diff --git a/AUTHORS b/AUTHORS
index 0934611..e46d827 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -2,6 +2,7 @@ Contributors of this project :
 
 Developers :
     Thibault Dewailly, OVH <thibault.dewailly@corp.ovh.com>
+    Stéphane Lesimple, OVH <stephane.lesimple@corp.ovh.com>
 
 Debian package maintainers :
     Kevin Tanguy, OVH <kevin.tanguy@corp.ovh.com>
diff --git a/bin/hardening.sh b/bin/hardening.sh
index 573fe26..d6291a0 100755
--- a/bin/hardening.sh
+++ b/bin/hardening.sh
@@ -20,11 +20,13 @@ AUDIT=0
 APPLY=0
 AUDIT_ALL=0
 AUDIT_ALL_ENABLE_PASSED=0
+ALLOW_SERVICE_LIST=0
+SET_HARDENING_LEVEL=0
 CIS_ROOT_DIR=''
 
 usage() {
     cat << EOF
-$LONG_SCRIPT_NAME RUN_MODE, where RUN_MODE is one of:
+$LONG_SCRIPT_NAME <RUN_MODE> [OPTIONS], where RUN_MODE is one of:
 
     --help -h
         Show this help
@@ -53,6 +55,35 @@ $LONG_SCRIPT_NAME RUN_MODE, where RUN_MODE is one of:
         Don't run this if you have already customized the scripts enable/disable
         configurations, obviously.
 
+    --set-hardening-level <level>
+        Modifies the configuration to enable/disable tests given an hardening level,
+        between 1 to 5. Don't run this if you have already customized the scripts
+        enable/disable configurations.
+        1: very basic policy, failure to pass tests at this level indicates severe
+            misconfiguration of the machine that can have a huge security impact
+        2: basic policy, some good practice rules that, once applied, shouldn't
+            break anything on most systems
+        3: best practices policy, passing all tests might need some configuration
+            modifications (such as specific partitioning, etc.)
+        4: high security policy, passing all tests might be time-consuming and
+            require high adaptation of your workflow
+        5: placebo, policy rules that might be very difficult to apply and maintain,
+            with questionable security benefits
+
+    --allow-service <service>
+        Use with --set-hardening-level.
+        Modifies the policy to allow a certain kind of services on the machine, such
+        as http, mail, etc. Can be specified multiple times to allow multiple services.
+        Use --allow-service-list to get a list of supported services.
+
+OPTIONS:
+
+    --only <test_number>
+        Modifies the RUN_MODE to only work on the test_number script.
+        Can be specified multiple times to work only on several scripts.
+        The test number is the numbered prefix of the script,
+        i.e. the test number of 1.2_script_name.sh is 1.2.
+
 EOF
     exit 0
 }
@@ -61,6 +92,8 @@ if [ $# = 0 ]; then
     usage
 fi
 
+declare -a TEST_LIST ALLOWED_SERVICES_LIST
+
 # Arguments parsing
 while [[ $# > 0 ]]; do
     ARG="$1"
@@ -77,6 +110,21 @@ while [[ $# > 0 ]]; do
         --apply)
             APPLY=1
         ;;
+        --allow-service-list)
+            ALLOW_SERVICE_LIST=1
+        ;;
+        --allow-service)
+            ALLOWED_SERVICES_LIST[${#ALLOWED_SERVICES_LIST[@]}]="$2"
+            shift
+        ;;
+        --set-hardening-level)
+            SET_HARDENING_LEVEL="$2"
+            shift
+        ;;
+        --only)
+            TEST_LIST[${#TEST_LIST[@]}]="$2"
+            shift
+        ;;
         -h|--help)
             usage
         ;;
@@ -104,8 +152,51 @@ fi
 [ -r $CIS_ROOT_DIR/lib/common.sh     ] && . $CIS_ROOT_DIR/lib/common.sh
 [ -r $CIS_ROOT_DIR/lib/utils.sh      ] && . $CIS_ROOT_DIR/lib/utils.sh
 
+# If --allow-service-list is specified, don't run anything, just list the supported services
+if [ "$ALLOW_SERVICE_LIST" = 1 ] ; then
+    declare -a HARDENING_EXCEPTIONS_LIST
+    for SCRIPT in $(ls $CIS_ROOT_DIR/bin/hardening/*.sh -v); do
+        template=$(grep "^HARDENING_EXCEPTION=" "$SCRIPT" | cut -d= -f2)
+        [ -n "$template" ] && HARDENING_EXCEPTIONS_LIST[${#HARDENING_EXCEPTIONS_LIST[@]}]="$template"
+    done
+    echo "Supported services are: "$(echo "${HARDENING_EXCEPTIONS_LIST[@]}" | tr " " "\n" | sort -u | tr "\n" " ")
+    exit 0
+fi
+
+# If --set-hardening-level is specified, don't run anything, just apply config for each script
+if [ -n "$SET_HARDENING_LEVEL" -a "$SET_HARDENING_LEVEL" != 0 ] ; then
+    if ! grep -q "^[12345]$" <<< "$SET_HARDENING_LEVEL" ; then
+        echo "Bad --set-hardening-level specified ('$SET_HARDENING_LEVEL'), expected 1 to 5"
+        exit 1
+    fi
+
+    for SCRIPT in $(ls $CIS_ROOT_DIR/bin/hardening/*.sh -v); do
+        SCRIPT_BASENAME=$(basename $SCRIPT .sh)
+        script_level=$(grep "^HARDENING_LEVEL=" "$SCRIPT" | cut -d= -f2)
+        if [ -z "$script_level" ] ; then
+            echo "The script $SCRIPT_BASENAME doesn't have a hardening level, configuration untouched for it"
+            continue
+        fi
+        wantedstatus=disabled
+        [ "$script_level" -le "$SET_HARDENING_LEVEL" ] && wantedstatus=enabled
+        sed -i -re "s/^status=.+/status=$wantedstatus/" $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_BASENAME.cfg
+    done
+    echo "Configuration modified to enable scripts for hardening level at or below $SET_HARDENING_LEVEL"
+    exit 0
+fi
+
 # Parse every scripts and execute them in the required mode
 for SCRIPT in $(ls $CIS_ROOT_DIR/bin/hardening/*.sh -v); do
+    if [ ${#TEST_LIST[@]} -gt 0 ] ; then
+        # --only X has been specified at least once, is this script in my list ?
+        SCRIPT_PREFIX=$(grep -Eo '^[0-9.]+' <<< "$(basename $SCRIPT)")
+        SCRIPT_PREFIX_RE=$(sed -e 's/\./\\./g' <<< "$SCRIPT_PREFIX")
+        if ! grep -qEw "$SCRIPT_PREFIX_RE" <<< "${TEST_LIST[@]}"; then
+            # not in the list
+            continue
+        fi
+    fi
+
     info "Treating $SCRIPT"
     
     if [ $AUDIT = 1 ]; then
diff --git a/bin/hardening/1.1_install_updates.sh b/bin/hardening/1.1_install_updates.sh
index 1f8dad9..657dc79 100755
--- a/bin/hardening/1.1_install_updates.sh
+++ b/bin/hardening/1.1_install_updates.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Checking if apt needs an update"
diff --git a/bin/hardening/10.1.1_set_password_exp_days.sh b/bin/hardening/10.1.1_set_password_exp_days.sh
index a1e4d60..ce7dcbc 100755
--- a/bin/hardening/10.1.1_set_password_exp_days.sh
+++ b/bin/hardening/10.1.1_set_password_exp_days.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='login'
 OPTIONS='PASS_MAX_DAYS=90'
 FILE='/etc/login.defs'
diff --git a/bin/hardening/10.1.2_set_password_min_days_change.sh b/bin/hardening/10.1.2_set_password_min_days_change.sh
index 48e9190..a4eef31 100755
--- a/bin/hardening/10.1.2_set_password_min_days_change.sh
+++ b/bin/hardening/10.1.2_set_password_min_days_change.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='login'
 OPTIONS='PASS_MIN_DAYS=7'
 FILE='/etc/login.defs'
diff --git a/bin/hardening/10.1.3_set_password_exp_warning_days.sh b/bin/hardening/10.1.3_set_password_exp_warning_days.sh
index 6a45639..3ff35c1 100755
--- a/bin/hardening/10.1.3_set_password_exp_warning_days.sh
+++ b/bin/hardening/10.1.3_set_password_exp_warning_days.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='login'
 OPTIONS='PASS_WARN_AGE=7'
 FILE='/etc/login.defs'
diff --git a/bin/hardening/10.2_disable_system_accounts.sh b/bin/hardening/10.2_disable_system_accounts.sh
index 6b6667e..0dcb6a9 100755
--- a/bin/hardening/10.2_disable_system_accounts.sh
+++ b/bin/hardening/10.2_disable_system_accounts.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 SHELL='/bin/false'
 FILE='/etc/passwd'
 RESULT=''
@@ -70,6 +72,15 @@ apply () {
     fi
 }
 
+# This function will create the config file for this check with default values
+create_config() {
+    cat <<EOF
+status=disabled
+# Put here your exceptions concerning admin accounts shells separated by spaces
+EXCEPTIONS=""
+EOF
+}
+
 # This function will check config parameters required
 check_config() {
     if [ -z "$EXCEPTIONS" ]; then
diff --git a/bin/hardening/10.3_default_root_group.sh b/bin/hardening/10.3_default_root_group.sh
index 171a533..51a389e 100755
--- a/bin/hardening/10.3_default_root_group.sh
+++ b/bin/hardening/10.3_default_root_group.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 USER='root'
 EXPECTED_GID='0'
 
diff --git a/bin/hardening/10.4_default_umask.sh b/bin/hardening/10.4_default_umask.sh
index 2d999cb..5e9f4e4 100755
--- a/bin/hardening/10.4_default_umask.sh
+++ b/bin/hardening/10.4_default_umask.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 USER='root'
 PATTERN='umask 077'
 FILES_TO_SEARCH='/etc/bash.bashrc /etc/profile.d /etc/profile'
diff --git a/bin/hardening/10.5_lock_inactive_user_account.sh b/bin/hardening/10.5_lock_inactive_user_account.sh
index bd1ab67..967a39a 100755
--- a/bin/hardening/10.5_lock_inactive_user_account.sh
+++ b/bin/hardening/10.5_lock_inactive_user_account.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Looking at the manual of useradd, it seems that this recommendation does not fill the title"
diff --git a/bin/hardening/11.1_warning_banners.sh b/bin/hardening/11.1_warning_banners.sh
index d2a0d05..6b1fda5 100755
--- a/bin/hardening/11.1_warning_banners.sh
+++ b/bin/hardening/11.1_warning_banners.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PERMISSIONS='644'
 USER='root'
 GROUP='root'
diff --git a/bin/hardening/11.2_remove_os_info_warning_banners.sh b/bin/hardening/11.2_remove_os_info_warning_banners.sh
index 135d57d..56c4f04 100755
--- a/bin/hardening/11.2_remove_os_info_warning_banners.sh
+++ b/bin/hardening/11.2_remove_os_info_warning_banners.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 FILES='/etc/motd /etc/issue /etc/issue.net'
 PATTERN='(\\v|\\r|\\m|\\s)'
 
diff --git a/bin/hardening/11.3_graphical_warning_banners.sh b/bin/hardening/11.3_graphical_warning_banners.sh
index 4eecb11..1149c4e 100755
--- a/bin/hardening/11.3_graphical_warning_banners.sh
+++ b/bin/hardening/11.3_graphical_warning_banners.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Not implemented yet"
diff --git a/bin/hardening/12.10_find_suid_files.sh b/bin/hardening/12.10_find_suid_files.sh
index 0c87ada..971f0e1 100755
--- a/bin/hardening/12.10_find_suid_files.sh
+++ b/bin/hardening/12.10_find_suid_files.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Checking if there are suid files"
@@ -35,6 +37,15 @@ apply () {
     info "Removing suid on valid binary may seriously harm your system, report only here"
 }
 
+# This function will create the config file for this check with default values
+create_config() {
+    cat <<EOF
+status=disabled
+# Put Here your valid suid binaries so that they do not appear during the audit
+EXCEPTIONS="/bin/mount /bin/ping /bin/ping6 /bin/su /bin/umount /usr/bin/chfn /usr/bin/chsh /usr/bin/fping /usr/bin/fping6 /usr/bin/gpasswd /usr/bin/mtr /usr/bin/newgrp /usr/bin/passwd /usr/bin/sudo /usr/bin/sudoedit /usr/lib/openssh/ssh-keysign /usr/lib/pt_chown /usr/bin/at"
+EOF
+}
+
 # This function will check config parameters required
 check_config() {
     # No param for this function
diff --git a/bin/hardening/12.11_find_sgid_files.sh b/bin/hardening/12.11_find_sgid_files.sh
index 794a85e..db1b91e 100755
--- a/bin/hardening/12.11_find_sgid_files.sh
+++ b/bin/hardening/12.11_find_sgid_files.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Checking if there are sgid files"
@@ -35,6 +37,15 @@ apply () {
     info "Removing sgid on valid binary may seriously harm your system, report only here"
 }
 
