From 1eecbc633f79ad1c7b243691fc0a739e4ab0ae9f Mon Sep 17 00:00:00 2001
From: Samson-W <sccxboy@gmail.com>
Date: Sat, 17 Jun 2023 00:14:38 +0800
Subject: [PATCH] Fix some bugs for Debian12.

---
 .../2.17_sticky_bit_world_writable_folder.sh      |  2 +-
 bin/hardening/8.1.18_record_Events_netfilter.sh   | 11 ++++++-----
 bin/hardening/8.1.19_record_sshkeysign_usage.sh   | 10 +++++-----
 ...ord_Events_that_privileged_passwd_cmd_usage.sh |  8 ++++----
 ...vents_that_privileged_priv_change_cmd_usage.sh |  8 ++++----
 ...rd_Events_that_privileged_postfix_cmd_usage.sh |  8 ++++----
 bin/hardening/8.1.24_record_crontab_cmd_usage.sh  |  8 ++++----
 ...8.1.25_record_pam_timestamp_check_cmd_usage.sh |  8 ++++----
 .../8.1.26_record_pam_tally_cmd_usage.sh          | 15 +++++++--------
 bin/hardening/8.1.29_record_usermod_cmd_usage.sh  |  8 ++++----
 10 files changed, 43 insertions(+), 43 deletions(-)

diff --git a/bin/hardening/2.17_sticky_bit_world_writable_folder.sh b/bin/hardening/2.17_sticky_bit_world_writable_folder.sh
index 25dd9fe..9df8d6c 100755
--- a/bin/hardening/2.17_sticky_bit_world_writable_folder.sh
+++ b/bin/hardening/2.17_sticky_bit_world_writable_folder.sh
@@ -8,7 +8,7 @@
 # 2.17 Set Sticky Bit on All World-Writable Directories (Scored)
 #
 
-set -e # One error, it's over
+#set -e # One error, it's over
 set -u # One variable unset, it's over
 
 HARDENING_LEVEL=2
diff --git a/bin/hardening/8.1.18_record_Events_netfilter.sh b/bin/hardening/8.1.18_record_Events_netfilter.sh
index 82a1a5e..d5ac475 100755
--- a/bin/hardening/8.1.18_record_Events_netfilter.sh
+++ b/bin/hardening/8.1.18_record_Events_netfilter.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 10 Hardening
+# harbian-audit for Debian GNU/Linux 10/11/12 Hardening
 #
 
 #
@@ -15,11 +15,12 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=4
 
 FILE='/etc/audit/rules.d/audit.rules'
+PACKAGE_NFT='nftables'
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-	is_debian_10
-	if [ $FNRET != 0 ]; then 
+	is_pkg_installed $PACKAGE_NFT
+    	if [ $FNRET != 0 ]; then
 		ok "OS not support nft, so pass"
 	else 
     	# define custom IFS and save default one
@@ -43,8 +44,8 @@ audit () {
 
 # This function will be called if the script status is on enabled mode
 apply () {
-	is_debian_10
-	if [ $FNRET != 0 ]; then 
+	is_pkg_installed $PACKAGE_NFT
+    	if [ $FNRET != 0 ]; then
 		ok "OS not support nft, so pass"
 	else 
     	IFS=$'\n'
diff --git a/bin/hardening/8.1.19_record_sshkeysign_usage.sh b/bin/hardening/8.1.19_record_sshkeysign_usage.sh
index 1784974..4a77092 100755
--- a/bin/hardening/8.1.19_record_sshkeysign_usage.sh
+++ b/bin/hardening/8.1.19_record_sshkeysign_usage.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
+# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
 #
 
 #
@@ -10,7 +10,7 @@
 #
 
 set -u # One variable unset, it's over
-set -e # One error, it's over
+#set -e # One error, it's over
 
 HARDENING_LEVEL=4
 FILE='/etc/audit/rules.d/audit.rules'
@@ -79,10 +79,10 @@ AUDIT_PARAMS_CENTOS="-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F
 -a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh"
 	fi	
 
-	if [ $OS_RELEASE -eq 1 ]; then
-		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
-	elif [ $OS_RELEASE -eq 2 ]; then
+	if [ $OS_RELEASE -eq 2 ]; then
 		AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
+	else
+		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
 	fi
 }
 
diff --git a/bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh b/bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh
index af4b58b..41be812 100755
--- a/bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh
+++ b/bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
+# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
 #
 
 #
@@ -87,10 +87,10 @@ AUDIT_PARAMS_CENTOS="-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1
 -a always,exit -F path=/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd"
 	fi
 
-	if [ $OS_RELEASE -eq 1 ]; then
-		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
-	elif [ $OS_RELEASE -eq 2 ]; then
+	if [ $OS_RELEASE -eq 2 ]; then
 		AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
+	else
+		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
 	fi
 }
 
diff --git a/bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh b/bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh
index 1a8199f..6b83d8d 100755
--- a/bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh
+++ b/bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
+# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
 #
 
