Remove the sudo command from docs.

2025-07-31 01:24:58 +02:00 · 2020-04-26 00:50:30 +08:00 · 2020-04-26 00:50:30 +08:00 · d54fa4f75c
commit d54fa4f75c
parent 2678bb54b4
16 changed files with 193 additions and 202 deletions
--- a/README-CN.md
+++ b/README-CN.md
@ -6,7 +6,7 @@
 审计功能的使用示例： 
 ```console
-$ sudo bash bin/hardening.sh --audit-all
+# bash bin/hardening.sh --audit-all
 [...]
 hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening/13.15_check_duplicate_gid.sh
 13.15_check_duplicate_gid [INFO] Working on 13.15_check_duplicate_gid
@ -29,13 +29,13 @@ hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening
 ### 下载及初始化 
 ```console
 $ git clone https://github.com/hardenedlinux/harbian-audit.git && cd harbian-audit
-$ sudo cp etc/default.cfg /etc/default/cis-hardening
+# cp etc/default.cfg /etc/default/cis-hardening
-$ sudo sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='$(pwd)'#" /etc/default/cis-hardening
+# sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='$(pwd)'#" /etc/default/cis-hardening
-$ sudo bin/hardening.sh --init
+# bin/hardening.sh --init
 ```
 ### 对所有的安全检查项进行审计 
 ```
-$ sudo bin/hardening.sh --audit-all
+# bin/hardening.sh --audit-all
 hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening/1.1_install_updates.sh
 1.1_install_updates       [INFO] Working on 1.1_install_updates
 1.1_install_updates       [INFO] Checking Configuration
@ -55,8 +55,8 @@ hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening
 ```
 ### 设置加固级别并进行自动修复  
 ```
-$ sudo bin/hardening.sh --set-hardening-level 5  
+# bin/hardening.sh --set-hardening-level 5  
-$ sudo bin/hardening.sh --apply  
+# bin/hardening.sh --apply  
 hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening/1.1_install_updates.sh
 1.1_install_updates       [INFO] Working on 1.1_install_updates
 1.1_install_updates       [INFO] Checking Configuration
@ -75,17 +75,17 @@ hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening
 ### 需要预装的软件  
 如果是使用的最小安装方式安装的Debian GNU/Linux系统，在使用此项目之前，需要安装如下的软件：
 ```
-sudo apt-get install -y bc net-tools pciutils 
+# apt-get install -y bc net-tools pciutils 
 ```
 如果系统是Redhat/CentOS，在使用此项目前，需要安装如下的软件包：
 ```
-sudo yum install -y bc net-tools pciutils NetworkManager epel-release 
+# yum install -y bc net-tools pciutils NetworkManager epel-release 
 ```
 ### 需要预先进行的配置 
 在使用此项目前，必须给所有要用到的用户设置了密码。如果没有设置密码的话，将在进行自动化加固后不能够登录到系统。例如(用户：root和test）:
 ```
-$ sudo -s 
+ 
 # passwd 
 # passwd test 
 ```
@ -155,8 +155,8 @@ EXCEPTIONS=""
 基于iptables的部署:
 ```
 $ INTERFACENAME="your network interfacename(Example eth0)"
-$ sudo bash docs/configurations/etc.iptables.rules.v4.sh $INTERFACENAME
+# bash docs/configurations/etc.iptables.rules.v4.sh $INTERFACENAME
-$ sudo -s
+
 # iptables-save > /etc/iptables/rules.v4 
 # ip6tables-save > /etc/iptables/rules.v6 
 ```
@ -164,13 +164,13 @@ $ sudo -s
 按照以下命令修改nftables.conf(你的对外网口的名称，例如：eth0):
 ```
 $ sed -i 's/^define int_if = ens33/define int_if = eth0/g' etc.nftables.conf 
-$ sudo nft -f ./etc.nftables.conf 
+# nft -f ./etc.nftables.conf 
 ```
 5) 当所有安全基线项都修复完成后，使用--final方法将完成以下的最终的工作：
   1.使用passwd命令去重新设置常规用户及root用户的密码，以满足pam_cracklib模块配置的密码强度和健壮性。
   2. 重新初始化aide工具的数据库。
 ```
-$ sudo bin/hardening.sh --final
+# bin/hardening.sh --final
 ```
 ## 特别注意 
--- a/README.md
+++ b/README.md
@ -10,7 +10,7 @@ The code framework is based on the [OVH-debian-cis](https://github.com/ovh/debia
 ```console
-$ sudo bash bin/hardening.sh --audit-all
+# bash bin/hardening.sh --audit-all
 [...]
 hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening/13.15_check_duplicate_gid.sh
 13.15_check_duplicate_gid [INFO] Working on 13.15_check_duplicate_gid
@ -32,10 +32,10 @@ hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening
 ```console
 $ git clone https://github.com/hardenedlinux/harbian-audit.git && cd harbian-audit
-$ sudo cp etc/default.cfg /etc/default/cis-hardening
+# cp etc/default.cfg /etc/default/cis-hardening
-$ sudo sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='$(pwd)'#" /etc/default/cis-hardening
+# sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='$(pwd)'#" /etc/default/cis-hardening
-$ sudo bin/hardening.sh --init
+# bin/hardening.sh --init
-$ sudo bin/hardening.sh --audit-all
+# bin/hardening.sh --audit-all
 hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening/1.1_install_updates.sh
 1.1_install_updates       [INFO] Working on 1.1_install_updates
 1.1_install_updates       [INFO] Checking Configuration
@ -52,8 +52,8 @@ hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening
         Total Failed Checks : [  39/278 ]
   Enabled Checks Percentage : 100.00 %
       Conformity Percentage : 85.97 %
-$ sudo bin/hardening.sh --set-hardening-level 5
+# bin/hardening.sh --set-hardening-level 5
-$ sudo bin/hardening.sh --apply 
+# bin/hardening.sh --apply 
 hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening/1.1_install_updates.sh
 1.1_install_updates       [INFO] Working on 1.1_install_updates
 1.1_install_updates       [INFO] Checking Configuration
@ -73,18 +73,18 @@ hardening                 [INFO] Treating /home/test/harbian-audit/bin/hardening
 If use Network install from a minimal CD to installed Debian GNU/Linux, need install packages before use the hardening tool. 
 ```
-sudo apt-get install -y bc net-tools pciutils network-manager 
+# apt-get install -y bc net-tools pciutils network-manager 
 ```
 Redhat/CentOS need install packages before use the hardening tool:
 ```
-sudo yum install -y bc net-tools pciutils NetworkManager epel-release 
+# yum install -y bc net-tools pciutils NetworkManager epel-release 
 ```
 ### Pre-Set 
 You must set a password for all users before hardening. Otherwise, you will not be able to log in after the hardening is completed. Example(OS user: root and test): 
 ```
-$ sudo -s 
+ 
 # passwd 
 # passwd test 
 ```
@ -169,8 +169,8 @@ Set the corresponding firewall rules according to the applications used. Hardene
 to do the following:
 ```
 $ INTERFACENAME="your network interfacename(Example eth0)"
-$ sudo bash docs/configurations/etc.iptables.rules.v4.sh $INTERFACENAME
+# bash docs/configurations/etc.iptables.rules.v4.sh $INTERFACENAME
-$ sudo -s
+
 # iptables-save > /etc/iptables/rules.v4 
 # ip6tables-save > /etc/iptables/rules.v6 
 ```
@ -180,13 +180,13 @@ $ sudo -s
 to do the following(your network interfacename(Example eth0)):
 ```
 $ sed -i 's/^define int_if = ens33/define int_if = eth0/g' etc.nftables.conf 
-$ sudo nft -f ./etc.nftables.conf 
+# nft -f ./etc.nftables.conf 
 ```
 5) When all repairs are completed. --final method will:
   1. Use passwd command to change the password of the regular and root user to apply the password complexity and robustness of the pam_cracklib module configuration.
   2. Aide reinitializes.
 ```
-$ sudo bin/hardening.sh --final
+# bin/hardening.sh --final
 ```
 ## Special Note 
--- a/docs/complianced_image/AMI/how_to_creating_and_making_an_AMI_public.mkd
+++ b/docs/complianced_image/AMI/how_to_creating_and_making_an_AMI_public.mkd
@ -24,15 +24,15 @@ The creation process is as follows:
 ### Pre-Install 
 ```
-$ sudo apt update 
+# apt update 
-$ sudo apt install -y bc net-tools  bc net-tools pciutils network-manager vim unzip
+# apt install -y bc net-tools  bc net-tools pciutils network-manager vim unzip
 ```
 ### Get harbian-audit project 
 ```
 $ cd /opt
-/opt$ sudo wget https://github.com/hardenedlinux/harbian-audit/archive/master.zip 
+/opt# wget https://github.com/hardenedlinux/harbian-audit/archive/master.zip 
-/opt$ sudo unzip master.zip 
+/opt# unzip master.zip 
 /opt$ cd harbian-audit-master/ 
 ```
 ### How to use harbian-audit to audit and apply 
@ -40,7 +40,6 @@ $ cd /opt
 //maybe not need 
 #### Set passwd to all user:
 ```
 admin@ip:/opt/harbian-audit-master$ sudo -s
 admin@ip:/opt/harbian-audit-master# passwd
 admin@ip:/opt/harbian-audit-master# passwd admin
 ```
@ -49,27 +48,26 @@ admin@ip:/opt/harbian-audit-master# passwd admin
 ##### First audit && apply:
 ```
-admin@ip:/opt/harbian-audit-master$ sudo cp etc/default.cfg /etc/default/cis-hardening
+admin@ip:/opt/harbian-audit-master# cp etc/default.cfg /etc/default/cis-hardening
-admin@ip:/opt/harbian-audit-master$ sudo sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='$(pwd)'#" /etc/default/cis-hardening 
+admin@ip:/opt/harbian-audit-master# sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='$(pwd)'#" /etc/default/cis-hardening 
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --init
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --init
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --audit-all 
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --audit-all 
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --set-hardening-level 5 
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --set-hardening-level 5 
-admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg 
+admin@ip:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg 
-admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/7.4.4_hosts_deny.cfg 
+admin@ip:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/7.4.4_hosts_deny.cfg 
-admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/10.1.6_remove_nopasswd_sudoers.cfg
+admin@ip:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/10.1.6_remove_nopasswd_sudoers.cfg
-admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.1_install_aide.cfg 
+admin@ip:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.1_install_aide.cfg 
-admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.2_aide_cron.cfg 
+admin@ip:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.2_aide_cron.cfg 
-admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/10.1.1_set_password_exp_days.cfg
+admin@ip:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/10.1.1_set_password_exp_days.cfg
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply 
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --apply 
-admin@ip:/opt/harbian-audit-master$ sudo reboot 
+admin@ip:/opt/harbian-audit-master# reboot 
 ```
 ##### Second audit && apply(After reboot)  
 Configuring  the firewall:
 ```
 admin@ip:/opt/harbian-audit-master$ INTERFACENAME="eth0"
-admin@ip:/opt/harbian-audit-master$ sudo bash /opt/harbian-audit-master/docs/configurations/etc.iptables.rules.v4.sh $INTERFACENAME 
+admin@ip:/opt/harbian-audit-master# bash /opt/harbian-audit-master/docs/configurations/etc.iptables.rules.v4.sh $INTERFACENAME 
-admin@ip:/opt/harbian-audit-master$ sudo bash /opt/harbian-audit-master/docs/configurations/etc.iptables.rules.v6.sh $INTERFACENAME 
+admin@ip:/opt/harbian-audit-master# bash /opt/harbian-audit-master/docs/configurations/etc.iptables.rules.v6.sh $INTERFACENAME 
 admin@ip:/opt/harbian-audit-master$ sudo -s 
 admin@ip:/opt/harbian-audit-master# iptables-save > /etc/iptables/rules.v4 
 admin@ip:/opt/harbian-audit-master# ip6tables-save > /etc/iptables/rules.v6
 admin@ip:/opt/harbian-audit-master# exit
@ -77,28 +75,28 @@ admin@ip:/opt/harbian-audit-master# exit
 Apply need to apply twice items and that items of must apply after first apply:
 ```
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.1.2
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --apply --only 8.1.1.2
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.1.3
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --apply --only 8.1.1.3
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.12
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --apply --only 8.1.12
-admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg 
+admin@ip:/opt/harbian-audit-master# sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg 
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.32 
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --apply --only 8.1.32 
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 4.5
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --apply --only 4.5
-admin@ip:/opt/harbian-audit-master$ sudo reboot 
+admin@ip:/opt/harbian-audit-master# reboot 
 ```
 ##### Third apply(after reboot)  
 Apply need to apply three times items:
 ```
-admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg 
+admin@ip:/opt/harbian-audit-master# sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg 
-admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg
+admin@ip:/opt/harbian-audit-master# sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.4.1
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --apply --only 8.4.1
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.4.2
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --apply --only 8.4.2
-admin@ip:/opt/harbian-audit-master$ sudo reboot 
+admin@ip:/opt/harbian-audit-master# reboot 
 ```  
 ### Set issues 
 ```
-$ sudo sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/Linux 9/g" /etc/issue* 
+# sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/Linux 9/g" /etc/issue* 
 ```
 ### Hacking 
@ -110,24 +108,23 @@ Use the following guidelines to reduce the attack surface and improve the reliab
 #### Clean harbian-audit temp file and conf 
 ```
-$ sudo rm /opt/master.zip 
+# rm /opt/master.zip 
-$ sudo rm /opt/harbian-audit-master/tmp/backups/*
+# rm /opt/harbian-audit-master/tmp/backups/*
-$ sudo rm /opt/harbian-audit-master/etc/conf.d/*.cfg 
+# rm /opt/harbian-audit-master/etc/conf.d/*.cfg 
 ```
 #### Uninstall 
 ```
-$ sudo apt-get purge --autoremove unzip -y 
+# apt-get purge --autoremove unzip -y 
 ```
 #### Clear the current log:
 ```
-$ sudo find /var/log/ -name "*.log" -exec shred -u {} \; 
+# find /var/log/ -name "*.log" -exec shred -u {} \; 
-$ sudo find /var/log/ -name "*.log.*" -exec shred -u {} \; 
+# find /var/log/ -name "*.log.*" -exec shred -u {} \; 
-$ sudo find / -name "authorized_keys" -exec shred -u {} \; 
+# find / -name "authorized_keys" -exec shred -u {} \; 
-$ sudo rm  /root/.wget-hsts 
+# rm  /root/.wget-hsts 
-$ sudo rm  /root/.viminfo 
+# rm  /root/.viminfo 
 $ sudo -s
 # echo > /var/log/debug 
 # echo > /var/log/btmp 
 # echo > /var/log/error 
@ -145,7 +142,7 @@ $ sudo -s
 #### Final apply
 Reset password for all users and reinit aide database: 
 ```
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --final 
+admin@ip:/opt/harbian-audit-master# ./bin/hardening.sh --final 
 ```
 #### Clear bash hostory 
--- a/docs/complianced_image/AMI/how_to_use_harbian_audit_complianced_Debian_9.mkd
+++ b/docs/complianced_image/AMI/how_to_use_harbian_audit_complianced_Debian_9.mkd
@ -28,7 +28,7 @@
 ## Use harbian-audit to check   
 ```
 admin@ip-:~$ cd /opt/harbian-audit-master/
-admin@ip-:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --audit-all
+admin@ip-:/opt/harbian-audit-master# ./bin/hardening.sh --audit-all
 ......