+# This function will create the config file for this check with default values
+create_config() {
+    cat <<EOF
+status=disabled
+# Put here valid binaries with sgid enabled separated by spaces
+EXCEPTIONS="/sbin/unix_chkpwd /usr/bin/bsd-write /usr/bin/chage /usr/bin/crontab /usr/bin/expiry /usr/bin/mutt_dotlock /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/sbin/postdrop /usr/sbin/postqueue /usr/bin/at /usr/bin/dotlockfile /usr/bin/mail-lock /usr/bin/mail-touchlock /usr/bin/mail-unlock"
+EOF
+}
+
 # This function will check config parameters required
 check_config() {
     if [ -z "$EXCEPTIONS" ]; then
diff --git a/bin/hardening/12.1_etc_passwd_permissions.sh b/bin/hardening/12.1_etc_passwd_permissions.sh
index df4fb32..d833292 100755
--- a/bin/hardening/12.1_etc_passwd_permissions.sh
+++ b/bin/hardening/12.1_etc_passwd_permissions.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/passwd'
 PERMISSIONS='644'
 
diff --git a/bin/hardening/12.2_etc_shadow_permissions.sh b/bin/hardening/12.2_etc_shadow_permissions.sh
index e278fe1..f5ea517 100755
--- a/bin/hardening/12.2_etc_shadow_permissions.sh
+++ b/bin/hardening/12.2_etc_shadow_permissions.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/shadow'
 PERMISSIONS='640'
 
diff --git a/bin/hardening/12.3_etc_group_permissions.sh b/bin/hardening/12.3_etc_group_permissions.sh
index e9e9bd1..89d3230 100755
--- a/bin/hardening/12.3_etc_group_permissions.sh
+++ b/bin/hardening/12.3_etc_group_permissions.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/group'
 PERMISSIONS='644'
 
diff --git a/bin/hardening/12.4_etc_passwd_ownership.sh b/bin/hardening/12.4_etc_passwd_ownership.sh
index daa912a..3219378 100755
--- a/bin/hardening/12.4_etc_passwd_ownership.sh
+++ b/bin/hardening/12.4_etc_passwd_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/passwd'
 USER='root'
 GROUP='root'
diff --git a/bin/hardening/12.5_etc_shadow_ownership.sh b/bin/hardening/12.5_etc_shadow_ownership.sh
index 713537d..c63ead0 100755
--- a/bin/hardening/12.5_etc_shadow_ownership.sh
+++ b/bin/hardening/12.5_etc_shadow_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/shadow'
 USER='root'
 GROUP='shadow'
diff --git a/bin/hardening/12.6_etc_group_ownership.sh b/bin/hardening/12.6_etc_group_ownership.sh
index 0e1061c..7f5c676 100755
--- a/bin/hardening/12.6_etc_group_ownership.sh
+++ b/bin/hardening/12.6_etc_group_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/group'
 USER='root'
 GROUP='root'
diff --git a/bin/hardening/12.7_find_world_writable_file.sh b/bin/hardening/12.7_find_world_writable_file.sh
index 4c439cc..d97872a 100755
--- a/bin/hardening/12.7_find_world_writable_file.sh
+++ b/bin/hardening/12.7_find_world_writable_file.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Checking if there are world writable files"
diff --git a/bin/hardening/12.8_find_unowned_files.sh b/bin/hardening/12.8_find_unowned_files.sh
index 4d44028..53d8644 100755
--- a/bin/hardening/12.8_find_unowned_files.sh
+++ b/bin/hardening/12.8_find_unowned_files.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 USER='root'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/12.9_find_ungrouped_files.sh b/bin/hardening/12.9_find_ungrouped_files.sh
index c6bddca..68a81c5 100755
--- a/bin/hardening/12.9_find_ungrouped_files.sh
+++ b/bin/hardening/12.9_find_ungrouped_files.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 GROUP='root'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/13.10_find_user_rhosts_files.sh b/bin/hardening/13.10_find_user_rhosts_files.sh
index a254d23..7db4077 100755
--- a/bin/hardening/13.10_find_user_rhosts_files.sh
+++ b/bin/hardening/13.10_find_user_rhosts_files.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 ERRORS=0
 FILENAME=".rhosts"
 
diff --git a/bin/hardening/13.11_find_passwd_group_inconsistencies.sh b/bin/hardening/13.11_find_passwd_group_inconsistencies.sh
index abc6246..a52def2 100755
--- a/bin/hardening/13.11_find_passwd_group_inconsistencies.sh
+++ b/bin/hardening/13.11_find_passwd_group_inconsistencies.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/13.12_users_valid_homedir.sh b/bin/hardening/13.12_users_valid_homedir.sh
index 4642551..2566779 100755
--- a/bin/hardening/13.12_users_valid_homedir.sh
+++ b/bin/hardening/13.12_users_valid_homedir.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/13.13_check_user_homedir_ownership.sh b/bin/hardening/13.13_check_user_homedir_ownership.sh
index 71fb0d6..053ead2 100755
--- a/bin/hardening/13.13_check_user_homedir_ownership.sh
+++ b/bin/hardening/13.13_check_user_homedir_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/13.14_check_duplicate_uid.sh b/bin/hardening/13.14_check_duplicate_uid.sh
index b15a68e..63ee17f 100755
--- a/bin/hardening/13.14_check_duplicate_uid.sh
+++ b/bin/hardening/13.14_check_duplicate_uid.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/13.15_check_duplicate_gid.sh b/bin/hardening/13.15_check_duplicate_gid.sh
index e1cca12..d0fd19c 100755
--- a/bin/hardening/13.15_check_duplicate_gid.sh
+++ b/bin/hardening/13.15_check_duplicate_gid.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/13.16_check_duplicate_username.sh b/bin/hardening/13.16_check_duplicate_username.sh
index c7b9958..bc3c2ed 100755
--- a/bin/hardening/13.16_check_duplicate_username.sh
+++ b/bin/hardening/13.16_check_duplicate_username.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/13.17_check_duplicate_groupname.sh b/bin/hardening/13.17_check_duplicate_groupname.sh
index 06bb48c..5c73c71 100755
--- a/bin/hardening/13.17_check_duplicate_groupname.sh
+++ b/bin/hardening/13.17_check_duplicate_groupname.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/13.18_find_user_netrc_files.sh b/bin/hardening/13.18_find_user_netrc_files.sh
index 77e010d..a98d084 100755
--- a/bin/hardening/13.18_find_user_netrc_files.sh
+++ b/bin/hardening/13.18_find_user_netrc_files.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 ERRORS=0
 FILENAME='.netrc'
 
diff --git a/bin/hardening/13.19_find_user_forward_files.sh b/bin/hardening/13.19_find_user_forward_files.sh
index df83d8d..c8bdca0 100755
--- a/bin/hardening/13.19_find_user_forward_files.sh
+++ b/bin/hardening/13.19_find_user_forward_files.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 ERRORS=0
 FILENAME='.forward'
 
diff --git a/bin/hardening/13.1_remove_empty_password_field.sh b/bin/hardening/13.1_remove_empty_password_field.sh
index 8b85b8e..dac0c87 100755
--- a/bin/hardening/13.1_remove_empty_password_field.sh
+++ b/bin/hardening/13.1_remove_empty_password_field.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/shadow'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/13.20_shadow_group_empty.sh b/bin/hardening/13.20_shadow_group_empty.sh
index 00df1d6..33f8b3f 100755
--- a/bin/hardening/13.20_shadow_group_empty.sh
+++ b/bin/hardening/13.20_shadow_group_empty.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 ERRORS=0
 FILEGROUP='/etc/group'
 PATTERN='^shadow:x:[[:digit:]]+:'
diff --git a/bin/hardening/13.2_remove_legacy_passwd_entries.sh b/bin/hardening/13.2_remove_legacy_passwd_entries.sh
index 4a460d2..267cf93 100755
--- a/bin/hardening/13.2_remove_legacy_passwd_entries.sh
+++ b/bin/hardening/13.2_remove_legacy_passwd_entries.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/passwd'
 RESULT=''
 
diff --git a/bin/hardening/13.3_remove_legacy_shadow_entries.sh b/bin/hardening/13.3_remove_legacy_shadow_entries.sh
index 0e5fe1b..2bcd9bc 100755
--- a/bin/hardening/13.3_remove_legacy_shadow_entries.sh
+++ b/bin/hardening/13.3_remove_legacy_shadow_entries.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/shadow'
 RESULT=''
 
diff --git a/bin/hardening/13.4_remove_legacy_group_entries.sh b/bin/hardening/13.4_remove_legacy_group_entries.sh
index ceb9ee5..c4decf5 100755
--- a/bin/hardening/13.4_remove_legacy_group_entries.sh
+++ b/bin/hardening/13.4_remove_legacy_group_entries.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/group'
 RESULT=''
 
diff --git a/bin/hardening/13.5_find_0_uid_non_root_account.sh b/bin/hardening/13.5_find_0_uid_non_root_account.sh
index 99a6094..21bb593 100755
--- a/bin/hardening/13.5_find_0_uid_non_root_account.sh
+++ b/bin/hardening/13.5_find_0_uid_non_root_account.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 FILE='/etc/passwd'
 RESULT=''
 
@@ -33,7 +35,7 @@ audit () {
         crit "Some accounts have uid 0"
         crit $RESULT
     else
-        ok "No account with uid 0 apart root"
+        ok "No account with uid 0 appart from root and potential configured exceptions"
     fi
 }
 
@@ -42,6 +44,15 @@ apply () {
     info "Removing accounts with uid 0 may seriously harm your system, report only here"
 }
 
+# This function will create the config file for this check with default values
+create_config() {
+    cat <<EOF
+status=disabled
+# Put here valid accounts with uid 0 separated by spaces
+EXCEPTIONS=""
+EOF
+}
+
 # This function will check config parameters required
 check_config() {
     if [ -z "$EXCEPTIONS" ]; then
diff --git a/bin/hardening/13.6_sanitize_root_path.sh b/bin/hardening/13.6_sanitize_root_path.sh
index aa02810..d82865c 100755
--- a/bin/hardening/13.6_sanitize_root_path.sh
+++ b/bin/hardening/13.6_sanitize_root_path.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/13.7_check_user_dir_perm.sh b/bin/hardening/13.7_check_user_dir_perm.sh
index 13fa713..c3a6c35 100755
--- a/bin/hardening/13.7_check_user_dir_perm.sh
+++ b/bin/hardening/13.7_check_user_dir_perm.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
@@ -86,6 +88,15 @@ apply () {
     done
 }
 
+# This function will create the config file for this check with default values
+create_config() {
+    cat <<EOF
+status=disabled
+# Put here user home directories exceptions, separated by spaces
+EXCEPTIONS=""
+EOF
+}
+
 # This function will check config parameters required
 check_config() {
     if [ -z "$EXCEPTIONS" ]; then
diff --git a/bin/hardening/13.8_check_user_dot_file_perm.sh b/bin/hardening/13.8_check_user_dot_file_perm.sh
index 5988400..4157953 100755
--- a/bin/hardening/13.8_check_user_dot_file_perm.sh
+++ b/bin/hardening/13.8_check_user_dot_file_perm.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/13.9_set_perm_on_user_netrc.sh b/bin/hardening/13.9_set_perm_on_user_netrc.sh
index 64d7940..ac50b3b 100755
--- a/bin/hardening/13.9_set_perm_on_user_netrc.sh
+++ b/bin/hardening/13.9_set_perm_on_user_netrc.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PERMISSIONS="600"
 ERRORS=0
 
diff --git a/bin/hardening/2.10_home_nodev.sh b/bin/hardening/2.10_home_nodev.sh
index 5baba84..084f1d6 100755
--- a/bin/hardening/2.10_home_nodev.sh
+++ b/bin/hardening/2.10_home_nodev.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Quick factoring as many script use the same logic
 PARTITION="/home"
 OPTION="nodev"
diff --git a/bin/hardening/2.11_removable_device_nodev.sh b/bin/hardening/2.11_removable_device_nodev.sh
index 8aafd45..ee6f41b 100755
--- a/bin/hardening/2.11_removable_device_nodev.sh
+++ b/bin/hardening/2.11_removable_device_nodev.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Fair warning, it only checks /media.* like partition in fstab, it's not exhaustive
 
 # Quick factoring as many script use the same logic
diff --git a/bin/hardening/2.12_removable_device_noexec.sh b/bin/hardening/2.12_removable_device_noexec.sh
index 273fea6..b1912b3 100755
--- a/bin/hardening/2.12_removable_device_noexec.sh
+++ b/bin/hardening/2.12_removable_device_noexec.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Fair warning, it only checks /media.* like partition in fstab, it's not exhaustive
 
 # Quick factoring as many script use the same logic
diff --git a/bin/hardening/2.13_removable_device_nosuid.sh b/bin/hardening/2.13_removable_device_nosuid.sh
index 467d0b1..c6a8f73 100755
--- a/bin/hardening/2.13_removable_device_nosuid.sh
+++ b/bin/hardening/2.13_removable_device_nosuid.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Fair warning, it only checks /media.* like partition in fstab, it's not exhaustive
 
