Log saved at : %s \e[0m\n" "${LOG_ERROR}" >&2
printf "\e[91m❌ cat %s \e[0m\n" "${LOG_ERROR}" >&2 printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_ERROR}" >&2
if "${VAR_EARLY_DEBUG}"; then if "${VAR_EARLY_DEBUG}"; then
printf "\e[91m❌ Vars Dump saved at : %s \e[0m\n" "${LOG_VAR}" >&2 printf "\e[91m❌ Vars Dump saved at : %s \e[0m\n" "${LOG_VAR}" >&2
printf "\e[91m❌ Debug Log saved at : %s \e[0m\n" "${LOG_DEBUG}" >&2 printf "\e[91m❌ Debug Log saved at : %s \e[0m\n" "${LOG_DEBUG}" >&2
printf "\e[91m❌ cat %s \e[0m\n" "${LOG_DEBUG}" >&2 printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_DEBUG}" >&2
fi fi
printf "\n" printf "\n"
} }
@@ -117,12 +119,12 @@ print_scr_err() {
# $5: ${BASH_COMMAND} # $5: ${BASH_COMMAND}
####################################### #######################################
trap_on_err() { trap_on_err() {
trap - ERR
declare -g ERRCODE="$1" declare -g ERRCODE="$1"
declare -g ERRSCRT="$2" declare -g ERRSCRT="$2"
declare -g ERRLINE="$3" declare -g ERRLINE="$3"
declare -g ERRFUNC="$4" declare -g ERRFUNC="$4"
declare -g ERRCMMD="$5" declare -g ERRCMMD="$5"
trap - ERR
if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
clean_up "${ERRCODE}" clean_up "${ERRCODE}"
if ! $VAR_HANDLER_AUTOBUILD; then clean_screen; fi if ! $VAR_HANDLER_AUTOBUILD; then clean_screen; fi

4
lib/lib_trap_on_exit.sh
View File

@@ -20,8 +20,8 @@ guard_sourcing
# $1: $? # $1: $?
####################################### #######################################
trap_on_exit() { trap_on_exit() {
declare -r var_trap_on_exit_code="$1"
trap - EXIT trap - EXIT
declare -r var_trap_on_exit_code="$1"
if (( var_trap_on_exit_code == 0 )); then if (( var_trap_on_exit_code == 0 )); then
if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
clean_up "${var_trap_on_exit_code}" clean_up "${var_trap_on_exit_code}"
@@ -57,7 +57,7 @@ print_scr_exit() {
printf "\e[92m✅ Script Runtime : %s \e[0m\n" "${SECONDS}" printf "\e[92m✅ Script Runtime : %s \e[0m\n" "${SECONDS}"
printf "\e[92m✅ Vars Dump saved at : %s \e[0m\n" "${LOG_VAR}" printf "\e[92m✅ Vars Dump saved at : %s \e[0m\n" "${LOG_VAR}"
printf "\e[92m✅ Debug Log saved at : %s \e[0m\n" "${LOG_DEBUG}" printf "\e[92m✅ Debug Log saved at : %s \e[0m\n" "${LOG_DEBUG}"
printf "\e[92m✅ cat %s \e[0m\n" "${LOG_DEBUG}" printf "\e[92m✅ batcat --pager='less -r' %s \e[0m\n" "${LOG_DEBUG}"
printf "\n" printf "\n"
fi fi
printf "\e[95m💷 Please consider donating to my work at: \e[0m\n" printf "\e[95m💷 Please consider donating to my work at: \e[0m\n"

2
lib/lib_usage.sh
View File

@@ -21,7 +21,7 @@ usage() {
clear clear
cat << EOF cat << EOF
$(echo -e "\e[92mCISS.debian.live.builder\e[0m") $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
$(echo -e "\e[92mMaster V8.03.768.2025.06.23\e[0m") $(echo -e "\e[92mMaster V8.03.832.2025.06.24\e[0m")
$(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m") $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
$(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m") $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")

16
meta_sources_debug.sh
View File

@@ -10,23 +10,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Prevent this file from being sourced twice. Derive a safe guard-variable name from the script filename.
var_file_name="${BASH_SOURCE[0]##*/}"
var_safe_name="${var_file_name//[^a-zA-Z0-9_]/_}"
var_guard_var="_${var_safe_name}_LOADED"
### If var_guard_var is already set, abort sourcing.
if [[ -n "${!var_guard_var:-}" ]]; then
unset var_file_name var_safe_name var_guard_var
return 0
fi
### Set var_guard_var and make it readonly+exported
declare -grx "${var_guard_var}"=1
unset var_file_name var_safe_name var_guard_var
### Sourcing Debug Libs ### Sourcing Debug Libs
. ./lib/lib_debug.sh . ./lib/lib_debug.sh
. ./lib/lib_debug_header.sh . ./lib/lib_debug_header.sh
. ./lib/lib_debug_var_git.sh
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

2
scripts/9000-cdi-starter
View File

@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
# sleep 1 # sleep 1
[[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log [[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
printf "CISS.debian.installer Master V8.03.768.2025.06.23 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log printf "CISS.debian.installer Master V8.03.832.2025.06.24 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh

3
var/early.var.sh
View File

@@ -17,8 +17,9 @@ declare -agx ARY_PARAM_ARRAY=("$@")
declare -grx VAR_PARAM_COUNT="$#" declare -grx VAR_PARAM_COUNT="$#"
declare -grx VAR_PARAM_STRNG="$*" declare -grx VAR_PARAM_STRNG="$*"
declare -grx VAR_CONTACT="security@coresecret.eu" declare -grx VAR_CONTACT="security@coresecret.eu"
declare -grx VAR_VERSION="Master V8.03.768.2025.06.23" declare -grx VAR_VERSION="Master V8.03.832.2025.06.24"
declare -grx VAR_SYSTEM="$(uname -a)" declare -grx VAR_SYSTEM="$(uname -a)"
declare -gx VAR_EARLY_DEBUG="false"
declare -gx VAR_HANDLER_AUTOBUILD="false" declare -gx VAR_HANDLER_AUTOBUILD="false"
umask 0022 umask 0022
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

5
var/global.var.sh
View File

@@ -17,11 +17,6 @@ declare -gr VAR_KERNEL_TMP="$(mktemp)"
declare -gr VAR_KERNEL_SRT="$(mktemp)" declare -gr VAR_KERNEL_SRT="$(mktemp)"
declare -gr VAR_NOTES="$(mktemp)" declare -gr VAR_NOTES="$(mktemp)"
if "${VAR_EARLY_DEBUG}"; then
declare -gr LOG_VAR="/tmp/ciss_live_builder_$$_var.log"
touch "${LOG_VAR}" && chmod 0600 "${LOG_VAR}"
fi
declare -gr LOG_ERROR="/tmp/ciss_live_builder_$$_error.log" declare -gr LOG_ERROR="/tmp/ciss_live_builder_$$_error.log"
touch "${LOG_ERROR}" && chmod 0600 "${LOG_ERROR}" touch "${LOG_ERROR}" && chmod 0600 "${LOG_ERROR}"