 ################### SUMMARY ###################
--- a/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_centos8.mkd
+++ b/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_centos8.mkd
@ -77,9 +77,8 @@ root@harbian:/opt/harbian-audit-master# reboot
 After reboot:
 ```
-harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/configurations/etc.iptables.rules.v4.sh  eth0
+harbian-audit@harbian:/opt/harbian-audit-master# bash ./docs/configurations/etc.iptables.rules.v4.sh  eth0
-harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/configurations/etc.iptables.rules.v6.sh eth0 
+harbian-audit@harbian:/opt/harbian-audit-master# bash ./docs/configurations/etc.iptables.rules.v6.sh eth0 
 harbian-audit@harbian:/opt/harbian-audit-master$ sudo -s   
 root@harbian:/opt/harbian-audit-master# iptables-save > /etc/sysconfig/iptables   
 root@harbian:/opt/harbian-audit-master# ip6tables-save > /etc/sysconfig/ip6tables  
 ```
@ -88,7 +87,7 @@ Related how to use harbian-audit to adit and apply, please reference:
 ### Set issues 
 ```
-$ sudo sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/Linux 9/g" /etc/issue* 
+# sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/Linux 9/g" /etc/issue* 
 ```
 ### Set grub passwd   
@ -101,7 +100,6 @@ Related how to config grub2 password protection, please reference:
 ### Re-set passwd of all users 
 ```
 harbian-audit@harbian:~$ sudo -s
 root@harbian:/home/harbian-audit# passwd 
 root@harbian:/home/harbian-audit# passwd harbian-audit  
 ```
@ -113,38 +111,37 @@ If need adds a project on AMI, add the project on such as /opt, /usr/local/bin d
 #### Uninstall   
 ```
-$ sudo apt-get purge --autoremove unzip -y   
+# apt-get purge --autoremove unzip -y   
 ```
 #### Clean harbian-audit temp file and conf  
 ```
-$ sudo rm /opt/master.zip 
+# rm /opt/master.zip 
-$ sudo rm /opt/harbian-audit-master/tmp/backups/*
+# rm /opt/harbian-audit-master/tmp/backups/*
 $ cd /opt/harbian-audit-master/etc/conf.d
-$ sudo rm -f !(8.1.32_freeze_auditd_conf.cfg|8.4.1_install_aide.cfg|8.4.2_aide_cron.cfg) 
+# rm -f !(8.1.32_freeze_auditd_conf.cfg|8.4.1_install_aide.cfg|8.4.2_aide_cron.cfg) 
 ```
 #### Final fix  
 ```
 $ cd /opt/harbian-audit-master 
-$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
+# sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
-$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg 
+# sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg 
-$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg 
+# sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg 
-$ sudo bash bin/hardening.sh --apply --only 8.1.32
+# bash bin/hardening.sh --apply --only 8.1.32
-$ sudo bash bin/hardening.sh --apply --only 8.4.1
+# bash bin/hardening.sh --apply --only 8.4.1
-$ sudo bash bin/hardening.sh --apply --only 8.4.2
+# bash bin/hardening.sh --apply --only 8.4.2
-$ sudo rm /opt/harbian-audit-master/tmp/backups/*
+# rm /opt/harbian-audit-master/tmp/backups/*
-$ sudo rm /opt/harbian-audit-master/etc/conf.d/*
+# rm /opt/harbian-audit-master/etc/conf.d/*
 ``` 
 #### Clear the current log   
 ```
-$ sudo find /var/log/ -name "*.log" -exec shred -u {} \; 
+# find /var/log/ -name "*.log" -exec shred -u {} \; 
-$ sudo find /var/log/ -name "*.log.*" -exec shred -u {} \; 
+# find /var/log/ -name "*.log.*" -exec shred -u {} \; 
-$ sudo find / -name "authorized_keys" -exec shred -u {} \; 
+# find / -name "authorized_keys" -exec shred -u {} \; 
-$ sudo rm  /root/.wget-hsts 
+# rm  /root/.wget-hsts 
-$ sudo rm  /root/.viminfo 
+# rm  /root/.viminfo 
 $ sudo -s
 # echo > /var/log/debug 
 # echo > /var/log/btmp 
 # echo > /var/log/error 
@ -160,7 +157,7 @@ $ sudo -s
 #### AIDE RE-INIT  
 ```
-$ sudo aideinit -y -f  
+# aideinit -y -f  
 ``` 
 #### Clear bash hostory  
@ -169,7 +166,7 @@ $ sudo aideinit -y -f
 # history -cw 
 $ echo > ~/.bash_history 
 $ history -cw 
-$ sudo poweroff 
+# poweroff 
 ``` 
 ## sign QEMU image 
--- a/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_debian9.mkd
+++ b/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_debian9.mkd
@ -77,8 +77,7 @@ root@harbian:/opt/harbian-audit-master# reboot
 After reboot:
 ```
-harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/configurations/etc.iptables.rules.v4.sh  eth0
+harbian-audit@harbian:/opt/harbian-audit-master# bash ./docs/configurations/etc.iptables.rules.v4.sh  eth0
