msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
1068aa2004f8443c91ea2e7376b1189ee32ce04c31611fae7af7be74ee307553
CISS.debian.live.builder/docs/DL_PUB_ISO.md
Marc S. Weidner 051361abbb
Some checks failed
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m5s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m15s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 1m23s
Details
V8.13.392.2025.11.07 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-11-07 17:12:52 +01:00

111 lines
3.2 KiB
Markdown
Raw Blame History

---
gitea: none
include_toc: true
---
# 1. CISS.debian.live.builder
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.392.2025.11.07<br>
# 2. Download the latest PUBLIC CISS.debian.live.ISO
## 2.1. Autobuild Information
The latest information about the public **``CISS.debian.live.ISO``** is available at **`/LIVE_ISO.public`**.
## 2.2. URL
Download the latest Auto-Generated [CISS.debian.live.ISO_PUBLIC](https://cloud.e2ee.li/s/E7FoctLroB4oF7P).
## 2.3. Root Passwd
Use the following ``Root`` Password:
````text
Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
````
## 2.4. Root SSH Keys
Use the following ``Root`` SSH Key Material:
### 2.4.1. SSH Public Key
````text
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2025_ciss.debian.live.ISO_PUBLIC_ONLY"
AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
8uSY
---- END SSH2 PUBLIC KEY ----
````
### 2.4.2. SSH Private Key OPENSSH
````text
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0
MkzTOHVgNHQSoGBPlJ49AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAINAY
ZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS8uSYAAAAsAO6qB+tMUOkUm1n3EG5
X6RyDOYYzY2yuwXHwLD2uAkG7cv/IoO1Dgol+Ugm6ryh5BnFWeyXCxwUmgc54kaV
bHkYWrHVqC8kANbMzt9V2WicNrgktjlV6OoYm0nD5M0+dYYxnMUoY1ghjmvF05Jf
xdsw83HOA1m0ZbDxX8/4GrL/HNSj6/1hm/x8KNvy9NN7jFfAcP3rNlNO+B6ckq66
Clw5PIdM7+BObTSD0g99dLFI
-----END OPENSSH PRIVATE KEY-----
````
### 2.4.3. SSH Private Key
````text
PuTTY-User-Key-File-3: ssh-ed25519
Encryption: aes256-cbc
Comment: 2025_ciss.debian.live.ISO_PUBLIC_ONLY
Public-Lines: 2
AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
8uSY
Key-Derivation: Argon2id
Argon2-Memory: 8192
Argon2-Passes: 13
Argon2-Parallelism: 1
Argon2-Salt: e93b747ffd3d55f3865502c848b07ec7
Private-Lines: 1
onOztqghDo2kzYMa7VosVQ+TMr1AHLknwGPMIpuDEb0GyfdVB6LqV3rAKEJRRXJg
Private-MAC: 3c87f88ee5306c56e7b2240d7bddda3ce4369d6d296b9101d8a8c5834fdf5e25
````
### 2.4.4. SSH Private Key Encryption Key (KEK)
````text
^QbHsh#WPdaVwyWbkb5fpejDawhaKP9hx74dnCzD#W
````
# 3. Login
## 3.1. SSH
Connect to `<IP>:42137`. Please note that if you select a different port by mistake, your client IP address will be blocked
instantly — literally in a few microseconds — for 86,400 seconds (i.e., one full day) due to the
* `ufw`
* `fail2ban`
* `/etc/hosts.deny`
ultimate hardening rules:
````text
### SSH Handling: Foreign IP (not in /etc/hosts.allow): refused to connect: immediate ban [sshd-refused]
### Jump host mistyped 1-3 times: no ban, only after four attempts [sshd]
(...)
# ufw aggressive approach:
# Any valid client communicating with our server should be going directly to the service ports opened in ufw (ssh, 80, 443, ...).
# Any client touching other ports is treated as malicious and therefore should be blocked access to ALL ports after one attempt.
````
## 3.2. Console
Login as root and present the following credentials:
````text
Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
````
---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
Reference in New Issue View Git Blame Copy Permalink