 # Quick factoring as many script use the same logic
diff --git a/bin/hardening/2.14_run_shm_nodev.sh b/bin/hardening/2.14_run_shm_nodev.sh
index 5e8af6c..41939b5 100755
--- a/bin/hardening/2.14_run_shm_nodev.sh
+++ b/bin/hardening/2.14_run_shm_nodev.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Quick factoring as many script use the same logic
 PARTITION="/run/shm"
 OPTION="nodev"
diff --git a/bin/hardening/2.15_run_shm_nosuid.sh b/bin/hardening/2.15_run_shm_nosuid.sh
index 7985f38..4ffbc07 100755
--- a/bin/hardening/2.15_run_shm_nosuid.sh
+++ b/bin/hardening/2.15_run_shm_nosuid.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Quick factoring as many script use the same logic
 PARTITION="/run/shm"
 OPTION="nosuid"
diff --git a/bin/hardening/2.16_run_shm_noexec.sh b/bin/hardening/2.16_run_shm_noexec.sh
index 8b10e27..84e6765 100755
--- a/bin/hardening/2.16_run_shm_noexec.sh
+++ b/bin/hardening/2.16_run_shm_noexec.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # Quick factoring as many script use the same logic
 PARTITION="/run/shm"
 OPTION="noexec"
diff --git a/bin/hardening/2.17_sticky_bit_world_writable_folder.sh b/bin/hardening/2.17_sticky_bit_world_writable_folder.sh
index be4dd2b..3188a34 100755
--- a/bin/hardening/2.17_sticky_bit_world_writable_folder.sh
+++ b/bin/hardening/2.17_sticky_bit_world_writable_folder.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Checking if setuid is set on world writable Directories"
diff --git a/bin/hardening/2.18_disable_cramfs.sh b/bin/hardening/2.18_disable_cramfs.sh
index 209c0bf..c2c44f5 100755
--- a/bin/hardening/2.18_disable_cramfs.sh
+++ b/bin/hardening/2.18_disable_cramfs.sh
@@ -11,13 +11,15 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
-# Assumption made : You have a monolothic kernel with your config zipped in /proc/config.gz
-KERNEL_OPTION="cramfs"
+HARDENING_LEVEL=2
+
+KERNEL_OPTION="CONFIG_CRAMFS"
+MODULE_NAME="cramfs"
 
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    is_kernel_option_enabled $KERNEL_OPTION
+    is_kernel_option_enabled $KERNEL_OPTION $MODULE_NAME
     if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
         crit "$KERNEL_OPTION is enabled!"
     else
diff --git a/bin/hardening/2.19_disable_freevxfs.sh b/bin/hardening/2.19_disable_freevxfs.sh
index def44ee..b5e7911 100755
--- a/bin/hardening/2.19_disable_freevxfs.sh
+++ b/bin/hardening/2.19_disable_freevxfs.sh
@@ -11,13 +11,15 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
-# Assumption made : You have a monolothic kernel with your config zipped in /proc/config.gz
-KERNEL_OPTION="freevxfs"
+HARDENING_LEVEL=2
+
+KERNEL_OPTION="CONFIG_VXFS_FS"
+MODULE_NAME="freevxfs"
 
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    is_kernel_option_enabled $KERNEL_OPTION
+    is_kernel_option_enabled $KERNEL_OPTION $MODULE_NAME
     if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
         crit "$KERNEL_OPTION is enabled!"
     else
diff --git a/bin/hardening/2.1_tmp_partition.sh b/bin/hardening/2.1_tmp_partition.sh
index 8e68e09..2f7b1e2 100755
--- a/bin/hardening/2.1_tmp_partition.sh
+++ b/bin/hardening/2.1_tmp_partition.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # Quick factoring as many script use the same logic
 PARTITION="/tmp"
 
diff --git a/bin/hardening/2.20_disable_jffs2.sh b/bin/hardening/2.20_disable_jffs2.sh
index 8524a64..d00f8ac 100755
--- a/bin/hardening/2.20_disable_jffs2.sh
+++ b/bin/hardening/2.20_disable_jffs2.sh
@@ -11,13 +11,15 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
-# Assumption made : You have a monolothic kernel with your config zipped in /proc/config.gz
-KERNEL_OPTION="jffs2"
+HARDENING_LEVEL=2
+
+KERNEL_OPTION="CONFIG_JFFS2_FS"
+MODULE_NAME="jffs2"
 
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    is_kernel_option_enabled $KERNEL_OPTION
+    is_kernel_option_enabled $KERNEL_OPTION $MODULE_NAME
     if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
         crit "$KERNEL_OPTION is enabled!"
     else
diff --git a/bin/hardening/2.21_disable_hfs.sh b/bin/hardening/2.21_disable_hfs.sh
index 953664e..67e546c 100755
--- a/bin/hardening/2.21_disable_hfs.sh
+++ b/bin/hardening/2.21_disable_hfs.sh
@@ -11,13 +11,15 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
-# Assumption made : You have a monolothic kernel with your config zipped in /proc/config.gz
-KERNEL_OPTION="hfs"
+HARDENING_LEVEL=2
+
+KERNEL_OPTION="CONFIG_HFS_FS"
+MODULE_FILE="hfs"
 
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    is_kernel_option_enabled $KERNEL_OPTION
+    is_kernel_option_enabled $KERNEL_OPTION $MODULE_FILE
     if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
         crit "$KERNEL_OPTION is enabled!"
     else
diff --git a/bin/hardening/2.22_disable_hfsplus.sh b/bin/hardening/2.22_disable_hfsplus.sh
index b90d5c5..20b8dd3 100755
--- a/bin/hardening/2.22_disable_hfsplus.sh
+++ b/bin/hardening/2.22_disable_hfsplus.sh
@@ -11,13 +11,15 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
-# Assumption made : You have a monolothic kernel with your config zipped in /proc/config.gz
-KERNEL_OPTION="hfsplus"
+HARDENING_LEVEL=2
+
+KERNEL_OPTION="CONFIG_HFSPLUS_FS"
+MODULE_FILE="hfsplus"
 
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    is_kernel_option_enabled $KERNEL_OPTION
+    is_kernel_option_enabled $KERNEL_OPTION $MODULE_FILE
     if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
         crit "$KERNEL_OPTION is enabled!"
     else
diff --git a/bin/hardening/2.23_disable_squashfs.sh b/bin/hardening/2.23_disable_squashfs.sh
index 104daea..83ba69e 100755
--- a/bin/hardening/2.23_disable_squashfs.sh
+++ b/bin/hardening/2.23_disable_squashfs.sh
@@ -11,13 +11,15 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
-# Assumption made : You have a monolothic kernel with your config zipped in /proc/config.gz
-KERNEL_OPTION="squashfs"
+HARDENING_LEVEL=2
+
+KERNEL_OPTION="CONFIG_SQUASHFS"
+MODULE_FILE="squashfs"
 
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    is_kernel_option_enabled $KERNEL_OPTION
+    is_kernel_option_enabled $KERNEL_OPTION $MODULE_FILE
     if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
         crit "$KERNEL_OPTION is enabled!"
     else
diff --git a/bin/hardening/2.24_disable_udf.sh b/bin/hardening/2.24_disable_udf.sh
index 39f8a7b..d271f2d 100755
--- a/bin/hardening/2.24_disable_udf.sh
+++ b/bin/hardening/2.24_disable_udf.sh
@@ -11,13 +11,15 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
-# Assumption made : You have a monolothic kernel with your config zipped in /proc/config.gz
-KERNEL_OPTION="udf"
+HARDENING_LEVEL=2
+
+KERNEL_OPTION="CONFIG_UDF_FS"
+MODULE_FILE="udf"
 
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    is_kernel_option_enabled $KERNEL_OPTION
+    is_kernel_option_enabled $KERNEL_OPTION $MODULE_FILE
     if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
         crit "$KERNEL_OPTION is enabled!"
     else
diff --git a/bin/hardening/2.25_disable_automounting.sh b/bin/hardening/2.25_disable_automounting.sh
index 478ebc6..e6ed5ca 100755
--- a/bin/hardening/2.25_disable_automounting.sh
+++ b/bin/hardening/2.25_disable_automounting.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SERVICE_NAME="autofs"
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/2.2_tmp_nodev.sh b/bin/hardening/2.2_tmp_nodev.sh
index 4c0ae34..b9da185 100755
--- a/bin/hardening/2.2_tmp_nodev.sh
+++ b/bin/hardening/2.2_tmp_nodev.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Quick factoring as many script use the same logic
 PARTITION="/tmp"
 OPTION="nodev"
diff --git a/bin/hardening/2.3_tmp_nosuid.sh b/bin/hardening/2.3_tmp_nosuid.sh
index c27685a..9852a05 100755
--- a/bin/hardening/2.3_tmp_nosuid.sh
+++ b/bin/hardening/2.3_tmp_nosuid.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Quick factoring as many script use the same logic
 PARTITION="/tmp"
 OPTION="nosuid"
diff --git a/bin/hardening/2.4_tmp_noexec.sh b/bin/hardening/2.4_tmp_noexec.sh
index a67ceb3..85d9e71 100755
--- a/bin/hardening/2.4_tmp_noexec.sh
+++ b/bin/hardening/2.4_tmp_noexec.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # Quick factoring as many script use the same logic
 PARTITION="/tmp"
 OPTION="noexec"
diff --git a/bin/hardening/2.5_var_partition.sh b/bin/hardening/2.5_var_partition.sh
index cefe7b6..e0cdee4 100755
--- a/bin/hardening/2.5_var_partition.sh
+++ b/bin/hardening/2.5_var_partition.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # Quick factoring as many script use the same logic
 PARTITION="/var"
 
diff --git a/bin/hardening/2.6.1_var_tmp_partition.sh b/bin/hardening/2.6.1_var_tmp_partition.sh
index d783b33..92cb896 100755
--- a/bin/hardening/2.6.1_var_tmp_partition.sh
+++ b/bin/hardening/2.6.1_var_tmp_partition.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # Quick factoring as many script use the same logic
 PARTITION="/var/tmp"
 
diff --git a/bin/hardening/2.6.2_var_tmp_nodev.sh b/bin/hardening/2.6.2_var_tmp_nodev.sh
index 017b739..ab50f90 100755
--- a/bin/hardening/2.6.2_var_tmp_nodev.sh
+++ b/bin/hardening/2.6.2_var_tmp_nodev.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Quick factoring as many script use the same logic
 PARTITION="/var/tmp"
 OPTION="nodev"
diff --git a/bin/hardening/2.6.3_var_tmp_nosuid.sh b/bin/hardening/2.6.3_var_tmp_nosuid.sh
index bb45e36..10da05e 100755
--- a/bin/hardening/2.6.3_var_tmp_nosuid.sh
+++ b/bin/hardening/2.6.3_var_tmp_nosuid.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Quick factoring as many script use the same logic
 PARTITION="/var/tmp"
 OPTION="nosuid"
diff --git a/bin/hardening/2.6.4_var_tmp_noexec.sh b/bin/hardening/2.6.4_var_tmp_noexec.sh
index 5e3ffd5..d738423 100755
--- a/bin/hardening/2.6.4_var_tmp_noexec.sh
+++ b/bin/hardening/2.6.4_var_tmp_noexec.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # Quick factoring as many script use the same logic
 PARTITION="/var/tmp"
 OPTION="noexec"
diff --git a/bin/hardening/2.7_var_log_partition.sh b/bin/hardening/2.7_var_log_partition.sh
index b03dd80..42276a4 100755
--- a/bin/hardening/2.7_var_log_partition.sh
+++ b/bin/hardening/2.7_var_log_partition.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # Quick factoring as many script use the same logic
 PARTITION="/var/log"
 
diff --git a/bin/hardening/2.8_var_log_audit_partition.sh b/bin/hardening/2.8_var_log_audit_partition.sh
index 8019643..0bddf6f 100755
--- a/bin/hardening/2.8_var_log_audit_partition.sh
+++ b/bin/hardening/2.8_var_log_audit_partition.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 # Quick factoring as many script use the same logic
 PARTITION="/var/log/audit"
 
diff --git a/bin/hardening/2.9_home_partition.sh b/bin/hardening/2.9_home_partition.sh
index df421da..106f6e8 100755
--- a/bin/hardening/2.9_home_partition.sh
+++ b/bin/hardening/2.9_home_partition.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # Quick factoring as many script use the same logic
 PARTITION="/home"
 
diff --git a/bin/hardening/3.1_bootloader_ownership.sh b/bin/hardening/3.1_bootloader_ownership.sh
index d6c8fe4..9f778b5 100755
--- a/bin/hardening/3.1_bootloader_ownership.sh
+++ b/bin/hardening/3.1_bootloader_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 # Assertion : Grub Based.
 
 FILE='/boot/grub/grub.cfg'
diff --git a/bin/hardening/3.2_bootloader_permissions.sh b/bin/hardening/3.2_bootloader_permissions.sh
index 4c48ac5..adf8f66 100755
--- a/bin/hardening/3.2_bootloader_permissions.sh
+++ b/bin/hardening/3.2_bootloader_permissions.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 # Assertion : Grub Based.
 
