diff --git a/bin/hardening/9.2.11_pam_deny_times_tally2.sh b/bin/hardening/9.2.11_pam_deny_times_tally2.sh
index 7a3f1a2..1e09f15 100755
--- a/bin/hardening/9.2.11_pam_deny_times_tally2.sh
+++ b/bin/hardening/9.2.11_pam_deny_times_tally2.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 7/8/9 or CentOS 8 Hardening
+# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS 8 Hardening
 #
 
 #
@@ -166,21 +166,12 @@ check_config() {
 		AUTHRULE='auth    required pam_faillock.so deny=3 even_deny_root unlock_time=900'
 		ADDPATTERNLINE='auth[[:space:]]*required'
 	elif [ $OS_RELEASE -eq 1 ]; then
-		is_debian_11
-		# faillock for Debian 11 
-                if [ $FNRET = 0 ]; then
-			ISDEBIAN11=1
-			SECCONFFILE='/etc/security/faillock.conf'
-			AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
-			AUTHRULE='auth    required pam_faillock.so'
-		else
 			ISDEBIAN11=0
 			PAMLIBNAME='pam_tally2.so'
 			AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so'
 			AUTHRULE='auth    required pam_tally2.so deny=3 even_deny_root unlock_time=900'
-		fi
-	# same to debian11
-	elif [ $OS_RELEASE -eq 3 ]; then
+	# ubuntu/debian11/debian12
+	elif [ $OS_RELEASE -eq 3 -o $OS_RELEASE -eq 11 -o $OS_RELEASE -eq 12 ]; then
 			ISDEBIAN11=1
 			SECCONFFILE='/etc/security/faillock.conf'
 			AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
diff --git a/bin/hardening/9.2.12_pam_lockout_failed_tally2.sh b/bin/hardening/9.2.12_pam_lockout_failed_tally2.sh
index a5ca531..9e103a1 100755
--- a/bin/hardening/9.2.12_pam_lockout_failed_tally2.sh
+++ b/bin/hardening/9.2.12_pam_lockout_failed_tally2.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 7/8/9 or CentOS 8 Hardening
+# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS 8 Hardening
 #
 
 #
@@ -164,25 +164,16 @@ check_config() {
 		AUTHRULE='auth    required pam_faillock.so deny=3 even_deny_root unlock_time=900'
 		ADDPATTERNLINE='auth[[:space:]]*required'
 	elif [ $OS_RELEASE -eq 1 ]; then
-		is_debian_11
-		# faillock for Debian 11 
-                if [ $FNRET = 0 ]; then
-			ISDEBIAN11=1
-			SECCONFFILE='/etc/security/faillock.conf'
-			AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
-			AUTHRULE='auth    required pam_faillock.so'
-		else
-			ISDEBIAN11=0
-			PAMLIBNAME='pam_tally2.so'
-			AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so'
-			AUTHRULE='auth    required pam_tally2.so deny=3 even_deny_root unlock_time=900'
-		fi
-	# same to debian11
-	elif [ $OS_RELEASE -eq 3 ]; then
-			ISDEBIAN11=1
-			SECCONFFILE='/etc/security/faillock.conf'
-			AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
-			AUTHRULE='auth    required pam_faillock.so'
+		ISDEBIAN11=0
+		PAMLIBNAME='pam_tally2.so'
+		AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so'
+		AUTHRULE='auth    required pam_tally2.so deny=3 even_deny_root unlock_time=900'
+	# ubuntu/debian11/debian12
+	elif [ $OS_RELEASE -eq 3 -o $OS_RELEASE -eq 11 -o $OS_RELEASE -eq 12 ]; then
+		ISDEBIAN11=1
+		SECCONFFILE='/etc/security/faillock.conf'
+		AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
+		AUTHRULE='auth    required pam_faillock.so'
 	fi
 }
 
diff --git a/bin/hardening/9.2.13_pam_even_deny_root_tally2.sh b/bin/hardening/9.2.13_pam_even_deny_root_tally2.sh
index 5aa47e4..a11130c 100755
--- a/bin/hardening/9.2.13_pam_even_deny_root_tally2.sh
+++ b/bin/hardening/9.2.13_pam_even_deny_root_tally2.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian-audit for Debian GNU/Linux 9 or CentOS 8 Hardening
+# harbian-audit for Debian GNU/Linux 9/10/11/12 or CentOS 8 Hardening
 #
 
 #
@@ -157,25 +157,16 @@ check_config() {
 		ADDPATTERNLINE='auth[[:space:]]*required'
 		DENYROOT='even_deny_root'
 	elif [ $OS_RELEASE -eq 1 ]; then
-		is_debian_11
-		# faillock for Debian 11 
-                if [ $FNRET = 0 ]; then
-			ISDEBIAN11=1
-			SECCONFFILE='/etc/security/faillock.conf'
-			AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
-			AUTHRULE='auth    required pam_faillock.so'
-		else
-			ISDEBIAN11=0
-			PAMLIBNAME='pam_tally2.so'
-			AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so'
-			AUTHRULE='auth    required pam_tally2.so deny=3 even_deny_root unlock_time=900'
-		fi
-	# same to debian11
-	elif [ $OS_RELEASE -eq 3 ]; then
-			ISDEBIAN11=1
-			SECCONFFILE='/etc/security/faillock.conf'
-			AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
-			AUTHRULE='auth    required pam_faillock.so'
+		ISDEBIAN11=0
+		PAMLIBNAME='pam_tally2.so'
+		AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so'
+		AUTHRULE='auth    required pam_tally2.so deny=3 even_deny_root unlock_time=900'
+	# ubuntu/debian11/debian12
+	elif [ $OS_RELEASE -eq 3 -o $OS_RELEASE -eq 11 -o $OS_RELEASE -eq 12 ]; then
+		ISDEBIAN11=1
+		SECCONFFILE='/etc/security/faillock.conf'
+		AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
+		AUTHRULE='auth    required pam_faillock.so'
 	fi
 }