CISS.debian.live.builder/docs/CHANGELOG.md

Table of Contents

• 1. CISS.debian.live.builder
• 2. Changelog
• V8.13.002.2025.08.11
• V8.03.920.2025.08.07
• V8.03.912.2025.07.23
• V8.03.896.2025.07.22
• V8.03.880.2025.07.19
• V8.03.864.2025.07.15
• V8.03.832.2025.06.25
• V8.03.832.2025.06.24
• V8.03.768.2025.06.23
• V8.03.768.2025.06.19
• V8.03.768.2025.06.18
• V8.03.768.2025.06.17
• V8.03.768.2025.06.11
• V8.03.768.2025.06.09
• V8.03.644.2025.06.07
• V8.03.512.2025.06.06
• V8.03.400.2025.06.05

1. CISS.debian.live.builder

Centurion Intelligence Consulting Agency Information Security Standard
Debian Live Build Generator for hardened live environment and CISS Debian Installer
Master Version: 8.13
Build: V8.13.002.2025.08.11

2. Changelog

V8.13.002.2025.08.11

• Added: lib_source_guard.sh
• Added: sources.list
• Added: trixie.sources
• Added: trixie-backports.sources
• Added: trixie-security.sources
• Added: trixie-updates.sources
• Added: login.defs
• Bugfixes: 0001_initramfs_modules.chroot
• Bugfixes: 9996_auditd.chroot
• Updated: bash.var.sh
• Updated: 9998_sources_list_trixie.chroot
• Updated: Support for Debian Trixie via Argument --trixie
• Updated: Debian 12 LIVE ISO workflows to use Kernel: linux-image-6.1.0-37-amd64

V8.03.920.2025.08.07

• Updated: lib_arg_parser.sh
• Updated: ciss_live_builder.sh
• Updated: live.list.common.chroot

V8.03.912.2025.07.23

• Updated: alias
• Updated: clean_logout.sh
• Updated: f2bchk.sh
• Updated: scan_libwrap
• Updated: shortcuts
• Updated: .bashrc

V8.03.896.2025.07.22

• Added: .shellcheckrc
• Bugfixes: ciss_live_builder.sh
• Updated: 0810_chrony_setup.chroot

V8.03.880.2025.07.19

• Updated: alias
• Updated: shortcuts
• Added: Package ncdu: live.list.common.chroot
• Added: TrustedUserCAKeys none: sshd_config

V8.03.864.2025.07.15

• Updated: 0010_dhcp_supersede.sh
• Added: BOOTPARAMS.md
• Added: Package cpuid: live.list.common.chroot

V8.03.832.2025.06.25

• Added: lib_version.sh
• Updated:
  • lib_contact.sh
  • lib_usage.sh
• Packages added:
  • https://packages.debian.org/bookworm/fio
  • https://packages.debian.org/bookworm/stress
• Updated: Timezone changed to Etc/UTC

V8.03.832.2025.06.24

• Updated:
  • lib_check_provider.sh
  • lib_debug_header.sh
  • lib_trap_on_err.sh
• Added: The Debian package bat will be installed to enable smooth log reading.

V8.03.768.2025.06.23

• Updated: lib_clean_up.sh: Removal of Lock FD and Artifacts.
• Rearranged VARs sourcing: early.var.sh
• Rearranged DEBUG XTRACE sourcing: meta_sources_debug.sh
• Added: Git Repo specific VARs: lib_debug_var_git.sh
• Added: guard_sourcing(): lib_guard_sourcing.sh to prevent the caller LIB-file from being sourced twice.

V8.03.768.2025.06.19

• Minor main script improvements.
• Updated: lib_usage.sh output.

V8.03.768.2025.06.18

• Minor main script improvements.
• Updated: Contact section.
• Integrated third dns03.eddns.eu Centurion DNS Resolver.

V8.03.768.2025.06.17

• Updated: LIVE ISO workflows to use Kernel: linux-image-6.12.30+bpo-amd64

V8.03.768.2025.06.11

• Updated: LIVE ISO workflows to use Kernel: linux-image-6.12.27+bpo-amd64

V8.03.768.2025.06.09

• Added: f2bchk.sh
• Updated: alias
  • scurl()
  • swget()

V8.03.644.2025.06.07

• Updated: Workflows ISO Generators Runners.
• Installing bookworm-backports Versions of:
  • btrfs-progs
  • curl
  • debootstrap
  • iproute2
  • ncat
  • nmap
  • ssh
  • systemd
  • systemd-sysv
  • whois
• Changed default: /etc/login.defs LOGIN_TIMEOUT 60 to: LOGIN_TIMEOUT 180
• LIVE ISO generated by workflow tested against:
  • Netcup Root Server
  • Proxmox
• LIVE ISO generated by script tested against:
  • Netcup Root Server

V8.03.512.2025.06.06

• Updated: Workflows:

  1. git stash push
  2. git fetch origin master
  3. git merge --no-edit origin/master
  4. git stash pop

• Changed workflows ISO Generators routines 🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.

  • added wget --https-only flag
  • added verification step

V8.03.400.2025.06.05

• The workflow ISO Generators image was changed to debian:bookworm.
• Added a LIVE ISO workflow routine to build GnuPG from sources, since Bookworm GPG does not recognize key format 5.
• Changed verbosity of:
  • 9993_aide.chroot
  • 9997_debsums.chroot
• Added basic linter checks for:
  • *.sh,
  • *.zsh,
  • *.chroot,
  • all files with Shebang #! for:
    • Windows CRLF line endings
    • unauthorized control characters (C0 control characters except \t, \n)
    • non-ASCII (ambiguous UTF) characters
  • linter_char_scripts.yaml

---

no tracking | no logging | no advertising | no profiling | no bullshit