 harbian-audit@harbian:/opt/harbian-audit-master$ sudo -s   
 root@harbian:/opt/harbian-audit-master# iptables-save > /etc/iptables/rules.v4   
 root@harbian:/opt/harbian-audit-master# ip6tables-save > /etc/iptables/rules.v6  
 ```
@ -87,7 +86,7 @@ Related how to use harbian-audit to adit and apply, please reference:
 ### Set issues 
 ```
-$ sudo sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/Linux 9/g" /etc/issue* 
+# sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/Linux 9/g" /etc/issue* 
 ```
 ### Set grub passwd   
@ -100,7 +99,6 @@ Related how to config grub2 password protection, please reference:
 ### Re-set passwd of all users 
 ```
 harbian-audit@harbian:~$ sudo -s
 root@harbian:/home/harbian-audit# passwd 
 root@harbian:/home/harbian-audit# passwd harbian-audit  
 ```
@ -112,38 +110,37 @@ If need adds a project on AMI, add the project on such as /opt, /usr/local/bin d
 #### Uninstall   
 ```
-$ sudo apt-get purge --autoremove unzip -y   
+# apt-get purge --autoremove unzip -y   
 ```
 #### Clean harbian-audit temp file and conf  
 ```
-$ sudo rm /opt/master.zip 
+# rm /opt/master.zip 
-$ sudo rm /opt/harbian-audit-master/tmp/backups/*
+# rm /opt/harbian-audit-master/tmp/backups/*
 $ cd /opt/harbian-audit-master/etc/conf.d
-$ sudo rm -f !(8.1.32_freeze_auditd_conf.cfg|8.4.1_install_aide.cfg|8.4.2_aide_cron.cfg) 
+# rm -f !(8.1.32_freeze_auditd_conf.cfg|8.4.1_install_aide.cfg|8.4.2_aide_cron.cfg) 
 ```
 #### Final fix  
 ```
 $ cd /opt/harbian-audit-master 
-$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
+# sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
-$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg 
+# sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg 
-$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg 
+# sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg 
-$ sudo bash bin/hardening.sh --apply --only 8.1.32
+# bash bin/hardening.sh --apply --only 8.1.32
-$ sudo bash bin/hardening.sh --apply --only 8.4.1
+# bash bin/hardening.sh --apply --only 8.4.1
-$ sudo bash bin/hardening.sh --apply --only 8.4.2
+# bash bin/hardening.sh --apply --only 8.4.2
-$ sudo rm /opt/harbian-audit-master/tmp/backups/*
+# rm /opt/harbian-audit-master/tmp/backups/*
-$ sudo rm /opt/harbian-audit-master/etc/conf.d/*
+# rm /opt/harbian-audit-master/etc/conf.d/*
 ``` 
 #### Clear the current log   
 ```
-$ sudo find /var/log/ -name "*.log" -exec shred -u {} \; 
+# find /var/log/ -name "*.log" -exec shred -u {} \; 
-$ sudo find /var/log/ -name "*.log.*" -exec shred -u {} \; 
+# find /var/log/ -name "*.log.*" -exec shred -u {} \; 
-$ sudo find / -name "authorized_keys" -exec shred -u {} \; 
+# find / -name "authorized_keys" -exec shred -u {} \; 
-$ sudo rm  /root/.wget-hsts 
+# rm  /root/.wget-hsts 
-$ sudo rm  /root/.viminfo 
+# rm  /root/.viminfo 
 $ sudo -s
 # echo > /var/log/debug 
 # echo > /var/log/btmp 
 # echo > /var/log/error 
@ -159,7 +156,7 @@ $ sudo -s
 #### AIDE RE-INIT  
 ```
-$ sudo aideinit -y -f  
+# aideinit -y -f  
 ``` 
 #### Clear bash hostory  
@ -168,7 +165,7 @@ $ sudo aideinit -y -f
 # history -cw 
 $ echo > ~/.bash_history 
 $ history -cw 
-$ sudo poweroff 
+# poweroff 
 ``` 
 ## sign QEMU image 
--- a/docs/configurations/debian-config-4-build-deb/how-to-build-deb-package.md
+++ b/docs/configurations/debian-config-4-build-deb/how-to-build-deb-package.md
@ -2,7 +2,7 @@
 ## Pre-install 
 ```
-sudo apt-get install build-essential dh-make debhelper lintian wget 
+# apt-get install build-essential dh-make debhelper lintian wget 
 ```
 ## Config evc var for dh_make 
 ```
--- a/docs/configurations/manual-operation-docs/how_to_deploy_audisp_remote_for_audit_log.mkd
+++ b/docs/configurations/manual-operation-docs/how_to_deploy_audisp_remote_for_audit_log.mkd
@ -3,7 +3,7 @@
 ## Server 
 ### Install package 
 ```
-sudo apt install -y auditd 
+# apt install -y auditd 
 ```
 ### Configure 
@ -21,7 +21,7 @@ systemctl restart auditd
 ## Client 
 ### Install package 
 ```
-sudo apt install -y audispd-plugins  auditd 
+# apt install -y audispd-plugins  auditd 
 ```
 ### Configure 
--- a/docs/configurations/manual-operation-docs/how_to_migrating_from_iptables_to_nftables_in_debian10.md
+++ b/docs/configurations/manual-operation-docs/how_to_migrating_from_iptables_to_nftables_in_debian10.md
@ -3,7 +3,7 @@ Debian Buster uses the nftables framework by default.