 #
@@ -95,10 +95,10 @@ AUDIT_PARAMS_CENTOS="-a always,exit -F path=/bin/su -F perm=x -F auid>=1000 -F a
 -a always,exit -F path=/bin/chfn -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged-priv_change"
 	fi
 
-	if [ $OS_RELEASE -eq 1 ]; then
-		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
-	elif [ $OS_RELEASE -eq 2 ]; then
+	if [ $OS_RELEASE -eq 2 ]; then
 		AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
+	else
+		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
 	fi
 }
 
diff --git a/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh b/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh
index 770d532..1ae1add 100755
--- a/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh
+++ b/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
+# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
 #
 
 #
@@ -79,10 +79,10 @@ AUDIT_PARAMS_CENTOS='-a always,exit -F path=/sbin/postdrop -F perm=x -F auid>=10
 -a always,exit -F path=/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix'
 	fi
 
-	if [ $OS_RELEASE -eq 1 ]; then
-		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
-	elif [ $OS_RELEASE -eq 2 ]; then
+	if [ $OS_RELEASE -eq 2 ]; then
 		AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
+	else
+		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
 	fi
 }
 
diff --git a/bin/hardening/8.1.24_record_crontab_cmd_usage.sh b/bin/hardening/8.1.24_record_crontab_cmd_usage.sh
index 998386e..c1f56ab 100755
--- a/bin/hardening/8.1.24_record_crontab_cmd_usage.sh
+++ b/bin/hardening/8.1.24_record_crontab_cmd_usage.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
+# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
 #
 
 #
@@ -75,10 +75,10 @@ AUDIT_PARAMS_DEBIAN='-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=
 AUDIT_PARAMS_CENTOS='-a always,exit -F path=/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron'
 	fi
 
-	if [ $OS_RELEASE -eq 1 ]; then
-		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
-	elif [ $OS_RELEASE -eq 2 ]; then
+	if [ $OS_RELEASE -eq 2 ]; then
 		AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
+	else
+		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
 	fi
 }
 
diff --git a/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh b/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh
index 26d6444..1b62441 100755
--- a/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh
+++ b/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
+# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
 #
 
 #
@@ -75,10 +75,10 @@ AUDIT_PARAMS_DEBIAN='-a always,exit -F path=/usr/sbin/pam_timestamp_check -F per
 AUDIT_PARAMS_CENTOS='-a always,exit -F path=/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295  -k privileged-pam'
 	fi
 
-	if [ $OS_RELEASE -eq 1 ]; then
-		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
-	elif [ $OS_RELEASE -eq 2 ]; then
+	if [ $OS_RELEASE -eq 2 ]; then
 		AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
+	else
+		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
 	fi
 }
 
diff --git a/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh b/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
index fc6a3ea..4901177 100755
--- a/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
+++ b/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
+# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
 #
 
 #
@@ -21,7 +21,7 @@ audit () {
 	# This feature is only for debian
 	if [ $OS_RELEASE -eq 2 ]; then
 		ok "CentOS/Redhat is not support, so pass"
-	elif [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then
+	else
     	# define custom IFS and save default one
     	d_IFS=$IFS
     	c_IFS=$'\n'
@@ -52,7 +52,7 @@ apply () {
 	# This feature is only for debian
 	if [ $OS_RELEASE -eq 2 ]; then
 		ok "CentOS/Redhat is not support, so pass"
-	elif [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then
+	else
     	IFS=$'\n'
     	for AUDIT_VALUE in $AUDIT_PARAMS; do
 			check_audit_path $AUDIT_VALUE 
@@ -85,19 +85,18 @@ AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -k privilege
 AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
 		fi
 	else
-		is_debian_11
 		if [ $DONT_AUDITD_BY_UID -eq 1 ]; then
-			if [ $FNRET = 1 ]; then
+			if [ $OS_RELEASE -lt 11 ]; then
 AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -k privileged-pam
 -a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -k privileged-pam'
-			elif [ $FNRET = 0 ]; then
+			else
 AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -k privileged-pam'
 			fi
 		else
-			if [ $FNRET = 1 ]; then
+			if [ $OS_RELEASE -lt 11 ]; then
 AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
 -a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
-			elif [ $FNRET = 0 ]; then
+			else
 AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
 			fi
 		fi
diff --git a/bin/hardening/8.1.29_record_usermod_cmd_usage.sh b/bin/hardening/8.1.29_record_usermod_cmd_usage.sh
index 75765aa..25aa2a3 100755
--- a/bin/hardening/8.1.29_record_usermod_cmd_usage.sh
+++ b/bin/hardening/8.1.29_record_usermod_cmd_usage.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
+# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
 #
 
 #
@@ -75,10 +75,10 @@ AUDIT_PARAMS_DEBIAN='-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>
 AUDIT_PARAMS_CENTOS='-a always,exit -F path=/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod'
 	fi
 
-	if [ $OS_RELEASE -eq 1 ]; then
-		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
-	elif [ $OS_RELEASE -eq 2 ]; then
+	if [ $OS_RELEASE -eq 2 ]; then
 		AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
+	else
+		AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
 	fi
 }