Fix some bug and add CIS_Debian_Linux_8_Benchmark to docs dir.

README.md

@@ -49,7 +49,7 @@ $ git clone https://github.com/hardenedlinux/harbian-audit.git && cd harbian-aud
 
 If use Network install from a minimal CD to installed Debian GNU/Linux, need install bc package before use the hardening tool. 
 ```
-# apt-get install bc 
+# apt-get install -y bc net-tools 
 ```
 
 ### Configuration
@@ -104,22 +104,24 @@ it will automatically be enabled for future runs. Do NOT use this option
 if you have already started to customize your configuration.
 
 ## After remediation   
-When exec --apply and set-hardening-level are set to 5 (the highest level), or - when applying 7.4.4_hosts_deny.sh, the OS cannot be connected through the ssh service, so you need to do the following:
+When exec --apply and set-hardening-level are set to 5 (the highest level), you need to do the following:
 
-1) Set allow access host list on /etc/hosts.allow, example:
+1) When applying 9.5(Restrict Access to the su Command), you must use the root account to log in to the OS because ordinary users cannot perform subsequent operations.
+
+2) When applying 7.4.4_hosts_deny.sh, the OS cannot be connected through the ssh service, so you need to set allow access host list on /etc/hosts.allow, example:
 ```
-echo "ALL: 192.168.1. 192.168.5." >> /etc/hosts.allow
+# echo "ALL: 192.168.1. 192.168.5." >> /etc/hosts.allow
 ```
 
-2) Set capabilities for usual user, example(user name is test):
+3) Set capabilities for usual user, example(user name is test):
 ```
 # sed -i "/^root/a\test    ALL=(ALL:ALL) ALL" /etc/sudoers 
 ```
-3) Set basic iptables rules 
-Set the corresponding firewall rules according to the applications used. HardenedLinux community for Debian firewall rules: 
+4) Set basic iptables rules 
+Set the corresponding firewall rules according to the applications used. HardenedLinux community for Debian GNU/Linux firewall rules: 
 [etc.iptables.rules.v4.sh](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/examples/configurations/etc.iptables.rules.v4.sh)
 
-4) Use the passwd command to change the passwords of all users, and change the password to a secure and reliable password entry with the same password complexity set by the pam_cracklib module.
+5) Use the passwd command to change the passwords of all users, and change the password to a secure and reliable password entry with the same password complexity set by the pam_cracklib module.
 
 ## Hacking
 

bin/hardening/7.4.4_hosts_deny.sh

@@ -5,7 +5,7 @@
 #
 
 #
-# 7.4.4 Create /etc/hosts.deny (Not Scored)
+# 7.4.4 Create /etc/hosts.deny (Scored)
 #
 
 set -e # One error, it's over

bin/hardening/9.2.14_enable_auth_without_nullpwd.sh

@@ -60,10 +60,10 @@ apply () {
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
         info "Delete option $OPTIONNAME1 from $FILE"
-        sed -ie "s/$OPTIONNAME1//" $FILE
+        sed -i "s/$OPTIONNAME1//" $FILE
     elif [ $FNRET = 5 ]; then
         info "Delete option $OPTIONNAME2 from $FILE"
-        sed -ie "s/$OPTIONNAME2//" $FILE
+        sed -i "s/$OPTIONNAME2//" $FILE
     fi 
 }
 

lib/utils.sh

@@ -557,7 +557,7 @@ add_option_to_password_check()
     # For example : 
     # password  requisite           pam_cracklib.so  minlen=8 difok=3
     # password  requisite           pam_cracklib.so  minlen=8 difok=3 retry=3
-    sed -ie "s;\(^password.*$KEYWORD.*\);\1 $OPTIONSTR;" $PAMPWDFILE  
+    sed -i "s;\(^password.*$KEYWORD.*\);\1 $OPTIONSTR;" $PAMPWDFILE  
 }
 
 # Add session check option