msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
dddd3121b815567511f315eac6fabbfe924aecf3c18be24780977ca983dc3837
CISS.debian.live.builder/docs/DL_PUB_ISO.md
Marc S. Weidner 328c58335b V8.03.400.2025.06.05 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-05 20:18:30 +02:00

111 lines
3.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
gitea: none
include_toc: true
---
# 1. CISS.debian.live.builder
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. Download the latest PUBLIC CISS.debian.live.ISO
## 2.1. Autobuild Information
The latest information about the public **``CISS.debian.live.ISO``** is available at **`/LIVE_ISO.public`**.
## 2.2. URL
Download the latest Auto-Generated [CISS.debian.live.ISO_PUBLIC](https://cloud.e2ee.li/s/E7FoctLroB4oF7P).
## 2.3. Root Passwd
Use the following ``Root`` Password:
````text
Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
````
## 2.4. Root SSH Keys
Use the following ``Root`` SSH Key Material:
### 2.4.1. SSH Public Key
````text
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2025_ciss.debian.live.ISO_PUBLIC_ONLY"
AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
8uSY
---- END SSH2 PUBLIC KEY ----
````
### 2.4.2. SSH Private Key OPENSSH
````text
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB0
MkzTOHVgNHQSoGBPlJ49AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAINAY
ZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS8uSYAAAAsAO6qB+tMUOkUm1n3EG5
X6RyDOYYzY2yuwXHwLD2uAkG7cv/IoO1Dgol+Ugm6ryh5BnFWeyXCxwUmgc54kaV
bHkYWrHVqC8kANbMzt9V2WicNrgktjlV6OoYm0nD5M0+dYYxnMUoY1ghjmvF05Jf
xdsw83HOA1m0ZbDxX8/4GrL/HNSj6/1hm/x8KNvy9NN7jFfAcP3rNlNO+B6ckq66
Clw5PIdM7+BObTSD0g99dLFI
-----END OPENSSH PRIVATE KEY-----
````
### 2.4.3. SSH Private Key
````text
PuTTY-User-Key-File-3: ssh-ed25519
Encryption: aes256-cbc
Comment: 2025_ciss.debian.live.ISO_PUBLIC_ONLY
Public-Lines: 2
AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS
8uSY
Key-Derivation: Argon2id
Argon2-Memory: 8192
Argon2-Passes: 13
Argon2-Parallelism: 1
Argon2-Salt: e93b747ffd3d55f3865502c848b07ec7
Private-Lines: 1
onOztqghDo2kzYMa7VosVQ+TMr1AHLknwGPMIpuDEb0GyfdVB6LqV3rAKEJRRXJg
Private-MAC: 3c87f88ee5306c56e7b2240d7bddda3ce4369d6d296b9101d8a8c5834fdf5e25
````
### 2.4.4. SSH Private Key Encryption Key (KEK)
````text
^QbHsh#WPdaVwyWbkb5fpejDawhaKP9hx74dnCzD#W
````
# 3. Login
## 3.1. SSH
Connect to `<IP>:42137`. Please note that if you select a different port by mistake, your client IP address will be blocked
instantly — literally in a few microseconds — for 86,400 seconds (i.e., one full day) due to the
* `ufw`
* `fail2ban`
* `/etc/hosts.deny`
ultimate hardening rules:
````text
### SSH Handling: Foreign IP (not in /etc/hosts.allow): refused to connect: immediate ban [sshd-refused]
### Jump host mistyped 13 times: no ban, only after four attempts [sshd]
(...)
# ufw aggressive approach:
# Any valid client communicating with our server should be going directly to the service ports opened in ufw (ssh, 80, 443, ...).
# Any client touching other ports is treated as malicious and therefore should be blocked access to ALL ports after one attempt.
````
## 3.2. Console
Login as root and present the following credentials:
````text
Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH
````
---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
Reference in New Issue View Git Blame Copy Permalink