msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
582a110f0429eff1f7d3fb149c1867ee926c239bcc34792e2fa7e0d60e714536
CISS.debian.live.builder/docs/DL_PUB_ISO.md
Marc S. Weidner 51556707e2
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m20s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m35s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 56m6s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 54m46s
Details
V8.13.142.2025.10.14 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-14 20:35:02 +01:00

3.2 KiB
Raw Blame History

Table of Contents

1. CISS.debian.live.builder

Centurion Intelligence Consulting Agency Information Security Standard
Debian Live Build Generator for hardened live environment and CISS Debian Installer
Master Version: 8.13
Build: V8.13.142.2025.10.14

2. Download the latest PUBLIC CISS.debian.live.ISO

2.1. Autobuild Information

The latest information about the public CISS.debian.live.ISO is available at /LIVE_ISO.public.

2.2. URL

Download the latest Auto-Generated CISS.debian.live.ISO_PUBLIC.

2.3. Root Passwd

Use the following Root Password:

Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH

2.4. Root SSH Keys

Use the following Root SSH Key Material:

2.4.1. SSH Public Key

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2025_ciss.debian.live.ISO_PUBLIC_ONLY"
AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
8uSY
---- END SSH2 PUBLIC KEY ----

2.4.2. SSH Private Key OPENSSH

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0
MkzTOHVgNHQSoGBPlJ49AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAINAY
ZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS8uSYAAAAsAO6qB+tMUOkUm1n3EG5
X6RyDOYYzY2yuwXHwLD2uAkG7cv/IoO1Dgol+Ugm6ryh5BnFWeyXCxwUmgc54kaV
bHkYWrHVqC8kANbMzt9V2WicNrgktjlV6OoYm0nD5M0+dYYxnMUoY1ghjmvF05Jf
xdsw83HOA1m0ZbDxX8/4GrL/HNSj6/1hm/x8KNvy9NN7jFfAcP3rNlNO+B6ckq66
Clw5PIdM7+BObTSD0g99dLFI
-----END OPENSSH PRIVATE KEY-----

2.4.3. SSH Private Key

PuTTY-User-Key-File-3: ssh-ed25519
Encryption: aes256-cbc
Comment: 2025_ciss.debian.live.ISO_PUBLIC_ONLY
Public-Lines: 2
AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
8uSY
Key-Derivation: Argon2id
Argon2-Memory: 8192
Argon2-Passes: 13
Argon2-Parallelism: 1
Argon2-Salt: e93b747ffd3d55f3865502c848b07ec7
Private-Lines: 1
onOztqghDo2kzYMa7VosVQ+TMr1AHLknwGPMIpuDEb0GyfdVB6LqV3rAKEJRRXJg
Private-MAC: 3c87f88ee5306c56e7b2240d7bddda3ce4369d6d296b9101d8a8c5834fdf5e25

2.4.4. SSH Private Key Encryption Key (KEK)

^QbHsh#WPdaVwyWbkb5fpejDawhaKP9hx74dnCzD#W

3. Login

3.1. SSH

Connect to <IP>:42137. Please note that if you select a different port by mistake, your client IP address will be blocked instantly — literally in a few microseconds — for 86,400 seconds (i.e., one full day) due to the

  • ufw
  • fail2ban
  • /etc/hosts.deny

ultimate hardening rules:

### SSH Handling: Foreign IP (not in /etc/hosts.allow): refused to connect: immediate ban [sshd-refused]
###               Jump host mistyped 1-3 times: no ban, only after four attempts          [sshd]
(...)
# ufw aggressive approach:
# Any valid client communicating with our server should be going directly to the service ports opened in ufw (ssh, 80, 443, ...).
# Any client touching other ports is treated as malicious and therefore should be blocked access to ALL ports after one attempt.

3.2. Console

Login as root and present the following credentials:

Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH

no tracking | no logging | no advertising | no profiling | no bullshit

Reference in New Issue View Git Blame Copy Permalink