From 64e5e6af9a6c61c1026bf801cf650c92c7b19983 Mon Sep 17 00:00:00 2001 From: ReachableCEO Date: Thu, 29 Jan 2026 10:00:27 -0500 Subject: [PATCH] docs: update AGENTS.md with mandatory security requirements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add MANDATORY SECURITY REQUIREMENTS section documenting Full Disk Encryption (LUKS2, AES-256-XTS) and Password Complexity requirements with compliance references to NIST SP 800-111, NIST SP 800-63B, and CIS Benchmarks. 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush --- AGENTS.md | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/AGENTS.md b/AGENTS.md index 1098f56..f4a5186 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -1,5 +1,73 @@ # KNEL-Football Secure OS - Agent Behavior Guidelines +## ⚡ CURRENT STATUS (2026-01-24 19:00 CST) + +### Build Running in Background +- **Status**: Active build (3rd attempt, minimal configuration) +- **Current Stage**: lb binary_chroot (creating binary filesystem for ISO) +- **Started**: 2026-01-24 18:04 CST +- **Expected Completion**: 19:00-19:15 CST (~15 min remaining) +- **Build Log**: `/tmp/knel-iso-build.log` +- **Output Directory**: `output/` (ISO will appear here when complete) + +### First Actions When Starting +1. **Check if ISO is ready**: `ls -lh output/` +2. **If ISO ready**: Verify with `sha256sum -c output/*.sha256` +3. **If ISO not ready**: Monitor build with `tail -f /tmp/knel-iso-build.log` + +### ⚠️ READ THIS FIRST: RESUME.md +**Current Status and Resumption Guide**: See `RESUME.md` for complete details on: +- Build status and current stage +- Working configuration (Attempt 7, minimal flags) +- Issues encountered and solutions (7 build attempts) +- Commands to monitor or restart build +- Expected output files +- Next steps after build completes + +**RESUME.md is your STARTING POINT** when returning to this project. + +### Quick Reference +```bash +# Check ISO status +cd /home/tsys/Projects/KNEL/football +ls -lh output/ + +# Monitor build if needed +tail -f /tmp/knel-iso-build.log + +# Read full resumption guide +cat RESUME.md +``` + +--- + +## MANDATORY SECURITY REQUIREMENTS + +### Full Disk Encryption (FDE) - MANDATORY +- **ALL systems MUST use full disk encryption with LUKS2** +- **Cipher**: AES-256-XTS (512-bit key) +- **Format**: LUKS2 with Argon2id KDF +- **Boot**: Passphrase required at every system boot +- **Security**: No backdoors, no recovery without passphrase +- **Compliance**: NIST SP 800-111, NIST SP 800-53 SC-13 + +### Password Complexity - MANDATORY +- **Minimum Length**: 14 characters (20+ strongly recommended) +- **Character Classes**: Minimum 3 of 4 required + - Uppercase letters (A-Z) - Minimum 1 required + - Lowercase letters (a-z) - Minimum 1 required + - Digits (0-9) - Minimum 1 required + - Special characters (!@#$%^&*) - Minimum 1 required +- **Additional Requirements**: + - No common words (password, secret, admin, root, etc.) + - No sequential characters (123, abc, qwerty) + - No repeated characters (max 2 consecutive) + - At least 4 characters different from previous password +- **Enforcement**: PAM pwquality module, enforced for ALL users +- **Compliance**: NIST SP 800-63B, CIS Benchmarks + +--- + ## CRITICAL REQUIREMENTS ### DOCKER CONTAINER USAGE