 FILE='/boot/grub/grub.cfg'
diff --git a/bin/hardening/3.3_bootloader_password.sh b/bin/hardening/3.3_bootloader_password.sh
index e838069..fcdea74 100755
--- a/bin/hardening/3.3_bootloader_password.sh
+++ b/bin/hardening/3.3_bootloader_password.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 FILE='/boot/grub/grub.cfg'
 USER_PATTERN="^set superusers"
 PWD_PATTERN="^password_pbkdf2"
diff --git a/bin/hardening/3.4_root_password.sh b/bin/hardening/3.4_root_password.sh
index cfca867..7b68169 100755
--- a/bin/hardening/3.4_root_password.sh
+++ b/bin/hardening/3.4_root_password.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 FILE="/etc/shadow"
 PATTERN="^root:[*\!]:"
 
diff --git a/bin/hardening/4.1_restrict_core_dumps.sh b/bin/hardening/4.1_restrict_core_dumps.sh
index 6f51aa3..246da9c 100755
--- a/bin/hardening/4.1_restrict_core_dumps.sh
+++ b/bin/hardening/4.1_restrict_core_dumps.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 LIMIT_FILE='/etc/security/limits.conf'
 LIMIT_PATTERN='^\*[[:space:]]*hard[[:space:]]*core[[:space:]]*0$'
 SYSCTL_PARAM='fs.suid_dumpable'
diff --git a/bin/hardening/4.2_enable_nx_support.sh b/bin/hardening/4.2_enable_nx_support.sh
index 00c7d62..7cda69f 100755
--- a/bin/hardening/4.2_enable_nx_support.sh
+++ b/bin/hardening/4.2_enable_nx_support.sh
@@ -11,13 +11,34 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PATTERN='NX[[:space:]]\(Execute[[:space:]]Disable\)[[:space:]]protection:[[:space:]]active'
 
+# Check if the NX bit is supported and noexec=off hasn't been asked
+nx_supported_and_enabled() {
+    if grep -q ' nx ' /proc/cpuinfo; then
+        # NX supported, but if noexec=off specified, it's not enabled
+        if grep -qi 'noexec=off' /proc/cmdline; then
+            FNRET=1 # supported but disabled
+        else
+            FNRET=0 # supported and enabled
+        fi
+    else
+        FNRET=1 # not supported
+    fi
+}
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     does_pattern_exist_in_dmesg $PATTERN
     if [ $FNRET != 0 ]; then
-        crit "$PATTERN is not present in dmesg"
+        nx_supported_and_enabled
+        if [ $FNRET != 0 ]; then
+            crit "$PATTERN is not present in dmesg and NX seems unsupported or disabled"
+        else
+            ok "NX is supported and enabled"
+        fi
     else
         ok "$PATTERN is present in dmesg"
     fi
@@ -27,7 +48,12 @@ audit () {
 apply () {
     does_pattern_exist_in_dmesg $PATTERN
     if [ $FNRET != 0 ]; then
-        crit "$PATTERN is not present in dmesg, please go to the bios to activate this option or change for CPU compatible"
+        nx_supported_and_enabled
+        if [ $FNRET != 0 ]; then
+            crit "$PATTERN is not present in dmesg and NX seems unsupported or disabled"
+        else
+            ok "NX is supported and enabled"
+        fi
     else
         ok "$PATTERN is present in dmesg"
     fi
diff --git a/bin/hardening/4.3_enable_randomized_vm_placement.sh b/bin/hardening/4.3_enable_randomized_vm_placement.sh
index 7b27c01..b183eb1 100755
--- a/bin/hardening/4.3_enable_randomized_vm_placement.sh
+++ b/bin/hardening/4.3_enable_randomized_vm_placement.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAM='kernel.randomize_va_space'
 SYSCTL_EXP_RESULT=2
 
diff --git a/bin/hardening/4.4_disable_prelink.sh b/bin/hardening/4.4_disable_prelink.sh
index b0af47a..740af73 100755
--- a/bin/hardening/4.4_disable_prelink.sh
+++ b/bin/hardening/4.4_disable_prelink.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGE='prelink'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/4.5_enable_apparmor.sh b/bin/hardening/4.5_enable_apparmor.sh
index d223209..ca18b1a 100755
--- a/bin/hardening/4.5_enable_apparmor.sh
+++ b/bin/hardening/4.5_enable_apparmor.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='apparmor'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/5.1.1_disable_nis.sh b/bin/hardening/5.1.1_disable_nis.sh
index 508914a..eca65d7 100755
--- a/bin/hardening/5.1.1_disable_nis.sh
+++ b/bin/hardening/5.1.1_disable_nis.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='nis'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/5.1.2_disable_rsh.sh b/bin/hardening/5.1.2_disable_rsh.sh
index d4bb319..58b08b5 100755
--- a/bin/hardening/5.1.2_disable_rsh.sh
+++ b/bin/hardening/5.1.2_disable_rsh.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Based on aptitude search '~Prsh-server'
 PACKAGES='rsh-server rsh-redone-server heimdal-servers'
 FILE='/etc/inetd.conf'
diff --git a/bin/hardening/5.1.3_disable_rsh_client.sh b/bin/hardening/5.1.3_disable_rsh_client.sh
index e23819d..e6da543 100755
--- a/bin/hardening/5.1.3_disable_rsh_client.sh
+++ b/bin/hardening/5.1.3_disable_rsh_client.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Based on aptitude search '~Prsh-client', exluding ssh-client OFC
 PACKAGES='rsh-client rsh-redone-client heimdal-clients'
 
diff --git a/bin/hardening/5.1.4_disable_talk.sh b/bin/hardening/5.1.4_disable_talk.sh
index ff0e07f..e052c74 100755
--- a/bin/hardening/5.1.4_disable_talk.sh
+++ b/bin/hardening/5.1.4_disable_talk.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGES='inetutils-talkd talkd'
 FILE='/etc/inetd.conf'
 PATTERN='^(talk|ntalk)'
diff --git a/bin/hardening/5.1.5_disable_talk_client.sh b/bin/hardening/5.1.5_disable_talk_client.sh
index c84bc93..12317b9 100755
--- a/bin/hardening/5.1.5_disable_talk_client.sh
+++ b/bin/hardening/5.1.5_disable_talk_client.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGES='talk inetutils-talk'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/5.1.6_disable_telnet_server.sh b/bin/hardening/5.1.6_disable_telnet_server.sh
index a7f17f5..6db2b59 100755
--- a/bin/hardening/5.1.6_disable_telnet_server.sh
+++ b/bin/hardening/5.1.6_disable_telnet_server.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Based on  aptitude search '~Ptelnet-server'
 PACKAGES='telnetd inetutils-telnetd telnetd-ssl krb5-telnetd heimdal-servers'
 FILE='/etc/inetd.conf'
diff --git a/bin/hardening/5.1.7_disable_tftp_server.sh b/bin/hardening/5.1.7_disable_tftp_server.sh
index 28c1162..9921598 100755
--- a/bin/hardening/5.1.7_disable_tftp_server.sh
+++ b/bin/hardening/5.1.7_disable_tftp_server.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGES='tftpd tftpd-hpa atftpd'
 FILE='/etc/inetd.conf'
 PATTERN='^tftp'
diff --git a/bin/hardening/5.1.8_disable_inetd.sh b/bin/hardening/5.1.8_disable_inetd.sh
index 6df8a32..f032e3e 100755
--- a/bin/hardening/5.1.8_disable_inetd.sh
+++ b/bin/hardening/5.1.8_disable_inetd.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGES='openbsd-inetd xinetd rlinetd'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/5.2_disable_chargen.sh b/bin/hardening/5.2_disable_chargen.sh
index 9da1ae5..e96d435 100755
--- a/bin/hardening/5.2_disable_chargen.sh
+++ b/bin/hardening/5.2_disable_chargen.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 FILE='/etc/inetd.conf'
 PATTERN='^chargen'
 
diff --git a/bin/hardening/5.3_disable_daytime.sh b/bin/hardening/5.3_disable_daytime.sh
index d5e0d8c..8788a06 100755
--- a/bin/hardening/5.3_disable_daytime.sh
+++ b/bin/hardening/5.3_disable_daytime.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 FILE='/etc/inetd.conf'
 PATTERN='^daytime'
 
diff --git a/bin/hardening/5.4_disable_echo.sh b/bin/hardening/5.4_disable_echo.sh
index f2b0090..f52b4dc 100755
--- a/bin/hardening/5.4_disable_echo.sh
+++ b/bin/hardening/5.4_disable_echo.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 FILE='/etc/inetd.conf'
 PATTERN='^echo'
 
diff --git a/bin/hardening/5.5_disable_discard.sh b/bin/hardening/5.5_disable_discard.sh
index 9b2076c..254c6a7 100755
--- a/bin/hardening/5.5_disable_discard.sh
+++ b/bin/hardening/5.5_disable_discard.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 FILE='/etc/inetd.conf'
 PATTERN='^discard'
 
diff --git a/bin/hardening/5.6_disable_time.sh b/bin/hardening/5.6_disable_time.sh
index 5e0b6fc..a7075db 100755
--- a/bin/hardening/5.6_disable_time.sh
+++ b/bin/hardening/5.6_disable_time.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 FILE='/etc/inetd.conf'
 PATTERN='^time'
 
diff --git a/bin/hardening/6.10_disable_http_server.sh b/bin/hardening/6.10_disable_http_server.sh
index 8650019..f0ca53c 100755
--- a/bin/hardening/6.10_disable_http_server.sh
+++ b/bin/hardening/6.10_disable_http_server.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=http
+
 # Based on aptitude search '~Phttpd'
 PACKAGES='nginx apache2 lighttpd micro-httpd mini-httpd yaws boa bozohttpd'
 
diff --git a/bin/hardening/6.11_disable_imap_pop.sh b/bin/hardening/6.11_disable_imap_pop.sh
index c796ebe..a78b98f 100755
--- a/bin/hardening/6.11_disable_imap_pop.sh
+++ b/bin/hardening/6.11_disable_imap_pop.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=mail
+
 # Based on aptitude search '~Pimap-server' and  aptitude search '~Ppop3-server'
 PACKAGES='citadel-server courier-imap cyrus-imapd-2.4 dovecot-imapd mailutils-imap4d courier-pop cyrus-pop3d-2.4 dovecot-pop3d heimdal-servers mailutils-pop3d popa3d solid-pop3d xmail'
 
diff --git a/bin/hardening/6.12_disable_samba.sh b/bin/hardening/6.12_disable_samba.sh
index 60310bd..1ff4825 100755
--- a/bin/hardening/6.12_disable_samba.sh
+++ b/bin/hardening/6.12_disable_samba.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=samba
+
 PACKAGES='samba'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/6.13_disable_http_proxy.sh b/bin/hardening/6.13_disable_http_proxy.sh
index 6765032..654a596 100755
--- a/bin/hardening/6.13_disable_http_proxy.sh
+++ b/bin/hardening/6.13_disable_http_proxy.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=http
+
 PACKAGES='squid3 squid'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/6.14_disable_snmp_server.sh b/bin/hardening/6.14_disable_snmp_server.sh
index 78ec3a6..80a1d40 100755
--- a/bin/hardening/6.14_disable_snmp_server.sh
+++ b/bin/hardening/6.14_disable_snmp_server.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=snmp
+
 PACKAGES='snmpd'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/6.15_mta_localhost.sh b/bin/hardening/6.15_mta_localhost.sh
index 732bcf7..f44800a 100755
--- a/bin/hardening/6.15_mta_localhost.sh
+++ b/bin/hardening/6.15_mta_localhost.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=mail
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Checking netport ports opened"
diff --git a/bin/hardening/6.16_disable_rsync.sh b/bin/hardening/6.16_disable_rsync.sh
index 735d689..72645d7 100755
--- a/bin/hardening/6.16_disable_rsync.sh
+++ b/bin/hardening/6.16_disable_rsync.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=rsync
+
 PACKAGE='rsync'
 RSYNC_DEFAULT_PATTERN='RSYNC_ENABLE=false'
 RSYNC_DEFAULT_FILE='/etc/default/rsync'
diff --git a/bin/hardening/6.1_disable_xwindow_system.sh b/bin/hardening/6.1_disable_xwindow_system.sh
index 28a1e47..1d6e339 100755
--- a/bin/hardening/6.1_disable_xwindow_system.sh
+++ b/bin/hardening/6.1_disable_xwindow_system.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=x11
+
 # Based on aptitude search '~Pxserver'
 PACKAGES='xserver-xorg-core xserver-xorg-core-dbg xserver-common xserver-xephyr xserver-xfbdev tightvncserver vnc4server fglrx-driver xvfb xserver-xorg-video-nvidia-legacy-173xx xserver-xorg-video-nvidia-legacy-96xx xnest'
 
diff --git a/bin/hardening/6.2_disable_avahi_server.sh b/bin/hardening/6.2_disable_avahi_server.sh
index 23d7859..cdde0b2 100755
--- a/bin/hardening/6.2_disable_avahi_server.sh
+++ b/bin/hardening/6.2_disable_avahi_server.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGES='avahi-daemon libavahi-common-data libavahi-common3 libavahi-core7'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/6.3_disable_print_server.sh b/bin/hardening/6.3_disable_print_server.sh
index 340d7e5..f08321b 100755
--- a/bin/hardening/6.3_disable_print_server.sh
+++ b/bin/hardening/6.3_disable_print_server.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=cups
+
 PACKAGES='libcups2 libcupscgi1 libcupsimage2 libcupsmime1 libcupsppdc1 cups-common cups-client cups-ppdc libcupsfilters1 cups-filters cups'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/6.4_disable_dhcp.sh b/bin/hardening/6.4_disable_dhcp.sh
index 5092b72..b0e48bf 100755
--- a/bin/hardening/6.4_disable_dhcp.sh
+++ b/bin/hardening/6.4_disable_dhcp.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=dhcp
+
 PACKAGES='udhcpd isc-dhcp-server'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/6.5_configure_ntp.sh b/bin/hardening/6.5_configure_ntp.sh
index 8f18af6..aeb2504 100755
--- a/bin/hardening/6.5_configure_ntp.sh
+++ b/bin/hardening/6.5_configure_ntp.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=ntp
+
 PACKAGE='ntp'
 NTP_CONF_DEFAULT_PATTERN='^restrict -4 default (kod nomodify notrap nopeer noquery|ignore)'
 NTP_CONF_FILE='/etc/ntp.conf'
diff --git a/bin/hardening/6.6_disable_ldap.sh b/bin/hardening/6.6_disable_ldap.sh
index 06faa63..b811c62 100755
--- a/bin/hardening/6.6_disable_ldap.sh
+++ b/bin/hardening/6.6_disable_ldap.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=ldap
+
 PACKAGES='slapd'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/6.7_disable_nfs_rpc.sh b/bin/hardening/6.7_disable_nfs_rpc.sh
index cf78f7d..b43f9ff 100755
--- a/bin/hardening/6.7_disable_nfs_rpc.sh
+++ b/bin/hardening/6.7_disable_nfs_rpc.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=nfs
+
 PACKAGES='rpcbind nfs-kernel-server'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/6.8_disable_dns_server.sh b/bin/hardening/6.8_disable_dns_server.sh
index 15f00aa..856f5db 100755
--- a/bin/hardening/6.8_disable_dns_server.sh
+++ b/bin/hardening/6.8_disable_dns_server.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=dns
+
 PACKAGES='bind9 unbound'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/6.9_disable_ftp.sh b/bin/hardening/6.9_disable_ftp.sh
index f8159b2..7a429fc 100755
--- a/bin/hardening/6.9_disable_ftp.sh
+++ b/bin/hardening/6.9_disable_ftp.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=ftp
+
 # Based on aptitude search '~Pftp-server'
 PACKAGES='ftpd ftpd-ssl heimdal-servers inetutils-ftpd krb5-ftpd muddleftpd proftpd-basic pure-ftpd pure-ftpd-ldap pure-ftpd-mysql pure-ftpd-postgresql twoftpd-run vsftpd wzdftpd'
 
