Adapt to the Debian 12 release version

bin/hardening.sh

@@ -205,20 +205,23 @@ fi
 [ -r $CIS_ROOT_DIR/lib/common.sh     ] && . $CIS_ROOT_DIR/lib/common.sh
 [ -r $CIS_ROOT_DIR/lib/utils.sh      ] && . $CIS_ROOT_DIR/lib/utils.sh
 
-### Debian: OS_RELEASE=1  Redhat/centos: OS_RELEASE=2 Ubuntu: OS_RELEASE=3
+### Debian: OS_RELEASE=1  Redhat/centos: OS_RELEASE=2 Ubuntu: OS_RELEASE=3 Debian9~12: OS_RELEASE=9~12
 # For --init
 if [ $INIT_G_CONFIG -eq 1 ]; then
 	if [ -r /etc/redhat-release ]; then
 		info "This OS is redhat/CentOS."
 		sed -i 's/^OS_RELEASE=.*/OS_RELEASE=2/g' /etc/default/cis-hardening 
 		. /etc/default/cis-hardening
-	elif [ $(grep -i Ubuntu /etc/lsb-release -c) -gt 0 ]; then
-		info "This OS is Ubuntu."
-		sed -i 's/^OS_RELEASE=.*/OS_RELEASE=3/g' /etc/default/cis-hardening 
-		. /etc/default/cis-hardening
+	elif [ -r /etc/lsb-release ]; then
+		if [ $(grep -i Ubuntu /etc/lsb-release -c) -ge 1 ]; then
+			info "This OS is Ubuntu."
+			sed -i 's/^OS_RELEASE=.*/OS_RELEASE=3/g' /etc/default/cis-hardening 
+			. /etc/default/cis-hardening
+		fi
 	elif [ -r /etc/debian_version ]; then
-		info "This OS is Debian."
-		sed -i 's/^OS_RELEASE=.*/OS_RELEASE=1/g' /etc/default/cis-hardening 
+		get_debian_ver
+		sed -i "s/^OS_RELEASE=.*/OS_RELEASE=${FNRET}/g" /etc/default/cis-hardening 
+		info "This OS is Debian $FNRET."
 		. /etc/default/cis-hardening
 	else
 		crit "This OS not support!"
@@ -229,6 +232,14 @@ fi
 
 if [ $OS_RELEASE -eq 1 ]; then
 	info "Start auditing for Debian."
+elif [ $OS_RELEASE -eq 9 ]; then
+	info "Start auditing for Debian9."
+elif [ $OS_RELEASE -eq 10 ]; then
+	info "Start auditing for Debian10."
+elif [ $OS_RELEASE -eq 11 ]; then
+	info "Start auditing for Debian11."
+elif [ $OS_RELEASE -eq 12 ]; then
+	info "Start auditing for Debian12."
 elif [ $OS_RELEASE -eq 2 ]; then
 	info "Start auditing for redhat/CentOS."
 elif [ $OS_RELEASE -eq 3 ]; then

etc/default.cfg

@@ -2,7 +2,7 @@
 
 # Define here root directory for CIS debian/CentOS hardening scripts
 CIS_ROOT_DIR='/opt/harbianaudit'
-# If distor is Debian, set 1; It's default  
-# If distor is CentOS, set 2;
+# If distor is Debian9~debian12, set 9~12; if distor is less than 9, set 1 It's default 
+# If distor is CentOS set 2; if distor is Ubuntu set 3
 OS_RELEASE=1
 

lib/utils.sh

@@ -20,6 +20,56 @@ is_centos_8()
 	fi
 }
 
+# return 9 if it is debian9, return 10 if it is debian10, reutrn 11 if it is debian11, return 12 if it is debian12, return 1 if it is less than 9
+get_debian_ver()
+{
+	DEBIAN12CODENAME="bookworm"
+	DEBIAN11CODENAME="bullseye"
+	DEBIAN10CODENAME="buster"
+	DEBIAN9CODENAME="stretch"
+	if [ -r /etc/debian_version ]; then
+		if [ $(grep -cwi "^$DEBIAN12CODENAME" /etc/debian_version) -eq 1 -o  $(cat /etc/debian_version | awk -F"." '{print $1}') -eq 12 ]; then
+			debug "Debian version is 12"
+			FNRET=12
+		elif [ $(grep -cwi "^$DEBIAN11CODENAME" /etc/debian_version) -eq 1 -o  $(cat /etc/debian_version | awk -F"." '{print $1}') -eq 11 ]; then
+			debug "Debian version is 11"
+			FNRET=11
+		elif [ $(grep -cwi "^$DEBIAN10CODENAME" /etc/debian_version) -eq 1 -o  $(cat /etc/debian_version | awk -F"." '{print $1}') -eq 10 ]; then
+			debug "Debian version is 10"
+			FNRET=10
+		elif [ $(grep -cwi "^$DEBIAN9CODENAME" /etc/debian_version) -eq 1 -o  $(cat /etc/debian_version | awk -F"." '{print $1}') -eq 9 ]; then
+			debug "Debian version is 9"
+			FNRET=9
+		else
+			debug "Debian version is less than 9"
+			FNRET=1
+		fi
+	fi
+}
+
+is_debian_12()
+{
+	# For debian12
+	DEBIAN12CODENAME="bookworm"
+	if [ -r /etc/debian_version ]; then
+		if [ $(grep -cw "^$DEBIAN12CODENAME" /etc/debian_version) -eq 1 ]; then
+			debug "Debian version is 12"
+			FNRET=0
+			return 
+		fi
+		if [ $(cat /etc/debian_version | awk -F"." '{print $1}') -eq 12 ]; then
+			debug "Debian version is 12"
+			FNRET=0
+		else
+			debug "Current OS is not Debian 12."
+			FNRET=2
+		fi
+	else
+		debug "Current OS is not Debian."
+		FNRET=2
+	fi
+}
+
 is_debian_ge_10()
 {
 	# For debian11