10 KiB
10 KiB
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<style>
html {
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 12px;
}
h1 {
font-size: 1.8em;
}
}
@media print {
html {
background-color: white;
}
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, Consolas, 'Lucida Console', monospace;
font-size: 85%;
margin: 0;
hyphens: manual;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
div.columns{display: flex; gap: min(4vw, 1.5em);}
div.column{flex: auto; overflow-x: auto;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
/* The extra [class] is a hack that increases specificity enough to
override a similar rule in reveal.js */
ul.task-list[class]{list-style: none;}
ul.task-list li input[type="checkbox"] {
font-size: inherit;
width: 0.8em;
margin: 0 0.8em 0.2em -1.6em;
vertical-align: middle;
}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
</head>
./docs/REFERENCES.md
1. CISS.debian.live.builder
Centurion Intelligence Consulting Agency Information Security Standard
Debian Live Build Generator for hardened live environment and CISS Debian Installer
Master Version: 8.02
Build: V8.03.127.2025.06.02
2. Resources
2.1. Debian Live related
- Debian live-boot
- Debian Live Manual
- Debian Live Boot Doc
- Debian Live Build
- Debian Live Config
- Debian Live Tools
2.2. Disk Encryption related
- https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system
- https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_(GRUB)
- https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode
- https://wiki.archlinux.org/title/GRUB#Encrypted_/boot
- https://wiki.archlinux.org/title/GRUB#LUKS2
- https://wiki.archlinux.org/title/Advanced_Format
- https://packages.debian.org/bookworm-backports/grub-common
- https://www.kernel.org/doc/html/v5.5/admin-guide/device-mapper/dm-integrity.html
- https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption
- https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#2-setup
2.3. Kernel related
- https://wiki.archlinux.org/title/Kernel
- https://wiki.archlinux.org/title/Kernel_parameters
- https://www.kernel.org/
- https://github.com/anthraxx/linux-hardened
2.4. Policy related
- https://www.debian.org/doc/manuals/securing-debian-manual/
- https://www.tenable.com/audits/CIS_Debian_Linux_12_v1.0.1_L1_Server
- https://www.cisecurity.org/cis-benchmarks
- https://github.com/CISOfy/lynis
- https://github.com/lateralblast/lunar
- https://complianceascode.github.io/content-pages/guides/ssg-debian12-guide-standard.html
2.5. Security related
- https://wiki.archlinux.org/title/General_recommendations
- https://wiki.archlinux.org/title/Security
- https://wiki.archlinux.org/title/Identity_management
- https://wiki.archlinux.org/title/Capabilities
- https://privsec.dev/posts/linux/desktop-linux-hardening/
- https://wiki.archlinux.org/title/fail2ban#Service_hardenin
- https://theprivacyguide1.github.io/linux_hardening_guide
- https://github.com/zabbly/linux
2.6. Bash related
- https://www.gnu.org/software/bash/manual/
- https://www.shellcheck.net/
- https://explainshell.com/
- https://google.github.io/styleguide/shellguide.html
- https://github.com/mvdan/sh
- https://gist.github.com/Potherca/4f4ce1c8d4bcf4cd4aab
2.6.1. Error handling
- Use set -e - Writing Robust Bash Shell Scripts - David Pashley
- Why doesn't set -e (or set -o errexit, or trap ERR) do what I expected? - BashFAQ/105 - Greg's Wiki
no tracking | no logging | no advertising | no profiling | no bullshit
</html>