diff --git a/bin/hardening/7.1.1_disable_ip_forwarding.sh b/bin/hardening/7.1.1_disable_ip_forwarding.sh
index e0c5248..8022ba1 100755
--- a/bin/hardening/7.1.1_disable_ip_forwarding.sh
+++ b/bin/hardening/7.1.1_disable_ip_forwarding.sh
@@ -11,6 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+HARDENING_EXCEPTION=gw
+
 SYSCTL_PARAM='net.ipv4.ip_forward'
 SYSCTL_EXP_RESULT=0
 
diff --git a/bin/hardening/7.1.2_disable_send_packet_redirects.sh b/bin/hardening/7.1.2_disable_send_packet_redirects.sh
index 511eb13..4892bde 100755
--- a/bin/hardening/7.1.2_disable_send_packet_redirects.sh
+++ b/bin/hardening/7.1.2_disable_send_packet_redirects.sh
@@ -10,6 +10,9 @@
 
 set -e # One error, it's over
 set -u # One variable unset, it's over
+
+HARDENING_LEVEL=2
+
 #net.ipv4.conf.all.send_redirects = 0
 #net.ipv4.conf.default.send_redirects = 0
 SYSCTL_PARAMS='net.ipv4.conf.all.send_redirects=0 net.ipv4.conf.default.send_redirects=0'
diff --git a/bin/hardening/7.2.1_disable_source_routed_packets.sh b/bin/hardening/7.2.1_disable_source_routed_packets.sh
index b527449..74f0e32 100755
--- a/bin/hardening/7.2.1_disable_source_routed_packets.sh
+++ b/bin/hardening/7.2.1_disable_source_routed_packets.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAMS='net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.2.2_disable_icmp_redirect.sh b/bin/hardening/7.2.2_disable_icmp_redirect.sh
index c191211..06b424c 100755
--- a/bin/hardening/7.2.2_disable_icmp_redirect.sh
+++ b/bin/hardening/7.2.2_disable_icmp_redirect.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAMS='net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.2.3_disable_secure_icmp_redirect.sh b/bin/hardening/7.2.3_disable_secure_icmp_redirect.sh
index aa684f4..c0036fc 100755
--- a/bin/hardening/7.2.3_disable_secure_icmp_redirect.sh
+++ b/bin/hardening/7.2.3_disable_secure_icmp_redirect.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAMS='net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure_redirects=0'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.2.4_log_martian_packets.sh b/bin/hardening/7.2.4_log_martian_packets.sh
index 30880b4..7dc017d 100755
--- a/bin/hardening/7.2.4_log_martian_packets.sh
+++ b/bin/hardening/7.2.4_log_martian_packets.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAMS='net.ipv4.conf.all.log_martians=1 net.ipv4.conf.default.log_martians=1'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.2.5_ignore_broadcast_requests.sh b/bin/hardening/7.2.5_ignore_broadcast_requests.sh
index 9422dbb..35e92c8 100755
--- a/bin/hardening/7.2.5_ignore_broadcast_requests.sh
+++ b/bin/hardening/7.2.5_ignore_broadcast_requests.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAMS='net.ipv4.icmp_echo_ignore_broadcasts=1'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.2.6_enable_bad_error_message_protection.sh b/bin/hardening/7.2.6_enable_bad_error_message_protection.sh
index ad7ddcc..c9861cc 100755
--- a/bin/hardening/7.2.6_enable_bad_error_message_protection.sh
+++ b/bin/hardening/7.2.6_enable_bad_error_message_protection.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAMS='net.ipv4.icmp_ignore_bogus_error_responses=1'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.2.7_enable_source_route_validation.sh b/bin/hardening/7.2.7_enable_source_route_validation.sh
index 8710e4a..8ecdc1b 100755
--- a/bin/hardening/7.2.7_enable_source_route_validation.sh
+++ b/bin/hardening/7.2.7_enable_source_route_validation.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAMS='net.ipv4.conf.all.rp_filter=1 net.ipv4.conf.default.rp_filter=1'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.2.8_enable_tcp_syn_cookies.sh b/bin/hardening/7.2.8_enable_tcp_syn_cookies.sh
index ed4ec2e..3dd8a28 100755
--- a/bin/hardening/7.2.8_enable_tcp_syn_cookies.sh
+++ b/bin/hardening/7.2.8_enable_tcp_syn_cookies.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAMS='net.ipv4.tcp_syncookies=1'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh b/bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh
index 4a26a96..b7a1d6e 100755
--- a/bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh
+++ b/bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAMS='net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.3.2_disable_ipv6_redirect.sh b/bin/hardening/7.3.2_disable_ipv6_redirect.sh
index d45c39a..31a330e 100755
--- a/bin/hardening/7.3.2_disable_ipv6_redirect.sh
+++ b/bin/hardening/7.3.2_disable_ipv6_redirect.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAMS='net.ipv6.conf.all.accept_redirects=0 net.ipv6.conf.default.accept_redirects=0'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.3.3_disable_ipv6.sh b/bin/hardening/7.3.3_disable_ipv6.sh
index 03206d2..d0bf7b5 100755
--- a/bin/hardening/7.3.3_disable_ipv6.sh
+++ b/bin/hardening/7.3.3_disable_ipv6.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 SYSCTL_PARAMS='net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6=1'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.4.1_install_tcp_wrapper.sh b/bin/hardening/7.4.1_install_tcp_wrapper.sh
index 33177bc..9c9b5b8 100755
--- a/bin/hardening/7.4.1_install_tcp_wrapper.sh
+++ b/bin/hardening/7.4.1_install_tcp_wrapper.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='tcpd'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.4.2_hosts_allow.sh b/bin/hardening/7.4.2_hosts_allow.sh
index 9fd3ae7..bdda7b3 100755
--- a/bin/hardening/7.4.2_hosts_allow.sh
+++ b/bin/hardening/7.4.2_hosts_allow.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 FILE='/etc/hosts.allow'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/7.4.3_hosts_allow_permissions.sh b/bin/hardening/7.4.3_hosts_allow_permissions.sh
index 8eca275..edf5fb0 100755
--- a/bin/hardening/7.4.3_hosts_allow_permissions.sh
+++ b/bin/hardening/7.4.3_hosts_allow_permissions.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 FILE='/etc/hosts.allow'
 PERMISSIONS='644'
 
diff --git a/bin/hardening/7.4.4_hosts_deny.sh b/bin/hardening/7.4.4_hosts_deny.sh
index 91f074d..c4129ca 100755
--- a/bin/hardening/7.4.4_hosts_deny.sh
+++ b/bin/hardening/7.4.4_hosts_deny.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 FILE='/etc/hosts.deny'
 PATTERN='ALL: ALL'
 
diff --git a/bin/hardening/7.4.5_hosts_deny_permissions.sh b/bin/hardening/7.4.5_hosts_deny_permissions.sh
index 118803d..0e8ab2c 100755
--- a/bin/hardening/7.4.5_hosts_deny_permissions.sh
+++ b/bin/hardening/7.4.5_hosts_deny_permissions.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 FILE='/etc/hosts.deny'
 PERMISSIONS='644'
 
diff --git a/bin/hardening/7.5.1_disable_dccp.sh b/bin/hardening/7.5.1_disable_dccp.sh
index 283c430..54c1853 100755
--- a/bin/hardening/7.5.1_disable_dccp.sh
+++ b/bin/hardening/7.5.1_disable_dccp.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Not implemented yet"
diff --git a/bin/hardening/7.5.2_disable_sctp.sh b/bin/hardening/7.5.2_disable_sctp.sh
index 3de599b..e22d5cd 100755
--- a/bin/hardening/7.5.2_disable_sctp.sh
+++ b/bin/hardening/7.5.2_disable_sctp.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Not implemented yet"
diff --git a/bin/hardening/7.5.3_disable_rds.sh b/bin/hardening/7.5.3_disable_rds.sh
index 50876d2..65f043d 100755
--- a/bin/hardening/7.5.3_disable_rds.sh
+++ b/bin/hardening/7.5.3_disable_rds.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Not implemented yet"
diff --git a/bin/hardening/7.5.4_disable_tipc.sh b/bin/hardening/7.5.4_disable_tipc.sh
index 89ea080..479e448 100755
--- a/bin/hardening/7.5.4_disable_tipc.sh
+++ b/bin/hardening/7.5.4_disable_tipc.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Not implemented yet"
diff --git a/bin/hardening/7.6_disable_wireless.sh b/bin/hardening/7.6_disable_wireless.sh
index 785a14f..fda6894 100755
--- a/bin/hardening/7.6_disable_wireless.sh
+++ b/bin/hardening/7.6_disable_wireless.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Not implemented yet"
diff --git a/bin/hardening/7.7_enable_firewall.sh b/bin/hardening/7.7_enable_firewall.sh
index ac27ecc..c6131e6 100755
--- a/bin/hardening/7.7_enable_firewall.sh
+++ b/bin/hardening/7.7_enable_firewall.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 # Quick note here : CIS recommends your iptables rules to be persistent. 
 # Do as you want, but this script does not handle this
 
diff --git a/bin/hardening/8.0_enable_auditd_kernel.sh b/bin/hardening/8.0_enable_auditd_kernel.sh
index 8daed6b..8739aa2 100755
--- a/bin/hardening/8.0_enable_auditd_kernel.sh
+++ b/bin/hardening/8.0_enable_auditd_kernel.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 # Note : Not part of the CIS guide, but what's the point of configuring software not compatible with your kernel? :)
 
 KERNEL_OPTION="CONFIG_AUDIT"
diff --git a/bin/hardening/8.1.1.1_audit_log_storage.sh b/bin/hardening/8.1.1.1_audit_log_storage.sh
index 6b4515e..77b7813 100755
--- a/bin/hardening/8.1.1.1_audit_log_storage.sh
+++ b/bin/hardening/8.1.1.1_audit_log_storage.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 FILE='/etc/audit/auditd.conf'
 PATTERN='max_log_file'
 VALUE=5
diff --git a/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh b/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh
index 9149943..48ca617 100755
--- a/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh
+++ b/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 FILE='/etc/audit/auditd.conf'
 OPTIONS='space_left_action=email action_mail_acct=root admin_space_left_action=halt'
 
diff --git a/bin/hardening/8.1.1.3_keep_all_audit_logs.sh b/bin/hardening/8.1.1.3_keep_all_audit_logs.sh
index 6af3101..c1fe614 100755
--- a/bin/hardening/8.1.1.3_keep_all_audit_logs.sh
+++ b/bin/hardening/8.1.1.3_keep_all_audit_logs.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 FILE='/etc/audit/auditd.conf'
 OPTIONS='max_log_file_action=keep_logs'
 
diff --git a/bin/hardening/8.1.10_record_dac_edit.sh b/bin/hardening/8.1.10_record_dac_edit.sh
index d63e8ac..6aae374 100755
--- a/bin/hardening/8.1.10_record_dac_edit.sh
+++ b/bin/hardening/8.1.10_record_dac_edit.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod
 -a always,exit -F arch=b32 -S chmod -S fchmod -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod
 -a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod
diff --git a/bin/hardening/8.1.11_record_failed_access_file.sh b/bin/hardening/8.1.11_record_failed_access_file.sh
index 458e26e..7bda7c9 100755
--- a/bin/hardening/8.1.11_record_failed_access_file.sh
+++ b/bin/hardening/8.1.11_record_failed_access_file.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access
 -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access
 -a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access
diff --git a/bin/hardening/8.1.12_record_privileged_commands.sh b/bin/hardening/8.1.12_record_privileged_commands.sh
index d1a042a..1bbf4e5 100755
--- a/bin/hardening/8.1.12_record_privileged_commands.sh
+++ b/bin/hardening/8.1.12_record_privileged_commands.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 # Find all files with setuid or setgid set
 AUDIT_PARAMS=$(find / -xdev \( -perm -4000 -o -perm -2000 \) -type f | awk '{print \
 "-a always,exit -F path=" $1 " -F perm=x -F auid>=1000 -F auid!=4294967295 \
diff --git a/bin/hardening/8.1.13_record_successful_mount.sh b/bin/hardening/8.1.13_record_successful_mount.sh
index c3e4ff7..8f5826a 100755
--- a/bin/hardening/8.1.13_record_successful_mount.sh
+++ b/bin/hardening/8.1.13_record_successful_mount.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k mounts
 -a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=4294967295 -k mounts'
 FILE='/etc/audit/audit.rules'
diff --git a/bin/hardening/8.1.14_record_file_deletions.sh b/bin/hardening/8.1.14_record_file_deletions.sh
index 1488d99..6b5c476 100755
--- a/bin/hardening/8.1.14_record_file_deletions.sh
+++ b/bin/hardening/8.1.14_record_file_deletions.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete
 -a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete'
 FILE='/etc/audit/audit.rules'
diff --git a/bin/hardening/8.1.15_record_sudoers_edit.sh b/bin/hardening/8.1.15_record_sudoers_edit.sh
index f8740b3..64c1cb5 100755
--- a/bin/hardening/8.1.15_record_sudoers_edit.sh
+++ b/bin/hardening/8.1.15_record_sudoers_edit.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-w /etc/sudoers -p wa -k sudoers
 -w /etc/sudoers.d/ -p wa -k sudoers'
 FILE='/etc/audit/audit.rules'
diff --git a/bin/hardening/8.1.16_record_sudo_usage.sh b/bin/hardening/8.1.16_record_sudo_usage.sh
index c164727..b0e8a74 100755
--- a/bin/hardening/8.1.16_record_sudo_usage.sh
+++ b/bin/hardening/8.1.16_record_sudo_usage.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-w /var/log/auth.log -p wa -k sudoaction'
 FILE='/etc/audit/audit.rules'
 