 ## Pre-install  
 ```
-$ sudo apt install nftables
+# apt install nftables
 ```
 ## Check iptables link point 
@ -13,7 +13,7 @@ You can switch back and forth between iptables-nft and iptables-legacy by means
 Check iptables currently link:
 ```
-$ sudo update-alternatives  --display iptables
+# update-alternatives  --display iptables
 iptables - auto mode
  link best version is /usr/sbin/iptables-nft
  link currently points to /usr/sbin/iptables-nft
@ -29,11 +29,11 @@ iptables - auto mode
 ```
 If you see above, don't need switching, if currently link to iptables-legacy, need use command to switching to iptables-nft:
 ```
-$ sudo update-alternatives --set iptables /usr/sbin/iptables-nft
+# update-alternatives --set iptables /usr/sbin/iptables-nft
-$ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
+# update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
-$ sudo update-alternatives --set arptables /usr/sbin/arptables-nft
+# update-alternatives --set arptables /usr/sbin/arptables-nft
-$ sudo update-alternatives --set ebtables /usr/sbin/ebtables-nft
+# update-alternatives --set ebtables /usr/sbin/ebtables-nft
-$ sudo update-alternatives  --display iptables
+# update-alternatives  --display iptables
 ```
 ## Migrating  
 move from an existing iptables ruleset to nftables:
@ -41,17 +41,17 @@ move from an existing iptables ruleset to nftables:
 ### Command translation  
 You can generate a translation of an iptables/ip6tables command to know the nftables equivalent. 
 ```
-$ sudo iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
+# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
 nft add rule ip filter INPUT tcp dport 22 ct state new counter accept
-$ sudo ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT
+# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT
 nft add rule ip6 filter FORWARD iifname "eth0" oifname "eth3" meta l4proto udp udp dport { 111,222} counter accept
 ```
 Instead of translating command by command, you can translate your whole ruleset in a single run: 
 ```
-$ sudo iptables-save > save.txt
+# iptables-save > save.txt
-$ sudo iptables-restore-translate -f save.txt
+# iptables-restore-translate -f save.txt
 # Translated by iptables-restore-translate v1.8.2 on Fri Jul 12 04:33:36 2019
 add table ip filter
 add chain ip filter INPUT { type filter hook input priority 0; policy drop; }
@ -114,10 +114,10 @@ add chain ip mangle POSTROUTING { type filter hook postrouting priority -150; po
 ```
 You should be able to directly give this to nftables:  
 ```
-$ sudo iptables-restore-translate -f save.txt > ruleset.nft
+# iptables-restore-translate -f save.txt > ruleset.nft
-$ sudo nft -f ruleset.nft
+# nft -f ruleset.nft
 ```
-$ sudo nft list ruleset 
+# nft list ruleset 
 List nft ruleset:
 ```
 table ip filter {
@ -263,7 +263,7 @@ table ip mangle {
 ## Uninstall iptables 
 ```
-$ sudo apt purge --autoremove iptables 
+# apt purge --autoremove iptables 
 ```
 ## Reference  
--- a/docs/configurations/manual-operation-docs/how_to_persistent_iptables_rules_with_debian_9.mkd
+++ b/docs/configurations/manual-operation-docs/how_to_persistent_iptables_rules_with_debian_9.mkd
@ -9,7 +9,7 @@ netfilter-persistent  1.0.4+nmu2
 ## Install 
 ```
-$ sudo apt-get install -y iptables-persistent
+# apt-get install -y iptables-persistent
 ```  
 This command will install iptables-persistent and netfilter-persistent(depended iptables-persistent),
@ -19,19 +19,19 @@ netfilter-persistent service is auto running when netfilter-persistent was insta
 Check service status:
 ```
-$ sudo systemctl status netfilter-persistent
+# systemctl status netfilter-persistent
 ```
 If netfilter-persistent service is not started, use the following command to enable netfilter-persistent service:
 ```
-$ sudo systemctl start netfilter-persistent
+# systemctl start netfilter-persistent
 ```
 ## How to config for persistent iptables
 First, when configuring iptables rules done, need use the following command to save current iptables rules:
 ```
-$ sudo dpkg-reconfigure iptables-persistent
+# dpkg-reconfigure iptables-persistent
 ```  
 or
@ -45,5 +45,5 @@ Note: User iptables-save/ip6tables-save command, save file must is above file na
 ## Well-done 
 Iptables rules would auto restore iptables rules when Operation system restart, or manual to exec following command:
 ```
-$ sudo systemctl restart  netfilter-persistent
+# systemctl restart  netfilter-persistent
 ```
--- a/docs/configurations/manual-operation-docs/how_to_persistent_nft_rules_with_debian_10.mkd
