Marc S. Weidner
2e50dd9535
Some checks failed
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m13s
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 56s
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 51m3s
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 1m33s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
5.2 KiB
5.2 KiB
Table of Contents
1. CISS.debian.live.builder
Centurion Intelligence Consulting Agency Information Security Standard
Debian Live Build Generator for hardened live environment and CISS Debian Installer
Master Version: 8.13
Build: V8.13.768.2025.12.06
2. Resources
2.1. Debian Live related
- Debian live-boot
- Debian Live Manual
- Debian Live Boot Doc
- Debian Live Build
- Debian Live Config
- Debian Live Tools
2.2. Disk Encryption related
- https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system
- https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_(GRUB)
- https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode
- https://wiki.archlinux.org/title/GRUB#Encrypted_/boot
- https://wiki.archlinux.org/title/GRUB#LUKS2
- https://wiki.archlinux.org/title/Advanced_Format
- https://packages.debian.org/bookworm-backports/grub-common
- https://www.kernel.org/doc/html/v5.5/admin-guide/device-mapper/dm-integrity.html
- https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption
- https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#2-setup
2.3. Kernel related
- https://wiki.archlinux.org/title/Kernel
- https://wiki.archlinux.org/title/Kernel_parameters
- https://www.kernel.org/
- https://github.com/anthraxx/linux-hardened
2.4. Policy related
- https://www.debian.org/doc/manuals/securing-debian-manual/
- https://www.tenable.com/audits/CIS_Debian_Linux_12_v1.0.1_L1_Server
- https://www.cisecurity.org/cis-benchmarks
- https://github.com/CISOfy/lynis
- https://github.com/lateralblast/lunar
- https://complianceascode.github.io/content-pages/guides/ssg-debian12-guide-standard.html
2.5. Security related
- https://wiki.archlinux.org/title/General_recommendations
- https://wiki.archlinux.org/title/Security
- https://wiki.archlinux.org/title/Identity_management
- https://wiki.archlinux.org/title/Capabilities
- https://privsec.dev/posts/linux/desktop-linux-hardening/
- https://wiki.archlinux.org/title/fail2ban#Service_hardenin
- https://theprivacyguide1.github.io/linux_hardening_guide
- https://github.com/zabbly/linux
2.6. Bash related
- https://www.gnu.org/software/bash/manual/
- https://www.shellcheck.net/
- https://explainshell.com/
- https://google.github.io/styleguide/shellguide.html
- https://github.com/mvdan/sh
- https://gist.github.com/Potherca/4f4ce1c8d4bcf4cd4aab
2.6.1. Error handling
- Use set -e - Writing Robust Bash Shell Scripts - David Pashley
- Why doesn't set -e (or set -o errexit, or trap ERR) do what I expected? - BashFAQ/105 - Greg's Wiki
no tracking | no logging | no advertising | no profiling | no bullshit