diff --git a/bin/hardening/8.1.17_record_kernel_modules.sh b/bin/hardening/8.1.17_record_kernel_modules.sh
index 2904209..f4500c3 100755
--- a/bin/hardening/8.1.17_record_kernel_modules.sh
+++ b/bin/hardening/8.1.17_record_kernel_modules.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-w /sbin/insmod -p x -k modules 
 -w /sbin/rmmod -p x -k modules
 -w /sbin/modprobe -p x -k modules
diff --git a/bin/hardening/8.1.18_freeze_auditd_conf.sh b/bin/hardening/8.1.18_freeze_auditd_conf.sh
index 0a3df10..4fa408e 100755
--- a/bin/hardening/8.1.18_freeze_auditd_conf.sh
+++ b/bin/hardening/8.1.18_freeze_auditd_conf.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-e 2'
 FILE='/etc/audit/audit.rules'
 
diff --git a/bin/hardening/8.1.2_enable_auditd.sh b/bin/hardening/8.1.2_enable_auditd.sh
index 1c01bf9..50926b7 100755
--- a/bin/hardening/8.1.2_enable_auditd.sh
+++ b/bin/hardening/8.1.2_enable_auditd.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 PACKAGE='auditd'
 SERVICE_NAME='auditd'
 
diff --git a/bin/hardening/8.1.3_audit_bootloader.sh b/bin/hardening/8.1.3_audit_bootloader.sh
index b5a7518..d1ef1e9 100755
--- a/bin/hardening/8.1.3_audit_bootloader.sh
+++ b/bin/hardening/8.1.3_audit_bootloader.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 FILE='/etc/default/grub'
 OPTIONS='GRUB_CMDLINE_LINUX="audit=1"'
 
diff --git a/bin/hardening/8.1.4_record_date_time_edit.sh b/bin/hardening/8.1.4_record_date_time_edit.sh
index e5d62f9..113777f 100755
--- a/bin/hardening/8.1.4_record_date_time_edit.sh
+++ b/bin/hardening/8.1.4_record_date_time_edit.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change
 -a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change
 -a always,exit -F arch=b64 -S clock_settime -k time-change
diff --git a/bin/hardening/8.1.5_record_user_group_edit.sh b/bin/hardening/8.1.5_record_user_group_edit.sh
index ffbfea5..46d6adf 100755
--- a/bin/hardening/8.1.5_record_user_group_edit.sh
+++ b/bin/hardening/8.1.5_record_user_group_edit.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-w /etc/group -p wa -k identity
 -w /etc/passwd -p wa -k identity
 -w /etc/gshadow -p wa -k identity
diff --git a/bin/hardening/8.1.6_record_network_edit.sh b/bin/hardening/8.1.6_record_network_edit.sh
index e8d8a1d..0d3583e 100755
--- a/bin/hardening/8.1.6_record_network_edit.sh
+++ b/bin/hardening/8.1.6_record_network_edit.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-a exit,always -F arch=b64 -S sethostname -S setdomainname -k system-locale
 -a exit,always -F arch=b32 -S sethostname -S setdomainname -k system-locale
 -w /etc/issue -p wa -k system-locale
diff --git a/bin/hardening/8.1.7_record_mac_edit.sh b/bin/hardening/8.1.7_record_mac_edit.sh
index 9c194f5..4fa59a4 100755
--- a/bin/hardening/8.1.7_record_mac_edit.sh
+++ b/bin/hardening/8.1.7_record_mac_edit.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-w /etc/selinux/ -p wa -k MAC-policy'
 FILE='/etc/audit/audit.rules'
 
diff --git a/bin/hardening/8.1.8_record_login_logout.sh b/bin/hardening/8.1.8_record_login_logout.sh
index 95dea18..70572f4 100755
--- a/bin/hardening/8.1.8_record_login_logout.sh
+++ b/bin/hardening/8.1.8_record_login_logout.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-w /var/log/faillog -p wa -k logins
 -w /var/log/lastlog -p wa -k logins
 -w /var/log/tallylog -p wa -k logins'
diff --git a/bin/hardening/8.1.9_record_session_init.sh b/bin/hardening/8.1.9_record_session_init.sh
index 8fa6a01..e3774d1 100755
--- a/bin/hardening/8.1.9_record_session_init.sh
+++ b/bin/hardening/8.1.9_record_session_init.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 AUDIT_PARAMS='-w /var/run/utmp -p wa -k session
 -w /var/log/wtmp -p wa -k session
 -w /var/log/btmp -p wa -k session'
diff --git a/bin/hardening/8.2.1_install_syslog-ng.sh b/bin/hardening/8.2.1_install_syslog-ng.sh
index 53a4438..03b41a9 100755
--- a/bin/hardening/8.2.1_install_syslog-ng.sh
+++ b/bin/hardening/8.2.1_install_syslog-ng.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # NB : in CIS, rsyslog has been chosen, however we chose syslog-ng
 PACKAGE='syslog-ng'
 
diff --git a/bin/hardening/8.2.2_enable_syslog-ng.sh b/bin/hardening/8.2.2_enable_syslog-ng.sh
index b59170c..930eefa 100755
--- a/bin/hardening/8.2.2_enable_syslog-ng.sh
+++ b/bin/hardening/8.2.2_enable_syslog-ng.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 SERVICE_NAME="syslog-ng"
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/8.2.3_configure_syslog-ng.sh b/bin/hardening/8.2.3_configure_syslog-ng.sh
index f57561f..d7ebffa 100755
--- a/bin/hardening/8.2.3_configure_syslog-ng.sh
+++ b/bin/hardening/8.2.3_configure_syslog-ng.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 SERVICE_NAME="syslog-ng"
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/8.2.4_set_logfile_perm.sh b/bin/hardening/8.2.4_set_logfile_perm.sh
index 58453d1..8796eba 100755
--- a/bin/hardening/8.2.4_set_logfile_perm.sh
+++ b/bin/hardening/8.2.4_set_logfile_perm.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PERMISSIONS='640'
 USER='root'
 GROUP='adm'
@@ -64,6 +66,14 @@ apply () {
     done
 }
 
+# This function will create the config file for this check with default values
+create_config() {
+    cat <<EOF
+status=disabled
+SYSLOG_BASEDIR='/etc/syslog-ng'
+EOF
+}
+
 # This function will check config parameters required
 check_config() {
     does_user_exist $USER
diff --git a/bin/hardening/8.2.5_syslog-ng_remote_host.sh b/bin/hardening/8.2.5_syslog-ng_remote_host.sh
index 7ce088d..4305cf6 100755
--- a/bin/hardening/8.2.5_syslog-ng_remote_host.sh
+++ b/bin/hardening/8.2.5_syslog-ng_remote_host.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PATTERN='^destination.*(tcp|udp)[[:space:]]*\([[:space:]]*\".*\"[[:space:]]*\)'
 
 # This function will be called if the script status is on enabled / audit mode
@@ -35,6 +37,14 @@ apply () {
     fi
 }
 
+# This function will create the config file for this check with default values
+create_config() {
+    cat <<EOF
+status=disabled
+SYSLOG_BASEDIR='/etc/syslog-ng'
+EOF
+}
+
 # This function will check config parameters required
 check_config() {
     :    
diff --git a/bin/hardening/8.2.6_remote_syslog-ng_acl.sh b/bin/hardening/8.2.6_remote_syslog-ng_acl.sh
index a14be18..eb322b4 100755
--- a/bin/hardening/8.2.6_remote_syslog-ng_acl.sh
+++ b/bin/hardening/8.2.6_remote_syslog-ng_acl.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     info "Not implemented yet"
diff --git a/bin/hardening/8.3.1_install_tripwire.sh b/bin/hardening/8.3.1_install_tripwire.sh
index 3ee8266..60d24c1 100755
--- a/bin/hardening/8.3.1_install_tripwire.sh
+++ b/bin/hardening/8.3.1_install_tripwire.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 # NB : in CIS, AIDE has been chosen, however we chose tripwire
 PACKAGE='tripwire'
 
diff --git a/bin/hardening/8.3.2_tripwire_cron.sh b/bin/hardening/8.3.2_tripwire_cron.sh
index 5f23c87..45097c1 100755
--- a/bin/hardening/8.3.2_tripwire_cron.sh
+++ b/bin/hardening/8.3.2_tripwire_cron.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=4
+
 FILES='/etc/crontab /etc/cron.d/*'
 PATTERN='tripwire --check'
 
diff --git a/bin/hardening/8.4_configure_logrotate.sh b/bin/hardening/8.4_configure_logrotate.sh
index 9da2150..48a31e6 100755
--- a/bin/hardening/8.4_configure_logrotate.sh
+++ b/bin/hardening/8.4_configure_logrotate.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 SERVICE_NAME="syslog-ng"
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/9.1.1_enable_cron.sh b/bin/hardening/9.1.1_enable_cron.sh
index b8a3765..e14aeac 100755
--- a/bin/hardening/9.1.1_enable_cron.sh
+++ b/bin/hardening/9.1.1_enable_cron.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE="cron"
 SERVICE_NAME="cron"
 
diff --git a/bin/hardening/9.1.2_crontab_perm_ownership.sh b/bin/hardening/9.1.2_crontab_perm_ownership.sh
index 89920b4..c23e2c5 100755
--- a/bin/hardening/9.1.2_crontab_perm_ownership.sh
+++ b/bin/hardening/9.1.2_crontab_perm_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/crontab'
 PERMISSIONS='600'
 USER='root'
diff --git a/bin/hardening/9.1.3_cron_hourly_perm_ownership.sh b/bin/hardening/9.1.3_cron_hourly_perm_ownership.sh
index 2be5456..956816e 100755
--- a/bin/hardening/9.1.3_cron_hourly_perm_ownership.sh
+++ b/bin/hardening/9.1.3_cron_hourly_perm_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/cron.hourly'
 PERMISSIONS='700'
 USER='root'
diff --git a/bin/hardening/9.1.4_cron_daily_perm_ownership.sh b/bin/hardening/9.1.4_cron_daily_perm_ownership.sh
index e9e7313..bb1281f 100755
--- a/bin/hardening/9.1.4_cron_daily_perm_ownership.sh
+++ b/bin/hardening/9.1.4_cron_daily_perm_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/cron.daily'
 PERMISSIONS='700'
 USER='root'
diff --git a/bin/hardening/9.1.5_cron_weekly_perm_ownership.sh b/bin/hardening/9.1.5_cron_weekly_perm_ownership.sh
index 6c4fc91..c04e033 100755
--- a/bin/hardening/9.1.5_cron_weekly_perm_ownership.sh
+++ b/bin/hardening/9.1.5_cron_weekly_perm_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/cron.weekly'
 PERMISSIONS='700'
 USER='root'
diff --git a/bin/hardening/9.1.6_cron_monthly_perm_ownership.sh b/bin/hardening/9.1.6_cron_monthly_perm_ownership.sh
index 596f7e8..27c8828 100755
--- a/bin/hardening/9.1.6_cron_monthly_perm_ownership.sh
+++ b/bin/hardening/9.1.6_cron_monthly_perm_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/cron.monthly'
 PERMISSIONS='700'
 USER='root'
diff --git a/bin/hardening/9.1.7_cron_d_perm_ownership.sh b/bin/hardening/9.1.7_cron_d_perm_ownership.sh
index d259c21..e00609b 100755
--- a/bin/hardening/9.1.7_cron_d_perm_ownership.sh
+++ b/bin/hardening/9.1.7_cron_d_perm_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/cron.d'
 PERMISSIONS='700'
 USER='root'
diff --git a/bin/hardening/9.1.8_cron_users.sh b/bin/hardening/9.1.8_cron_users.sh
index 27bd013..fd9dec2 100755
--- a/bin/hardening/9.1.8_cron_users.sh
+++ b/bin/hardening/9.1.8_cron_users.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 FILES_ABSENT='/etc/cron.deny /etc/at.deny'
 FILES_PRESENT='/etc/cron.allow /etc/at.allow'
 PERMISSIONS='644'
diff --git a/bin/hardening/9.2.1_enable_cracklib.sh b/bin/hardening/9.2.1_enable_cracklib.sh
index 0dfff17..c527321 100755
--- a/bin/hardening/9.2.1_enable_cracklib.sh
+++ b/bin/hardening/9.2.1_enable_cracklib.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGE='libpam-cracklib'
 PATTERN='^password.*pam_cracklib.so'
 FILE='/etc/pam.d/common-password'
diff --git a/bin/hardening/9.2.2_enable_lockout_failed_password.sh b/bin/hardening/9.2.2_enable_lockout_failed_password.sh
index cb6bdd8..f9050e8 100755
--- a/bin/hardening/9.2.2_enable_lockout_failed_password.sh
+++ b/bin/hardening/9.2.2_enable_lockout_failed_password.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='libpam-modules-bin'
 PATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally[2]?.so'
 FILE='/etc/pam.d/login'
diff --git a/bin/hardening/9.2.3_limit_password_reuse.sh b/bin/hardening/9.2.3_limit_password_reuse.sh
index 884b614..f1fb1f0 100755
--- a/bin/hardening/9.2.3_limit_password_reuse.sh
+++ b/bin/hardening/9.2.3_limit_password_reuse.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='libpam-modules'
 PATTERN='^password.*remember'
 FILE='/etc/pam.d/common-password'
diff --git a/bin/hardening/9.3.10_disable_sshd_setenv.sh b/bin/hardening/9.3.10_disable_sshd_setenv.sh
index 3cfe13e..920752d 100755
--- a/bin/hardening/9.3.10_disable_sshd_setenv.sh
+++ b/bin/hardening/9.3.10_disable_sshd_setenv.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGE='openssh-server'
 OPTIONS='PermitUserEnvironment=no'
 FILE='/etc/ssh/sshd_config'
diff --git a/bin/hardening/9.3.11_sshd_ciphers.sh b/bin/hardening/9.3.11_sshd_ciphers.sh
index d05a84e..c521cc0 100755
--- a/bin/hardening/9.3.11_sshd_ciphers.sh
+++ b/bin/hardening/9.3.11_sshd_ciphers.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGE='openssh-server'
 OPTIONS='Ciphers=aes128-ctr,aes192-ctr,aes256-ctr'
 FILE='/etc/ssh/sshd_config'
diff --git a/bin/hardening/9.3.12_sshd_idle_timeout.sh b/bin/hardening/9.3.12_sshd_idle_timeout.sh
index d00d934..0faa949 100755
--- a/bin/hardening/9.3.12_sshd_idle_timeout.sh
+++ b/bin/hardening/9.3.12_sshd_idle_timeout.sh
@@ -6,11 +6,14 @@
 
