3cd1c31960
chore: Remove all debootstrap traces and obsolete documentation
...
Comprehensive cleanup to remove all traces of old debootstrap-based
build system approach, now fully migrated to ISO-based installer.
1. **Removed Obsolete Files**:
- Dockerfile.dev (old debootstrap container definition)
- config/preseed.sh (obsolete debootstrap script)
- docs/CLEANUP-SUMMARY.md (historical cleanup docs)
- docs/TEST-EVIDENCE.md (historical test docs)
- docs/old/ (entire directory with obsolete docs)
- tests/build-and-test.sh (old debootstrap test script)
2. **Rewrote AGENTS.md**:
- Removed all obsolete build system sections (Build System,
Current Build Status, Build Environment, Proof Testing,
Known Issues, Next Steps)
- Kept current relevant sections (Orientation, Overview,
Architecture, Security Model, Compliance, File Structure,
Configuration, Scripts, Deployment, Verification)
- Updated to focus solely on ISO-based approach
- Reduced from 1306 lines to ~650 lines (clean and concise)
- Added proper Build System section for ISO approach
- Added Testing section
- Added Troubleshooting section
3. **Updated Active Documentation**:
- docs/FUNCTIONAL-REQUIREMENTS.md (corrected installer description)
- docs/BUILD-DOCUMENTATION.md (removed debootstrap reference)
- docs/SECURITY-BASELINES.md (removed debootstrap reference)
- AGENTS.md (updated with COMMIT_CONVENTIONS reference)
4. **Project Now Clean**:
- All debootstrap references removed
- All obsolete documentation removed
- Focus entirely on ISO-based installer approach
- Ready for clean ISO builds
Files Deleted:
- Dockerfile.dev
- config/preseed.sh
- docs/CLEANUP-SUMMARY.md
- docs/TEST-EVIDENCE.md
- docs/old/ (BUILD-CONTINUOUS-STATUS.md, BUILD-PROGRESS.md,
BUILD-STATUS.md, DOCKER-README.md, DOCKER-SOLUTION.md,
QUICKSTART.md)
- tests/build-and-test.sh
Files Updated:
- AGENTS.md (complete rewrite, removed ~650 lines of obsolete content)
- docs/FUNCTIONAL-REQUIREMENTS.md (corrected installer type)
- docs/BUILD-DOCUMENTATION.md (removed obsolete tool reference)
- docs/SECURITY-BASELINES.md (removed obsolete reference)
💘 Generated with Crush
Assisted-by: GLM-4.7 via Crush <crush@charm.land >
2026-01-20 14:09:32 -05:00
Charles N Wyble
ac7df85a0e
feat: add security baselines guide and update build script
...
Security Baselines Guide Includes:
- Comprehensive security baseline overview
- Kernel parameters verification
- Firewall rules baseline
- Authentication and password baselines
- Audit rules baseline
- Service baselines (enabled/prohibited)
- File permission baselines
- AIDE configuration baseline
- Logging baselines
- Initial hardening procedures
- Baseline verification procedures
- Ongoing hardening activities (daily/weekly/monthly/quarterly/annual)
- Baseline maintenance procedures
- Compliance verification for CIS/CMMC/FedRAMP
- Troubleshooting guide
- Quick reference commands
Build Script Updates:
- Add PAM configuration step (common-password-cis)
- Add faillock configuration for account lockout
- Add AIDE database initialization
- Add Secure Boot configuration step
- Add additional systemd services (auditd, rsyslog, apparmor, aide-check.timer)
- Update step numbers to 11/11 for consistency
- Improve hardening script execution
Security Controls Applied:
- PAM with CIS password policies
- Account lockout (5 attempts, 15 minutes)
- AIDE database initialization
- Secure Boot configuration
- All security services enabled
Compliance Standards:
- CIS Debian 13 Benchmark
- CMMC Level 3
- FedRAMP Moderate
- NIST SP 800-53 Moderate
- NIST SP 800-171
This guide provides complete baseline verification and
maintenance procedures for Tier0 infrastructure protection.
💘 Generated with Crush
Assisted-by: GLM-4.7 via Crush <crush@charm.land >
2026-01-13 14:20:05 -05:00
