KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bed3b07b811811624ca66c83a91c41c6cae90c9d
football/config/package-lists/knel-football.list.chroot
Charles N Wyble 0807611efe feat: add FIM, comprehensive audit logging, SSH client-only for CIS/FedRAMP/CMMC 
Security enhancements for tier0 infrastructure access:
- Add AIDE for file integrity monitoring (CIS 1.4, FedRAMP AU-7, CMMC AU.3.059)
- Add comprehensive audit rules covering identity, network, boot, and privilege escalation
- Remove SSH server (openssh-server), add SSH client only (openssh-client)
- Add audispd-plugins for audit event processing
- Update security-hardening.sh with configure_fim() and configure_ssh_client()
- Update compliance tests for FIM, audit, and client-only architecture

Package changes:
- Remove: openssh-server, iptables
- Add: openssh-client, aide, aide-common, audispd-plugins

No inbound services - outbound VPN/SSH/RDP only for accessing privileged workstation.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
2026-02-17 12:24:30 -05:00

47 lines
646 B
Plaintext
Raw Blame History

# Package lists for live-build
# Core system packages
linux-image-amd64
initramfs-tools
# Secure Boot support (MANDATORY for UEFI systems)
shim-signed
grub-efi-amd64-signed
grub-efi-amd64-bin
efibootmgr
# Desktop environment
icewm
icewm-themes
lightdm
lightdm-gtk-greeter
xorg
xserver-xorg-core
xserver-xorg-input-all
# Applications
remmina
remmina-plugin-rdp
mousepad
wireguard
wireguard-tools
zbar-tools
pcmanfm
# Network utilities (client only - NO inbound services)
openssh-client
wireguard
wireguard-tools
nftables
# Security tools
auditd
audispd-plugins
aide
aide-common
rsyslog
sudo
# Filesystem support
e2fsprogs
dosfstools
ntfs-3g
Reference in New Issue View Git Blame Copy Permalink