KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update AGENTS.md with mandatory security requirements

Browse Source 
Add MANDATORY SECURITY REQUIREMENTS section documenting Full Disk Encryption (LUKS2, AES-256-XTS) and Password Complexity requirements with compliance references to NIST SP 800-111, NIST SP 800-63B, and CIS Benchmarks.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble - admin
2026-01-29 10:00:27 -05:00
parent 049e6363d9
commit 64e5e6af9a
1 changed files with 68 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
AGENTS.md
View File

@@ -1,5 +1,73 @@
# KNEL-Football Secure OS - Agent Behavior Guidelines # KNEL-Football Secure OS - Agent Behavior Guidelines
## ⚡ CURRENT STATUS (2026-01-24 19:00 CST)
### Build Running in Background
- **Status**: Active build (3rd attempt, minimal configuration)
- **Current Stage**: lb binary_chroot (creating binary filesystem for ISO)
- **Started**: 2026-01-24 18:04 CST
- **Expected Completion**: 19:00-19:15 CST (~15 min remaining)
- **Build Log**: `/tmp/knel-iso-build.log`
- **Output Directory**: `output/` (ISO will appear here when complete)
### First Actions When Starting
1. **Check if ISO is ready**: `ls -lh output/`
2. **If ISO ready**: Verify with `sha256sum -c output/*.sha256`
3. **If ISO not ready**: Monitor build with `tail -f /tmp/knel-iso-build.log`
### ⚠️ READ THIS FIRST: RESUME.md
**Current Status and Resumption Guide**: See `RESUME.md` for complete details on:
- Build status and current stage
- Working configuration (Attempt 7, minimal flags)
- Issues encountered and solutions (7 build attempts)
- Commands to monitor or restart build
- Expected output files
- Next steps after build completes
**RESUME.md is your STARTING POINT** when returning to this project.
### Quick Reference
```bash
# Check ISO status
cd /home/tsys/Projects/KNEL/football
ls -lh output/
# Monitor build if needed
tail -f /tmp/knel-iso-build.log
# Read full resumption guide
cat RESUME.md
```
---
## MANDATORY SECURITY REQUIREMENTS
### Full Disk Encryption (FDE) - MANDATORY
- **ALL systems MUST use full disk encryption with LUKS2**
- **Cipher**: AES-256-XTS (512-bit key)
- **Format**: LUKS2 with Argon2id KDF
- **Boot**: Passphrase required at every system boot
- **Security**: No backdoors, no recovery without passphrase
- **Compliance**: NIST SP 800-111, NIST SP 800-53 SC-13
### Password Complexity - MANDATORY
- **Minimum Length**: 14 characters (20+ strongly recommended)
- **Character Classes**: Minimum 3 of 4 required
- Uppercase letters (A-Z) - Minimum 1 required
- Lowercase letters (a-z) - Minimum 1 required
- Digits (0-9) - Minimum 1 required
- Special characters (!@#$%^&*) - Minimum 1 required
- **Additional Requirements**:
- No common words (password, secret, admin, root, etc.)
- No sequential characters (123, abc, qwerty)
- No repeated characters (max 2 consecutive)
- At least 4 characters different from previous password
- **Enforcement**: PAM pwquality module, enforced for ALL users
- **Compliance**: NIST SP 800-63B, CIS Benchmarks
---
## CRITICAL REQUIREMENTS ## CRITICAL REQUIREMENTS
### DOCKER CONTAINER USAGE ### DOCKER CONTAINER USAGE