KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Complete directory cleanup

Browse Source 
Finalizes directory cleanup by removing obsolete files:
- All old debootstrap build scripts (docker-*.sh, final-simple-build.sh)
- All old documentation from root (BUILD-*.md, DOCKER-*.md)
- Obsolete Dockerfiles (Dockerfile, Dockerfile.build)
- Obsolete chroot-overlay/ directory (now using preseed.cfg)
- Old build.sh (replaced by scripts/build-iso.sh)

All files are now in proper directories:
- scripts/: Build and test scripts
- docs/: All documentation
- config/: Configuration files
- logs/: Log files
- keys/: WireGuard keys

Repository is clean and ready for production.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble
2026-01-20 12:01:10 -05:00
parent 2225244ca3
commit 54d988477f
39 changed files with 3 additions and 7487 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
chroot-overlay/etc/aide.conf
View File

@@ -1,155 +0,0 @@
# CIS Benchmark - AIDE Configuration
# File Integrity Monitoring for CMMC/FedRAMP compliance
# Database location
database=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.new
# Default configuration
All=p+i+n+u+g+s+m+c+md5+sha1+tiger+rmd160
# Define file types
Normal=p+i+n+u+g+s+m+c+md5+sha1
Binaries=p+i+n+u+g+s+m+c+md5+sha1+tiger+rmd160
Config=p+i+n+u+g+s+m+c+md5+sha1+acl+xattrs
Logs=p+i+n+u+g+s+m+c+md5+sha1+acl+xattrs+selinux
Dynamic=p+i+n+u+g+s+m+c+md5+sha1+acl+xattrs+selinux
# ============================================================================
# Directories to Monitor (CIS 4.2.2)
# ============================================================================
# System binaries
/bin All
/sbin All
/usr/bin All
/usr/sbin All
/usr/local/bin All
/usr/local/sbin All
# System configuration
/etc Config
# Libraries
/lib All
/lib64 All
/usr/lib All
/usr/lib64 All
/usr/local/lib All
# Kernel modules
/lib/modules Binaries
# Boot files
/boot Config
# System services
/etc/systemd Config
/lib/systemd Binaries
# Security configuration
/etc/pam.d Config
/etc/security Config
# Network configuration
/etc/network Config
/etc/wireguard Config
# Firewall rules
/etc/iptables Config
# Audit configuration
/etc/audit Config
# AppArmor profiles
/etc/apparmor Config
# Sudo configuration
/etc/sudoers Config
/etc/sudoers.d Config
# ============================================================================
# Directories to Exclude (due to high volatility)
# ============================================================================
!/proc
!/sys
!/dev
!/tmp
!/var/tmp
!/run
!/var/run
# Exclude logs (monitored separately)
!/var/log
# Exclude spool directories
!/var/spool
# Exclude cache
!/var/cache
# Exclude lock files
!/var/lock
# Exclude AIDE database
!/var/lib/aide/aide.db
# Exclude volatile system files
!/etc/mtab
!/etc/fstab.backup
# Exclude user-specific volatile files
!/home/user/.cache
!/home/user/.local/share/Trash
# Exclude IceWM and Remmina cache
!/home/user/.icewm/.cache
!/home/user/.local/share/remmina/*.log
# ============================================================================
# Monitor critical system files for compliance
# ============================================================================
# Password and shadow files
/etc/passwd Normal
/etc/shadow Config
/etc/group Normal
/etc/gshadow Config
# Login configuration
/etc/login.defs Config
/etc/securetty Config
# Hosts configuration
/etc/hosts Config
/etc/hostname Config
# Time configuration
/etc/localtime Config
/etc/timezone Config
# Cron configuration
/etc/crontab Config
# Startup scripts
/etc/init.d Config
# Package management
/var/lib/dpkg Config
# Kernel parameters
/etc/sysctl.d Config
# ============================================================================
# Additional Security Rules
# ============================================================================
# Monitor for SUID/SGID files
+s+a+xattr
# Monitor for world-writable files
+dir+w+u+g+s
# Monitor for SUID root files
All=p+i+n+u+g+s+m+c+md5+sha1+tiger+rmd160+xattrs