+++ b/docs/configurations/manual-operation-docs/how_to_persistent_nft_rules_with_debian_10.mkd
@ -8,12 +8,12 @@ nftables    0.9.0-2
 ## Pre-Install 
 ```
-$ sudo apt-get install -y nftables netfilter-persistent 
+# apt-get install -y nftables netfilter-persistent 
 ```  
 ## Uninstall iptables 
 ```
-$ sudo apt purge --autoremove iptables 
+# apt purge --autoremove iptables 
 ```
 ## How to enable netfilter-persistent service
@ -22,12 +22,12 @@ netfilter-persistent service is auto running when netfilter-persistent was insta
 Check service status:
 ```
-$ sudo systemctl status netfilter-persistent
+# systemctl status netfilter-persistent
 ```
 If netfilter-persistent service is not started, use the following command to enable netfilter-persistent service:
 ```
-$ sudo systemctl start netfilter-persistent
+# systemctl start netfilter-persistent
 ```
 ## How to config for persistent nft rules  
@ -35,7 +35,7 @@ $ sudo systemctl start netfilter-persistent
 ### Get nftables ruleset  
 ```
 ~$ wget https://raw.githubusercontent.com/hardenedlinux/harbian-audit/master/docs/configurations/etc.nftables.conf 
-~$ sudo mv etc.nftables.conf /etc/nftables.conf 
+~# mv etc.nftables.conf /etc/nftables.conf 
 ``` 
 Note: Please replace ens33 to interface name of your device 
@ -43,32 +43,32 @@ Note: Please replace ens33 to interface name of your device
 ### Get plugin of netfilter-persistent 
 ```
 ~$ wget https://raw.githubusercontent.com/hardenedlinux/harbian-audit/master/docs/configurations/usr.share.netfilter-persistent.plugins.d.15-nft
-~$ sudo mv usr.share.netfilter-persistent.plugins.d.15-nft /usr/share/netfilter-persistent/plugins.d/15-nft
+~# mv usr.share.netfilter-persistent.plugins.d.15-nft /usr/share/netfilter-persistent/plugins.d/15-nft
-~$ sudo chmod 755 /usr/share/netfilter-persistent/plugins.d/15-nft 
+~# chmod 755 /usr/share/netfilter-persistent/plugins.d/15-nft 
 ```
 ## Well-done 
 Nft rules would auto restore nftables rules when Operation system restart, or manual to exec following command:
 ```
-$ sudo netfilter-persistent start 
+# netfilter-persistent start 
 run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-nft start 
 ```
 ## Additional usage 
 ### Flush nft rules 
 ```
-$ sudo netfilter-persistent flush
+# netfilter-persistent flush
 run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-nft flush 
 ```
 ### Save nft rules 
 ```
-$ sudo netfilter-persistent save 
+# netfilter-persistent save 
 run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-nft save 
 ```
 ### Restore nft rules 
 ```
-$ sudo netfilter-persistent start
+# netfilter-persistent start
 run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-nft start 
 ```
--- a/docs/use-cases/apache2-usecase/Readme.mkd
+++ b/docs/use-cases/apache2-usecase/Readme.mkd
@ -2,7 +2,7 @@
 ## Install 
 ```
-sudo apt-get install apache2  
+# apt-get install apache2  
 ```
 # How to use harbian-audit to audit and apply 
@ -10,7 +10,7 @@ sudo apt-get install apache2
 ## Set firewall 
 ```
 sed -i 's/PUB_IFS=.*/PUB_IFS="interface of machine"/g' ./etc.iptables.rules.v4.4http.sh
-sudo bash ./etc.iptables.rules.v4.4http.sh
+# bash ./etc.iptables.rules.v4.4http.sh
 ```
 ## Audit and apply 
@ -18,11 +18,11 @@ See the documentation for more details:
 [harbian-audit-readme](https://github.com/hardenedlinux/harbian-audit/blob/master/README.md) 
 ```
-sudo bash bin/hardening.sh --audit-all 
+# bash bin/hardening.sh --audit-all 
 # This is set special service to exception(6.10)
-sudo bash bin/hardening.sh --set-hardening-level 5 --allow-service http
+# bash bin/hardening.sh --set-hardening-level 5 --allow-service http
-sudo bash bin/hardening.sh --audit-all 
+# bash bin/hardening.sh --audit-all 
-sudo bash bin/hardening.sh --apply
+# bash bin/hardening.sh --apply
 ```
--- a/docs/use-cases/hyperledger-cello-usecase/README.mkd
+++ b/docs/use-cases/hyperledger-cello-usecase/README.mkd
@ -5,18 +5,18 @@
 ## Master node 
 ```
-sudo iptables-restore master-ufw-rules.conf 
+# iptables-restore master-ufw-rules.conf 
-sudo bash bin/hardening.sh --audit-all 
+# bash bin/hardening.sh --audit-all 
-sudo bash bin/hardening.sh --set-hardening-level 5 
+# bash bin/hardening.sh --set-hardening-level 5 
-sudo bash bin/hardening.sh --audit-all 
+# bash bin/hardening.sh --audit-all 
-sudo bash bin/hardening.sh --apply
+# bash bin/hardening.sh --apply
 ```
 ## Worker node 
 ```
-sudo iptables-restore worker-ufw-rules.conf
+# iptables-restore worker-ufw-rules.conf
-sudo bash bin/hardening.sh --audit-all 
+# bash bin/hardening.sh --audit-all 
