---
gitea: none
include_toc: true
---

# 1. CISS.debian.live.builder

**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.520.2025.12.02<br>

# 2. Resources

## 2.1. Debian Live related

- [Debian live-boot](https://salsa.debian.org/live-team/live-boot)
- [Debian Live Manual](https://live-team.pages.debian.net/live-manual/html/live-manual/index.en.html)
- [Debian Live Boot Doc](https://manpages.debian.org/bookworm/live-boot-doc/live-boot.7.en.html)
- [Debian Live Build](https://manpages.debian.org/bookworm/live-build/index.html)
- [Debian Live Config](https://manpages.debian.org/bookworm/live-config-doc/index.html)
- [Debian Live Tools](https://manpages.debian.org/bookworm/live-tools/index.html)

## 2.2. Disk Encryption related

- [https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system](https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system)
- [https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_(GRUB)](https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_(GRUB))
- [https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode)
- [https://wiki.archlinux.org/title/GRUB#Encrypted_/boot](https://wiki.archlinux.org/title/GRUB#Encrypted_/boot)
- [https://wiki.archlinux.org/title/GRUB#LUKS2](https://wiki.archlinux.org/title/GRUB#LUKS2)
- [https://wiki.archlinux.org/title/Advanced_Format](https://wiki.archlinux.org/title/Advanced_Format)
- [https://packages.debian.org/bookworm-backports/grub-common](https://packages.debian.org/bookworm-backports/grub-common)
- [https://www.kernel.org/doc/html/v5.5/admin-guide/device-mapper/dm-integrity.html](https://www.kernel.org/doc/html/v5.5/admin-guide/device-mapper/dm-integrity.html)
- [https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption)
- [https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#2-setup](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#2-setup)

## 2.3. Kernel related

- [https://wiki.archlinux.org/title/Kernel](https://wiki.archlinux.org/title/Kernel)
- [https://wiki.archlinux.org/title/Kernel_parameters](https://wiki.archlinux.org/title/Kernel_parameters)
- [https://www.kernel.org/](https://www.kernel.org/)
- [https://github.com/anthraxx/linux-hardened](https://github.com/anthraxx/linux-hardened)

## 2.4. Policy related

- [https://www.debian.org/doc/manuals/securing-debian-manual/](https://www.debian.org/doc/manuals/securing-debian-manual/)
- [https://www.tenable.com/audits/CIS_Debian_Linux_12_v1.0.1_L1_Server](https://www.tenable.com/audits/CIS_Debian_Linux_12_v1.0.1_L1_Server)
- [https://www.cisecurity.org/cis-benchmarks](https://www.cisecurity.org/cis-benchmarks)
- [https://github.com/CISOfy/lynis](https://github.com/CISOfy/lynis)
- [https://github.com/lateralblast/lunar](https://github.com/lateralblast/lunar)
- [https://complianceascode.github.io/content-pages/guides/ssg-debian12-guide-standard.html](https://complianceascode.github.io/content-pages/guides/ssg-debian12-guide-standard.html)

## 2.5. Security related

- [https://wiki.archlinux.org/title/General_recommendations](https://wiki.archlinux.org/title/General_recommendations)
- [https://wiki.archlinux.org/title/Security](https://wiki.archlinux.org/title/Security)
- [https://wiki.archlinux.org/title/Identity_management](https://wiki.archlinux.org/title/Identity_management)
- [https://wiki.archlinux.org/title/Capabilities](https://wiki.archlinux.org/title/Capabilities)
- [https://privsec.dev/posts/linux/desktop-linux-hardening/](https://privsec.dev/posts/linux/desktop-linux-hardening/)
- [https://wiki.archlinux.org/title/fail2ban#Service_hardenin](https://wiki.archlinux.org/title/fail2ban#Service_hardenin)
- [https://theprivacyguide1.github.io/linux_hardening_guide](https://theprivacyguide1.github.io/linux_hardening_guide)
- [https://github.com/zabbly/linux](https://github.com/zabbly/linux)

## 2.6. Bash related

- [https://www.gnu.org/software/bash/manual/](https://www.gnu.org/software/bash/manual/)
- [https://www.shellcheck.net/](https://www.shellcheck.net/)
- [https://explainshell.com/](https://explainshell.com/)
- [https://google.github.io/styleguide/shellguide.html](https://google.github.io/styleguide/shellguide.html)
- [https://github.com/mvdan/sh](https://github.com/mvdan/sh)
- [https://gist.github.com/Potherca/4f4ce1c8d4bcf4cd4aab](https://gist.github.com/Potherca/4f4ce1c8d4bcf4cd4aab)

### 2.6.1. Error handling

- [Use set -e - Writing Robust Bash Shell Scripts - David Pashley](https://www.davidpashley.com/articles/writing-robust-shell-scripts/#id2596016)
- [Why doesn't set -e (or set -o errexit, or trap ERR) do what I expected? - BashFAQ/105 - Greg's Wiki](https://mywiki.wooledge.org/BashFAQ/105)

---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->