81 lines
5.2 KiB
Markdown
81 lines
5.2 KiB
Markdown
---
|
|
gitea: none
|
|
include_toc: true
|
|
---
|
|
|
|
# 1. CISS.debian.live.builder
|
|
|
|
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
|
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
|
**Master Version**: 8.03<br>
|
|
**Build**: V8.03.400.2025.06.05<br>
|
|
|
|
# 2. Resources
|
|
|
|
## 2.1. Debian Live related
|
|
|
|
- [Debian live-boot](https://salsa.debian.org/live-team/live-boot)
|
|
- [Debian Live Manual](https://live-team.pages.debian.net/live-manual/html/live-manual/index.en.html)
|
|
- [Debian Live Boot Doc](https://manpages.debian.org/bookworm/live-boot-doc/live-boot.7.en.html)
|
|
- [Debian Live Build](https://manpages.debian.org/bookworm/live-build/index.html)
|
|
- [Debian Live Config](https://manpages.debian.org/bookworm/live-config-doc/index.html)
|
|
- [Debian Live Tools](https://manpages.debian.org/bookworm/live-tools/index.html)
|
|
|
|
## 2.2. Disk Encryption related
|
|
|
|
- [https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system](https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system)
|
|
- [https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_(GRUB)](https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_(GRUB))
|
|
- [https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode)
|
|
- [https://wiki.archlinux.org/title/GRUB#Encrypted_/boot](https://wiki.archlinux.org/title/GRUB#Encrypted_/boot)
|
|
- [https://wiki.archlinux.org/title/GRUB#LUKS2](https://wiki.archlinux.org/title/GRUB#LUKS2)
|
|
- [https://wiki.archlinux.org/title/Advanced_Format](https://wiki.archlinux.org/title/Advanced_Format)
|
|
- [https://packages.debian.org/bookworm-backports/grub-common](https://packages.debian.org/bookworm-backports/grub-common)
|
|
- [https://www.kernel.org/doc/html/v5.5/admin-guide/device-mapper/dm-integrity.html](https://www.kernel.org/doc/html/v5.5/admin-guide/device-mapper/dm-integrity.html)
|
|
- [https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption)
|
|
- [https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#2-setup](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#2-setup)
|
|
|
|
## 2.3. Kernel related
|
|
|
|
- [https://wiki.archlinux.org/title/Kernel](https://wiki.archlinux.org/title/Kernel)
|
|
- [https://wiki.archlinux.org/title/Kernel_parameters](https://wiki.archlinux.org/title/Kernel_parameters)
|
|
- [https://www.kernel.org/](https://www.kernel.org/)
|
|
- [https://github.com/anthraxx/linux-hardened](https://github.com/anthraxx/linux-hardened)
|
|
|
|
## 2.4. Policy related
|
|
|
|
- [https://www.debian.org/doc/manuals/securing-debian-manual/](https://www.debian.org/doc/manuals/securing-debian-manual/)
|
|
- [https://www.tenable.com/audits/CIS_Debian_Linux_12_v1.0.1_L1_Server](https://www.tenable.com/audits/CIS_Debian_Linux_12_v1.0.1_L1_Server)
|
|
- [https://www.cisecurity.org/cis-benchmarks](https://www.cisecurity.org/cis-benchmarks)
|
|
- [https://github.com/CISOfy/lynis](https://github.com/CISOfy/lynis)
|
|
- [https://github.com/lateralblast/lunar](https://github.com/lateralblast/lunar)
|
|
- [https://complianceascode.github.io/content-pages/guides/ssg-debian12-guide-standard.html](https://complianceascode.github.io/content-pages/guides/ssg-debian12-guide-standard.html)
|
|
|
|
## 2.5. Security related
|
|
|
|
- [https://wiki.archlinux.org/title/General_recommendations](https://wiki.archlinux.org/title/General_recommendations)
|
|
- [https://wiki.archlinux.org/title/Security](https://wiki.archlinux.org/title/Security)
|
|
- [https://wiki.archlinux.org/title/Identity_management](https://wiki.archlinux.org/title/Identity_management)
|
|
- [https://wiki.archlinux.org/title/Capabilities](https://wiki.archlinux.org/title/Capabilities)
|
|
- [https://privsec.dev/posts/linux/desktop-linux-hardening/](https://privsec.dev/posts/linux/desktop-linux-hardening/)
|
|
- [https://wiki.archlinux.org/title/fail2ban#Service_hardenin](https://wiki.archlinux.org/title/fail2ban#Service_hardenin)
|
|
- [https://theprivacyguide1.github.io/linux_hardening_guide](https://theprivacyguide1.github.io/linux_hardening_guide)
|
|
- [https://github.com/zabbly/linux](https://github.com/zabbly/linux)
|
|
|
|
## 2.6. Bash related
|
|
|
|
- [https://www.gnu.org/software/bash/manual/](https://www.gnu.org/software/bash/manual/)
|
|
- [https://www.shellcheck.net/](https://www.shellcheck.net/)
|
|
- [https://explainshell.com/](https://explainshell.com/)
|
|
- [https://google.github.io/styleguide/shellguide.html](https://google.github.io/styleguide/shellguide.html)
|
|
- [https://github.com/mvdan/sh](https://github.com/mvdan/sh)
|
|
- [https://gist.github.com/Potherca/4f4ce1c8d4bcf4cd4aab](https://gist.github.com/Potherca/4f4ce1c8d4bcf4cd4aab)
|
|
|
|
### 2.6.1. Error handling
|
|
|
|
- [Use set -e - Writing Robust Bash Shell Scripts - David Pashley](https://www.davidpashley.com/articles/writing-robust-shell-scripts/#id2596016)
|
|
- [Why doesn't set -e (or set -o errexit, or trap ERR) do what I expected? - BashFAQ/105 - Greg's Wiki](https://mywiki.wooledge.org/BashFAQ/105)
|
|
|
|
---
|
|
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
|
|
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
|