KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34 Commits 1 Branch 0 Tags
54d988477ffca90df31db61be684febd32131620
Commit Graph

5 Commits

Author SHA1 Message Date
Charles N Wyble
2225244ca3 docs: Add comprehensive cleanup summary 
Adds docs/CLEANUP-SUMMARY.md documenting:
- All cleanup and refactoring completed
- Directory structure changes (before/after)
- Files moved/archived/deleted
- Documentation updates made
- Build approach migration details
- Git commit history (11 commits)
- Current state (ready to build)
- Next steps for production

This provides complete reference for all refactoring work
and ensures future contributors understand changes made.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 12:00:13 -05:00
Charles N Wyble
546c3ea5cf docs: Add comprehensive build documentation 
Adds docs/BUILD-DOCUMENTATION.md explaining:
- Directory structure (clean and organized)
- Complete build process (5 steps)
- Preseed configuration details
- ISO deployment procedures (bare metal and VM)
- Docker container usage (dev and test)
- Security features applied during installation
- Troubleshooting guide
- Next steps for deployment

This replaces all scattered old documentation with a single,
comprehensive reference for the ISO-based build system.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 11:58:19 -05:00
Charles N Wyble
8f9487b59d refactor: Clean up documentation directory 
Moves obsolete documentation to docs/old/:
- BUILD-CONTINUOUS-STATUS.md (old build status)
- BUILD-PROGRESS.md (old build progress)
- BUILD-STATUS.md (old build status)
- DOCKER-README.md (old Docker build docs)
- DOCKER-SOLUTION.md (old Docker build docs)
- QUICKSTART.md (replaced by README.md)

Keeps relevant documentation in docs/:
- COMPLIANCE.md (compliance documentation)
- INCIDENT-RESPONSE.md (incident response)
- SECURITY-BASELINES.md (security baselines)
- SECURITY-POLICY.md (security policy)
- TEST-EVIDENCE.md (test evidence)

Documentation directory now clean and focused on current ISO approach.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 11:55:50 -05:00
Charles N Wyble
ac7df85a0e feat: add security baselines guide and update build script 
Security Baselines Guide Includes:
- Comprehensive security baseline overview
- Kernel parameters verification
- Firewall rules baseline
- Authentication and password baselines
- Audit rules baseline
- Service baselines (enabled/prohibited)
- File permission baselines
- AIDE configuration baseline
- Logging baselines
- Initial hardening procedures
- Baseline verification procedures
- Ongoing hardening activities (daily/weekly/monthly/quarterly/annual)
- Baseline maintenance procedures
- Compliance verification for CIS/CMMC/FedRAMP
- Troubleshooting guide
- Quick reference commands

Build Script Updates:
- Add PAM configuration step (common-password-cis)
- Add faillock configuration for account lockout
- Add AIDE database initialization
- Add Secure Boot configuration step
- Add additional systemd services (auditd, rsyslog, apparmor, aide-check.timer)
- Update step numbers to 11/11 for consistency
- Improve hardening script execution

Security Controls Applied:
- PAM with CIS password policies
- Account lockout (5 attempts, 15 minutes)
- AIDE database initialization
- Secure Boot configuration
- All security services enabled

Compliance Standards:
- CIS Debian 13 Benchmark
- CMMC Level 3
- FedRAMP Moderate
- NIST SP 800-53 Moderate
- NIST SP 800-171

This guide provides complete baseline verification and
maintenance procedures for Tier0 infrastructure protection.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-13 14:20:05 -05:00
Charles N Wyble
392dd9dadc docs: add comprehensive security documentation 
- Add SECURITY-POLICY.md with all security policies
- Add INCIDENT-RESPONSE.md with incident response procedures

Security Policy Includes:
- Information Security Policy (purpose, scope, compliance)
- Access Control Policy (least privilege, separation of duties)
- Network Security Policy (WireGuard-only, remote access prohibition)
- Incident Response Policy (classification, process, notification)
- Change Management Policy (categories, process, controls)
- Audit and Logging Policy (scope, requirements, retention)
- Password Policy (complexity, aging, lockout)
- Acceptable Use Policy (authorized/prohibited use, monitoring)
- Physical Security Policy (access controls, device security)
- Data Classification Policy (CUI marking, handling, retention)

Incident Response Procedures Include:
- Incident Classification (Category I, II, III)
- Incident Detection (sources, indicators, assessment)
- Incident Response Process (6 phases)
- Specific Incident Procedures (malware, data breach, DoS)
- Post-Incident Activities (reporting, lessons learned)
- Communication Procedures (internal, external)
- Documentation Requirements (logs, evidence, retention)
- Training and Drills (requirements, drills, assessment)

Compliance Standards Addressed:
- CIS Debian 13 Benchmark: All applicable policies
- CMMC Level 3: All domain policies
- FedRAMP Moderate: All control policies
- NIST SP 800-53: All control policies
- NIST SP 800-171: All control policies

Documentation Structure:
- Comprehensive policy framework
- Detailed incident response procedures
- Contact information for all stakeholders
- Compliance references included
- Document control procedures
- Review and update schedules

This documentation provides complete policy framework for:
- Tier0 infrastructure protection
- CUI handling requirements
- Security incident response
- Regulatory compliance
- Security governance

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-13 14:00:36 -05:00