Add method for set OS version to general config.

README.md

@@ -228,7 +228,7 @@ This document is a description of the additions to the sections not included in
 [How to config grub2 password protection](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_config_grub2_password_protection.mkd)  
 [How to persistent iptables rules with debian 9](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_persistent_iptables_rules_with_debian_9.mkd)  
 [How to deploy audisp-remote for auditd log](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_deploy_audisp_remote_for_audit_log.mkd)  
-[how to migrating from iptables to nftables in debian10](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_migrating_from_iptables_to_nftables_in_debian10.md)  
+[How to migrating from iptables to nftables in debian10](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_migrating_from_iptables_to_nftables_in_debian10.md)  
 [How to persistent nft rules with debian 10](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_persistent_nft_rules_with_debian_10.mkd)  
 
 ### Use case docs  

bin/hardening.sh

@@ -23,6 +23,7 @@ AUDIT_ALL_ENABLE_PASSED=0
 ALLOW_SERVICE_LIST=0
 SET_HARDENING_LEVEL=0
 SUDO_MODE=''
+INIT_G_CONFIG=0
 
 usage() {
     cat << EOF
@@ -30,8 +31,11 @@ $LONG_SCRIPT_NAME <RUN_MODE> [OPTIONS], where RUN_MODE is one of:
 
     --help -h
         Show this help
-
+	
-    --apply
+	--init 
+		Initialize the global configuration file(/etc/default/cis-hardening) based on the release version number
+    
+	--apply
         Apply hardening for enabled scripts.
         Beware that NO confirmation is asked whatsoever, which is why you're warmly
         advised to use --audit before, which can be regarded as a dry-run mode.
@@ -140,6 +144,9 @@ while [[ $# > 0 ]]; do
         -h|--help)
             usage
         ;;
+		--init)
+			INIT_G_CONFIG=1
+		;;
         *)
             usage
         ;;
@@ -162,6 +169,21 @@ fi
 [ -r $CIS_ROOT_DIR/lib/common.sh     ] && . $CIS_ROOT_DIR/lib/common.sh
 [ -r $CIS_ROOT_DIR/lib/utils.sh      ] && . $CIS_ROOT_DIR/lib/utils.sh
 
+if [ $INIT_G_CONFIG -eq 1 ]; then
+	if [ -r /etc/redhat-release ]; then
+		info "This OS is redhat or CentOS."
+		sed -i 's/^OS_RELEASE=.*/OS_RELEASE=2/g' /etc/default/cis-hardening 
+	elif [ -r /etc/debian_version ]; then
+		info "This OS is Debian."
+		:
+	else
+		crit "This OS not support!"
+		exit 128
+	fi
+	exit 0
+fi
+
+
 # If --allow-service-list is specified, don't run anything, just list the supported services
 if [ "$ALLOW_SERVICE_LIST" = 1 ] ; then
     declare -a HARDENING_EXCEPTIONS_LIST

debian/default

@@ -1,5 +1,8 @@
-# Default file for CIS Debian hardening scripts
+# Default file for CIS Debian/CentOS hardening scripts
 
 # Define here root directory for CIS debian hardening scripts
 CIS_ROOT_DIR='/opt/cis-hardening'
+# If distor is Debian, set 1; It's default  
+# If distor is CentOS, set 2;
+OS_RELEASE=1