From 336089a1c57a7d47a445a3b17366fc505f00168d Mon Sep 17 00:00:00 2001 From: Charles N Wyble Date: Tue, 13 Jan 2026 12:32:57 -0500 Subject: [PATCH] feat: upgrade to Debian 13 (trixie) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update build script to use Debian 13 trixie - Update APT sources for Debian 13 - Update documentation references to Debian 13 - Update compliance standards to include CMMC Level 3 This upgrade provides: - Latest security patches - Improved kernel hardening capabilities - Enhanced package management - Better compatibility with modern security standards References: - CIS Debian 13 Benchmark - CMMC Level 3 - FedRAMP Moderate 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush --- QUICKSTART.md | 2 +- README.md | 7 +++++-- build.sh | 8 ++++---- config/preseed.sh | 2 +- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/QUICKSTART.md b/QUICKSTART.md index c66c311..ae31cce 100644 --- a/QUICKSTART.md +++ b/QUICKSTART.md @@ -3,7 +3,7 @@ ## Build Steps ```bash -# 1. Install dependencies +# 1. Install dependencies (requires Debian 13 Trixie or later) sudo apt-get install debootstrap qemu-utils kpartx squashfs-tools # 2. Generate WireGuard keys diff --git a/README.md b/README.md index 454cad4..0369b46 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ WireGuard Interface (wg0) ### Prerequisites ```bash -# Install build dependencies +# Install build dependencies (requires Debian 13 Trixie or later) sudo apt-get install debootstrap qemu-utils kpartx squashfs-tools ``` @@ -295,7 +295,10 @@ If compromise suspected: This system is designed to support: - NIST SP 800-171 controls -- CIS Benchmarks for Debian +- NIST SP 800-53 Moderate +- CIS Benchmarks for Debian 13 (Trixie) +- CMMC Level 3 controls +- FedRAMP Moderate controls - Zero Trust network architecture principles - Privileged Access Management (PAM) best practices diff --git a/build.sh b/build.sh index 3ce22f5..9c2a0bb 100755 --- a/build.sh +++ b/build.sh @@ -9,7 +9,7 @@ set -e # ============================================================================ # Debian version -DEBIAN_VERSION="bookworm" +DEBIAN_VERSION="trixie" # WireGuard endpoint configuration WG_ENDPOINT_IP="192.0.2.1" # REPLACE with your WireGuard server IP @@ -77,7 +77,7 @@ sudo apt-get install -y debootstrap qemu-utils kpartx squashfs-tools # ============================================================================ echo "" -echo "[2/9] Bootstrapping minimal Debian $DEBIAN_VERSION..." +echo "[2/9] Bootstrapping minimal Debian $DEBIAN_VERSION (Debian 13 Trixie)..." sudo debootstrap \ --arch=amd64 \ @@ -94,8 +94,8 @@ echo "" echo "[3/9] Configuring APT sources..." cat << 'EOF' | sudo tee "$CHROOT_DIR/etc/apt/sources.list" -deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware -deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware +deb http://deb.debian.org/debian trixie main contrib non-free non-free-firmware +deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware EOF # ============================================================================ diff --git a/config/preseed.sh b/config/preseed.sh index 07c0d99..afeade0 100755 --- a/config/preseed.sh +++ b/config/preseed.sh @@ -14,7 +14,7 @@ SUITE=${1:-bookworm} TARGET=${2} MIRROR=${3:-http://deb.debian.org/debian} -echo "Bootstrapping minimal Debian $SUITE..." +echo "Bootstrapping minimal Debian $SUITE (Debian 13 Trixie recommended)..." debootstrap --variant=minbase --arch=amd64 $SUITE $TARGET $MIRROR