 #
 # 9.3.12 Set Idle Timeout Interval for User Login (Scored)
+# FIXME: the implementation of this script doesn't do what it says
 #
 
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='openssh-server'
 FILE='/etc/ssh/sshd_config'
 
@@ -66,6 +69,16 @@ apply () {
     done
 }
 
+# This function will create the config file for this check with default values
+create_config() {
+    cat <<EOF
+status=disabled
+# In seconds, value of ClientAliveInterval, ClientAliveCountMax bedoing set to 0
+# Settles sshd idle timeout
+SSHD_TIMEOUT=900
+EOF
+}
+
 # This function will check config parameters required
 check_config() {
     if [ -z $SSHD_TIMEOUT ]; then
diff --git a/bin/hardening/9.3.13_sshd_limit_access.sh b/bin/hardening/9.3.13_sshd_limit_access.sh
index 6c7aa99..6610449 100755
--- a/bin/hardening/9.3.13_sshd_limit_access.sh
+++ b/bin/hardening/9.3.13_sshd_limit_access.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='openssh-server'
 FILE='/etc/ssh/sshd_config'
 
@@ -68,6 +70,19 @@ apply () {
     done
 }
 
+# This function will create the config file for this check with default values
+create_config() {
+    cat <<EOF
+status=disabled
+# Put here ssh user hardening list, there is a default in script to not break your configuration
+# However, it can erase current configuration
+ALLOWED_USERS=''
+ALLOWED_GROUPS=''
+DENIED_USERS=''
+DENIED_GROUPS=''
+EOF
+}
+
 # This function will check config parameters required
 check_config() {
     if [ -z $ALLOWED_USERS ]; then
diff --git a/bin/hardening/9.3.14_ssh_banner.sh b/bin/hardening/9.3.14_ssh_banner.sh
index 54d4fc2..cda4516 100755
--- a/bin/hardening/9.3.14_ssh_banner.sh
+++ b/bin/hardening/9.3.14_ssh_banner.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='openssh-server'
 FILE='/etc/ssh/sshd_config'
 
@@ -64,6 +66,15 @@ apply () {
     done
 }
 
+# This function will create the config file for this check with default values
+create_config() {
+    cat <<EOF
+status=disabled
+# Put here banner file, defaults to /etc/issue.net
+BANNER_FILE=""
+EOF
+}
+
 # This function will check config parameters required
 check_config() {
     if [ -z $BANNER_FILE ]; then
diff --git a/bin/hardening/9.3.1_sshd_protocol.sh b/bin/hardening/9.3.1_sshd_protocol.sh
index 58ffb3b..7b63d02 100755
--- a/bin/hardening/9.3.1_sshd_protocol.sh
+++ b/bin/hardening/9.3.1_sshd_protocol.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGE='openssh-server'
 OPTIONS='Protocol=2'
 FILE='/etc/ssh/sshd_config'
diff --git a/bin/hardening/9.3.2_sshd_loglevel.sh b/bin/hardening/9.3.2_sshd_loglevel.sh
index 3630976..ad70578 100755
--- a/bin/hardening/9.3.2_sshd_loglevel.sh
+++ b/bin/hardening/9.3.2_sshd_loglevel.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGE='openssh-server'
 OPTIONS='LogLevel=INFO'
 FILE='/etc/ssh/sshd_config'
diff --git a/bin/hardening/9.3.3_sshd_conf_perm_ownership.sh b/bin/hardening/9.3.3_sshd_conf_perm_ownership.sh
index 4e494ca..13b3933 100755
--- a/bin/hardening/9.3.3_sshd_conf_perm_ownership.sh
+++ b/bin/hardening/9.3.3_sshd_conf_perm_ownership.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=1
+
 FILE='/etc/ssh/sshd_config'
 PERMISSIONS='600'
 USER='root'
diff --git a/bin/hardening/9.3.4_disable_x11_forwarding.sh b/bin/hardening/9.3.4_disable_x11_forwarding.sh
index ae0bac2..b82c8b4 100755
--- a/bin/hardening/9.3.4_disable_x11_forwarding.sh
+++ b/bin/hardening/9.3.4_disable_x11_forwarding.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGE='openssh-server'
 OPTIONS='X11Forwarding=no'
 FILE='/etc/ssh/sshd_config'
diff --git a/bin/hardening/9.3.5_sshd_maxauthtries.sh b/bin/hardening/9.3.5_sshd_maxauthtries.sh
index a1c97f1..3cd5a52 100755
--- a/bin/hardening/9.3.5_sshd_maxauthtries.sh
+++ b/bin/hardening/9.3.5_sshd_maxauthtries.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGE='openssh-server'
 OPTIONS='MaxAuthTries=4'
 FILE='/etc/ssh/sshd_config'
diff --git a/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh b/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh
index 4071c5d..7ae0e55 100755
--- a/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh
+++ b/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGE='openssh-server'
 OPTIONS='IgnoreRhosts=yes'
 FILE='/etc/ssh/sshd_config'
diff --git a/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh b/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh
index f9d56a3..b9b8021 100755
--- a/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh
+++ b/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGE='openssh-server'
 OPTIONS='HostbasedAuthentication=no'
 FILE='/etc/ssh/sshd_config'
diff --git a/bin/hardening/9.3.8_disable_root_login.sh b/bin/hardening/9.3.8_disable_root_login.sh
index 310a7ed..1ddcfb1 100755
--- a/bin/hardening/9.3.8_disable_root_login.sh
+++ b/bin/hardening/9.3.8_disable_root_login.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='openssh-server'
 OPTIONS='PermitRootLogin=no'
 FILE='/etc/ssh/sshd_config'
diff --git a/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh b/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh
index 2de2de6..772bc41 100755
--- a/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh
+++ b/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=2
+
 PACKAGE='openssh-server'
 OPTIONS='PermitEmptyPasswords=no'
 FILE='/etc/ssh/sshd_config'
diff --git a/bin/hardening/9.4_secure_tty.sh b/bin/hardening/9.4_secure_tty.sh
index 024c492..71db30e 100755
--- a/bin/hardening/9.4_secure_tty.sh
+++ b/bin/hardening/9.4_secure_tty.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 FILE='/etc/securetty'
 