-sudo bash bin/hardening.sh --set-hardening-level 5 
+# bash bin/hardening.sh --set-hardening-level 5 
-sudo bash bin/hardening.sh --audit-all
+# bash bin/hardening.sh --audit-all
-sudo bash bin/hardening.sh --apply
+# bash bin/hardening.sh --apply
 ```
--- a/docs/use-cases/nodejs-redis-mysql-usecase/README.md
+++ b/docs/use-cases/nodejs-redis-mysql-usecase/README.md
@ -11,14 +11,14 @@
 ### Install mysql
 ```
-$ sudo apt install mysql-server
+# apt install mysql-server
 ```
 #### Configurate database
 Create helloworld database
 ```
-$ sudo mysql -uroot 
+# mysql -uroot 
 MariaDB [(none)]> CREATE DATABASE helloworld;
 ```
@ -45,12 +45,12 @@ deb-src http://mirrors.163.com/debian/ stretch-backports main
 and update
 ```
-$ sudo apt update
+# apt update
 ```
 #### install the package
 ```
-$ sudo apt -t stretch-backports install -y redis-server
+# apt -t stretch-backports install -y redis-server
 ```
 #### Configurate Redis
@ -82,7 +82,7 @@ systemctl restart redis
 ### Install Nodejs
 ```
-$ sudo apt install curl -y
+# apt install curl -y
 ```
 #as root
 ```
@ -206,8 +206,8 @@ module.exports = {
 //Installation PM2: 
 ```
-$ sudo npm install pm2 -g
+# npm install pm2 -g
-$ sudo chmod -R 755 /usr/lib/node_modules/pm2  
+# chmod -R 755 /usr/lib/node_modules/pm2  
 ```
 ```
@ -217,7 +217,7 @@ $ pm2 startup systemd
 [PM2] Init System found: systemd
 [PM2] To setup the Startup Script, copy/paste the following command:
-sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u helloworld --hp /home/helloworld
+# env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u helloworld --hp /home/helloworld
 ```
 change to root user and execute
@ -238,7 +238,7 @@ now start the service
 ## Set iptables rules
 ```
-$ sudo iptables -I INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
+# iptables -I INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
 ```
 ## Test 
--- a/docs/use-cases/tls-transmission-usecase/nginx-mutual-ssl-proxy-http-service/Readme.mkd
+++ b/docs/use-cases/tls-transmission-usecase/nginx-mutual-ssl-proxy-http-service/Readme.mkd
@ -5,22 +5,22 @@
 ## Server node 
 ```
-sudo iptables-restore iptables_ufw-4-server.cfg 
+# iptables-restore iptables_ufw-4-server.cfg 
-sudo bash bin/hardening.sh --audit-all 
+# bash bin/hardening.sh --audit-all 
 # This is set special service to exception(6.2 6.3 6.10)
-sudo bash bin/hardening.sh --set-hardening-level 5 --allow-service dns,http,cups
+# bash bin/hardening.sh --set-hardening-level 5 --allow-service dns,http,cups
-sudo bash bin/hardening.sh --audit-all 
+# bash bin/hardening.sh --audit-all 
-sudo bash bin/hardening.sh --apply
+# bash bin/hardening.sh --apply
 ```
 ## Client node 
 ```
-sudo iptables-restore iptables_ufw-4-client.cfg
+# iptables-restore iptables_ufw-4-client.cfg
-sudo bash bin/hardening.sh --audit-all 
+# bash bin/hardening.sh --audit-all 
 # This is set special service to exception(6.10)
-sudo bash bin/hardening.sh --set-hardening-level 5 --allow-service http 
+# bash bin/hardening.sh --set-hardening-level 5 --allow-service http 
-sudo bash bin/hardening.sh --audit-all
+# bash bin/hardening.sh --audit-all
-sudo bash bin/hardening.sh --apply
+# bash bin/hardening.sh --apply
 ```
--- a/docs/use-cases/tls-transmission-usecase/using-Nginx-as-SSL-tunnel-4TCP-UDP-service/Readme.mkd
+++ b/docs/use-cases/tls-transmission-usecase/using-Nginx-as-SSL-tunnel-4TCP-UDP-service/Readme.mkd
@ -5,22 +5,22 @@
 ## Server node 
 ```
-sudo iptables-restore iptables_ufw-4-server.cfg 
+# iptables-restore iptables_ufw-4-server.cfg 
-sudo bash bin/hardening.sh --audit-all 
+# bash bin/hardening.sh --audit-all 
 # This is set special service to exception(6.2 6.3 6.10)
-sudo bash bin/hardening.sh --set-hardening-level 5 --allow-service dns,http,cups
+# bash bin/hardening.sh --set-hardening-level 5 --allow-service dns,http,cups
-sudo bash bin/hardening.sh --audit-all 
+# bash bin/hardening.sh --audit-all 
-sudo bash bin/hardening.sh --apply
+# bash bin/hardening.sh --apply
 ```
 ## Client node 
 ```
-sudo iptables-restore iptables_ufw-4-client.cfg
+# iptables-restore iptables_ufw-4-client.cfg
-sudo bash bin/hardening.sh --audit-all 
+# bash bin/hardening.sh --audit-all 
 # This is set special service to exception(6.10)
-sudo bash bin/hardening.sh --set-hardening-level 5 --allow-service http 
+# bash bin/hardening.sh --set-hardening-level 5 --allow-service http 
-sudo bash bin/hardening.sh --audit-all
+# bash bin/hardening.sh --audit-all
-sudo bash bin/hardening.sh --apply
+# bash bin/hardening.sh --apply
 ```