feat: add debian12 scripts

- sudo_re_authenticate.sh 	-> 5.2.5
- pam_pwhistory_enabled.sh 	-> 5.3.2.4
- pam_faillock_enabled.sh	-> 5.3.2.2
This is an updated version of enable_lockout_failed_password.sh (renamed)

- pam_unix_enabled.sh  		-> 5.3.2.1
- password_failed_lockout.sh 	-> 5.3.3.1.1
- password_unlock_time.sh 	-> 5.3.3.1.2
- password_root_unlock.sh 	-> 5.3.3.1.3

tests/hardening/pam_faillock_enabled.sh

@@ -0,0 +1,30 @@
+# shellcheck shell=bash
+# run-shellcheck
+test_audit() {
+
+    local PAM_FILES=""
+    PAM_FILES="/etc/pam.d/common-auth /etc/pam.d/common-account"
+
+    # install dependencies
+    apt-get update
+    apt-get install -y libpam-pwquality
+
+    # prepare to fail
+    describe Prepare on purpose failed test
+    # shellcheck disable=2086
+    sed -i '/pam_faillock.so/s/^/#/g' $PAM_FILES
+
+    describe Running on purpose failed test
+    register_test retvalshouldbe 1
+    # shellcheck disable=2154
+    run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+    describe correcting situation
+    sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
+    "${CIS_CHECKS_DIR}/${script}.sh" --apply || true
+
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+}