 # This function will be called if the script status is on enabled / audit mode
diff --git a/bin/hardening/9.5_restrict_su.sh b/bin/hardening/9.5_restrict_su.sh
index e4cf515..6eba2c1 100755
--- a/bin/hardening/9.5_restrict_su.sh
+++ b/bin/hardening/9.5_restrict_su.sh
@@ -11,6 +11,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+HARDENING_LEVEL=3
+
 PACKAGE='login'
 PATTERN='^auth[[:space:]]*required[[:space:]]*pam_wheel.so'
 FILE='/etc/pam.d/su'
diff --git a/etc/conf.d/.gitignore b/etc/conf.d/.gitignore
index e69de29..7103328 100644
--- a/etc/conf.d/.gitignore
+++ b/etc/conf.d/.gitignore
@@ -0,0 +1 @@
+*.cfg
diff --git a/etc/conf.d/1.1_install_updates.cfg b/etc/conf.d/1.1_install_updates.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/1.1_install_updates.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/10.1.1_set_password_exp_days.cfg b/etc/conf.d/10.1.1_set_password_exp_days.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/10.1.1_set_password_exp_days.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/10.1.2_set_password_min_days_change.cfg b/etc/conf.d/10.1.2_set_password_min_days_change.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/10.1.2_set_password_min_days_change.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/10.1.3_set_password_exp_warning_days.cfg b/etc/conf.d/10.1.3_set_password_exp_warning_days.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/10.1.3_set_password_exp_warning_days.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/10.2_disable_system_accounts.cfg b/etc/conf.d/10.2_disable_system_accounts.cfg
deleted file mode 100644
index 984069e..0000000
--- a/etc/conf.d/10.2_disable_system_accounts.cfg
+++ /dev/null
@@ -1,4 +0,0 @@
-# Configuration for script of same name
-status=disabled
-# Put here your exceptions concerning admin accounts shells separated by spaces
-EXCEPTIONS=""
diff --git a/etc/conf.d/10.3_default_root_group.cfg b/etc/conf.d/10.3_default_root_group.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/10.3_default_root_group.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/10.4_default_umask.cfg b/etc/conf.d/10.4_default_umask.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/10.4_default_umask.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/10.5_lock_inactive_user_account.cfg b/etc/conf.d/10.5_lock_inactive_user_account.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/10.5_lock_inactive_user_account.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/11.1_warning_banners.cfg b/etc/conf.d/11.1_warning_banners.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/11.1_warning_banners.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/11.2_remove_os_info_warning_banners.cfg b/etc/conf.d/11.2_remove_os_info_warning_banners.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/11.2_remove_os_info_warning_banners.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/11.3_graphical_warning_banners.cfg b/etc/conf.d/11.3_graphical_warning_banners.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/11.3_graphical_warning_banners.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/12.10_find_suid_files.cfg b/etc/conf.d/12.10_find_suid_files.cfg
deleted file mode 100644
index 5235a2f..0000000
--- a/etc/conf.d/12.10_find_suid_files.cfg
+++ /dev/null
@@ -1,5 +0,0 @@
-# Configuration for script of same name
-status=disabled
-
-# Put Here your valid suid binaries so that they do not appear during the audit
-EXCEPTIONS="/bin/mount /bin/ping /bin/ping6 /bin/su /bin/umount /usr/bin/chfn /usr/bin/chsh /usr/bin/fping /usr/bin/fping6 /usr/bin/gpasswd /usr/bin/mtr /usr/bin/newgrp /usr/bin/passwd /usr/bin/sudo /usr/bin/sudoedit /usr/lib/openssh/ssh-keysign /usr/lib/pt_chown /usr/bin/at"
diff --git a/etc/conf.d/12.11_find_sgid_files.cfg b/etc/conf.d/12.11_find_sgid_files.cfg
deleted file mode 100644
index d51d727..0000000
--- a/etc/conf.d/12.11_find_sgid_files.cfg
+++ /dev/null
@@ -1,4 +0,0 @@
-# Configuration for script of same name
-status=disabled
-# Put here valid binaries with sgid enabled separated by spaces
-EXCEPTIONS="/sbin/unix_chkpwd /usr/bin/bsd-write /usr/bin/chage /usr/bin/crontab /usr/bin/expiry /usr/bin/mutt_dotlock /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/sbin/postdrop /usr/sbin/postqueue /usr/bin/at /usr/bin/dotlockfile /usr/bin/mail-lock /usr/bin/mail-touchlock /usr/bin/mail-unlock"
diff --git a/etc/conf.d/12.1_etc_passwd_permissions.cfg b/etc/conf.d/12.1_etc_passwd_permissions.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/12.1_etc_passwd_permissions.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/12.2_etc_shadow_permissions.cfg b/etc/conf.d/12.2_etc_shadow_permissions.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/12.2_etc_shadow_permissions.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/12.3_etc_group_permissions.cfg b/etc/conf.d/12.3_etc_group_permissions.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/12.3_etc_group_permissions.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/12.4_etc_passwd_ownership.cfg b/etc/conf.d/12.4_etc_passwd_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/12.4_etc_passwd_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/12.5_etc_shadow_ownership.cfg b/etc/conf.d/12.5_etc_shadow_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/12.5_etc_shadow_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/12.6_etc_group_ownership.cfg b/etc/conf.d/12.6_etc_group_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/12.6_etc_group_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/12.7_find_world_writable_file.cfg b/etc/conf.d/12.7_find_world_writable_file.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/12.7_find_world_writable_file.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/12.8_find_unowned_files.cfg b/etc/conf.d/12.8_find_unowned_files.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/12.8_find_unowned_files.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/12.9_find_ungrouped_files.cfg b/etc/conf.d/12.9_find_ungrouped_files.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/12.9_find_ungrouped_files.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.10_find_user_rhosts_files.cfg b/etc/conf.d/13.10_find_user_rhosts_files.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.10_find_user_rhosts_files.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.11_find_passwd_group_inconsistencies.cfg b/etc/conf.d/13.11_find_passwd_group_inconsistencies.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.11_find_passwd_group_inconsistencies.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.12_users_valid_homedir.cfg b/etc/conf.d/13.12_users_valid_homedir.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.12_users_valid_homedir.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.13_check_user_homedir_ownership.cfg b/etc/conf.d/13.13_check_user_homedir_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.13_check_user_homedir_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.14_check_duplicate_uid.cfg b/etc/conf.d/13.14_check_duplicate_uid.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.14_check_duplicate_uid.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.15_check_duplicate_gid.cfg b/etc/conf.d/13.15_check_duplicate_gid.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.15_check_duplicate_gid.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.16_check_duplicate_username.cfg b/etc/conf.d/13.16_check_duplicate_username.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.16_check_duplicate_username.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.17_check_duplicate_groupname.cfg b/etc/conf.d/13.17_check_duplicate_groupname.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.17_check_duplicate_groupname.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.18_find_user_netrc_files.cfg b/etc/conf.d/13.18_find_user_netrc_files.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.18_find_user_netrc_files.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.19_find_user_forward_files.cfg b/etc/conf.d/13.19_find_user_forward_files.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.19_find_user_forward_files.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.1_remove_empty_password_field.cfg b/etc/conf.d/13.1_remove_empty_password_field.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.1_remove_empty_password_field.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.20_shadow_group_empty.cfg b/etc/conf.d/13.20_shadow_group_empty.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.20_shadow_group_empty.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.2_remove_legacy_passwd_entries.cfg b/etc/conf.d/13.2_remove_legacy_passwd_entries.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.2_remove_legacy_passwd_entries.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.3_remove_legacy_shadow_entries.cfg b/etc/conf.d/13.3_remove_legacy_shadow_entries.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.3_remove_legacy_shadow_entries.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.4_remove_legacy_group_entries.cfg b/etc/conf.d/13.4_remove_legacy_group_entries.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.4_remove_legacy_group_entries.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.5_find_0_uid_non_root_account.cfg b/etc/conf.d/13.5_find_0_uid_non_root_account.cfg
deleted file mode 100644
index 9575e88..0000000
--- a/etc/conf.d/13.5_find_0_uid_non_root_account.cfg
+++ /dev/null
@@ -1,4 +0,0 @@
-# Configuration for script of same name
-status=disabled
-# Put here valid accounts with uid 0 separated by spaces
-EXCEPTIONS=""
diff --git a/etc/conf.d/13.6_sanitize_root_path.cfg b/etc/conf.d/13.6_sanitize_root_path.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.6_sanitize_root_path.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.7_check_user_dir_perm.cfg b/etc/conf.d/13.7_check_user_dir_perm.cfg
deleted file mode 100644
index 16b509e..0000000
--- a/etc/conf.d/13.7_check_user_dir_perm.cfg
+++ /dev/null
@@ -1,4 +0,0 @@
-# Configuration for script of same name
-status=disabled
-# Put here user home directories exceptions, separated by spaces
-EXCEPTIONS=""
diff --git a/etc/conf.d/13.8_check_user_dot_file_perm.cfg b/etc/conf.d/13.8_check_user_dot_file_perm.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.8_check_user_dot_file_perm.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/13.9_set_perm_on_user_netrc.cfg b/etc/conf.d/13.9_set_perm_on_user_netrc.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/13.9_set_perm_on_user_netrc.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.10_home_nodev.cfg b/etc/conf.d/2.10_home_nodev.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.10_home_nodev.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.11_removable_device_nodev.cfg b/etc/conf.d/2.11_removable_device_nodev.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.11_removable_device_nodev.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.12_removable_device_noexec.cfg b/etc/conf.d/2.12_removable_device_noexec.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.12_removable_device_noexec.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.13_removable_device_nosuid.cfg b/etc/conf.d/2.13_removable_device_nosuid.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.13_removable_device_nosuid.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.14_run_shm_nodev.cfg b/etc/conf.d/2.14_run_shm_nodev.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.14_run_shm_nodev.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.15_run_shm_nosuid.cfg b/etc/conf.d/2.15_run_shm_nosuid.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.15_run_shm_nosuid.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.16_run_shm_noexec.cfg b/etc/conf.d/2.16_run_shm_noexec.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.16_run_shm_noexec.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.17_sticky_bit_world_writable_folder.cfg b/etc/conf.d/2.17_sticky_bit_world_writable_folder.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.17_sticky_bit_world_writable_folder.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.18_disable_cramfs.cfg b/etc/conf.d/2.18_disable_cramfs.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.18_disable_cramfs.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.19_disable_freevxfs.cfg b/etc/conf.d/2.19_disable_freevxfs.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.19_disable_freevxfs.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.1_tmp_partition.cfg b/etc/conf.d/2.1_tmp_partition.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.1_tmp_partition.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.20_disable_jffs2.cfg b/etc/conf.d/2.20_disable_jffs2.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.20_disable_jffs2.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.21_disable_hfs.cfg b/etc/conf.d/2.21_disable_hfs.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.21_disable_hfs.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.22_disable_hfsplus.cfg b/etc/conf.d/2.22_disable_hfsplus.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.22_disable_hfsplus.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.23_disable_squashfs.cfg b/etc/conf.d/2.23_disable_squashfs.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.23_disable_squashfs.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.24_disable_udf.cfg b/etc/conf.d/2.24_disable_udf.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.24_disable_udf.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.25_disable_automounting.cfg b/etc/conf.d/2.25_disable_automounting.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.25_disable_automounting.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.2_tmp_nodev.cfg b/etc/conf.d/2.2_tmp_nodev.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.2_tmp_nodev.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.3_tmp_nosuid.cfg b/etc/conf.d/2.3_tmp_nosuid.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.3_tmp_nosuid.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.4_tmp_noexec.cfg b/etc/conf.d/2.4_tmp_noexec.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.4_tmp_noexec.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.5_var_partition.cfg b/etc/conf.d/2.5_var_partition.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.5_var_partition.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.6.1_var_tmp_partition.cfg b/etc/conf.d/2.6.1_var_tmp_partition.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.6.1_var_tmp_partition.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.6.2_var_tmp_nodev.cfg b/etc/conf.d/2.6.2_var_tmp_nodev.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.6.2_var_tmp_nodev.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.6.3_var_tmp_nosuid.cfg b/etc/conf.d/2.6.3_var_tmp_nosuid.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.6.3_var_tmp_nosuid.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.6.4_var_tmp_noexec.cfg b/etc/conf.d/2.6.4_var_tmp_noexec.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.6.4_var_tmp_noexec.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.7_var_log_partition.cfg b/etc/conf.d/2.7_var_log_partition.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.7_var_log_partition.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.8_var_log_audit_partition.cfg b/etc/conf.d/2.8_var_log_audit_partition.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.8_var_log_audit_partition.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/2.9_home_partition.cfg b/etc/conf.d/2.9_home_partition.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/2.9_home_partition.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/3.1_bootloader_ownership.cfg b/etc/conf.d/3.1_bootloader_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/3.1_bootloader_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/3.2_bootloader_permissions.cfg b/etc/conf.d/3.2_bootloader_permissions.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/3.2_bootloader_permissions.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/3.3_bootloader_password.cfg b/etc/conf.d/3.3_bootloader_password.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/3.3_bootloader_password.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/3.4_root_password.cfg b/etc/conf.d/3.4_root_password.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/3.4_root_password.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/4.1_restrict_core_dumps.cfg b/etc/conf.d/4.1_restrict_core_dumps.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/4.1_restrict_core_dumps.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/4.2_enable_nx_support.cfg b/etc/conf.d/4.2_enable_nx_support.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/4.2_enable_nx_support.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/4.3_enable_randomized_vm_placement.cfg b/etc/conf.d/4.3_enable_randomized_vm_placement.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/4.3_enable_randomized_vm_placement.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/4.4_disable_prelink.cfg b/etc/conf.d/4.4_disable_prelink.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/4.4_disable_prelink.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/4.5_enable_apparmor.cfg b/etc/conf.d/4.5_enable_apparmor.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/4.5_enable_apparmor.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.1.1_disable_nis.cfg b/etc/conf.d/5.1.1_disable_nis.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.1.1_disable_nis.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.1.2_disable_rsh.cfg b/etc/conf.d/5.1.2_disable_rsh.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.1.2_disable_rsh.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.1.3_disable_rsh_client.cfg b/etc/conf.d/5.1.3_disable_rsh_client.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.1.3_disable_rsh_client.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.1.4_disable_talk.cfg b/etc/conf.d/5.1.4_disable_talk.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.1.4_disable_talk.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.1.5_disable_talk_client.cfg b/etc/conf.d/5.1.5_disable_talk_client.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.1.5_disable_talk_client.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.1.6_disable_telnet_server.cfg b/etc/conf.d/5.1.6_disable_telnet_server.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.1.6_disable_telnet_server.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.1.7_disable_tftp_server.cfg b/etc/conf.d/5.1.7_disable_tftp_server.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.1.7_disable_tftp_server.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.1.8_disable_inetd.cfg b/etc/conf.d/5.1.8_disable_inetd.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.1.8_disable_inetd.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.2_disable_chargen.cfg b/etc/conf.d/5.2_disable_chargen.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.2_disable_chargen.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.3_disable_daytime.cfg b/etc/conf.d/5.3_disable_daytime.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.3_disable_daytime.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.4_disable_echo.cfg b/etc/conf.d/5.4_disable_echo.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.4_disable_echo.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.5_disable_discard.cfg b/etc/conf.d/5.5_disable_discard.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.5_disable_discard.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/5.6_disable_time.cfg b/etc/conf.d/5.6_disable_time.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/5.6_disable_time.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.10_disable_http_server.cfg b/etc/conf.d/6.10_disable_http_server.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.10_disable_http_server.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.11_disable_imap_pop.cfg b/etc/conf.d/6.11_disable_imap_pop.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.11_disable_imap_pop.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.12_disable_samba.cfg b/etc/conf.d/6.12_disable_samba.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.12_disable_samba.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.13_disable_http_proxy.cfg b/etc/conf.d/6.13_disable_http_proxy.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.13_disable_http_proxy.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.14_disable_snmp_server.cfg b/etc/conf.d/6.14_disable_snmp_server.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.14_disable_snmp_server.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.15_mta_localhost.cfg b/etc/conf.d/6.15_mta_localhost.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.15_mta_localhost.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.16_disable_rsync.cfg b/etc/conf.d/6.16_disable_rsync.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.16_disable_rsync.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.1_disable_xwindow_system.cfg b/etc/conf.d/6.1_disable_xwindow_system.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.1_disable_xwindow_system.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.2_disable_avahi_server.cfg b/etc/conf.d/6.2_disable_avahi_server.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.2_disable_avahi_server.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.3_disable_print_server.cfg b/etc/conf.d/6.3_disable_print_server.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.3_disable_print_server.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.4_disable_dhcp.cfg b/etc/conf.d/6.4_disable_dhcp.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.4_disable_dhcp.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.5_configure_ntp.cfg b/etc/conf.d/6.5_configure_ntp.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.5_configure_ntp.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.6_disable_ldap.cfg b/etc/conf.d/6.6_disable_ldap.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.6_disable_ldap.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.7_disable_nfs_rpc.cfg b/etc/conf.d/6.7_disable_nfs_rpc.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.7_disable_nfs_rpc.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.8_disable_dns_server.cfg b/etc/conf.d/6.8_disable_dns_server.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.8_disable_dns_server.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/6.9_disable_ftp.cfg b/etc/conf.d/6.9_disable_ftp.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/6.9_disable_ftp.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.1.1_disable_ip_forwarding.cfg b/etc/conf.d/7.1.1_disable_ip_forwarding.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.1.1_disable_ip_forwarding.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.1.2_disable_send_packet_redirects.cfg b/etc/conf.d/7.1.2_disable_send_packet_redirects.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.1.2_disable_send_packet_redirects.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.2.1_disable_source_routed_packets.cfg b/etc/conf.d/7.2.1_disable_source_routed_packets.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.2.1_disable_source_routed_packets.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.2.2_disable_icmp_redirect.cfg b/etc/conf.d/7.2.2_disable_icmp_redirect.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.2.2_disable_icmp_redirect.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.2.3_disable_secure_icmp_redirect.cfg b/etc/conf.d/7.2.3_disable_secure_icmp_redirect.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.2.3_disable_secure_icmp_redirect.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.2.4_log_martian_packets.cfg b/etc/conf.d/7.2.4_log_martian_packets.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.2.4_log_martian_packets.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.2.5_ignore_broadcast_requests.cfg b/etc/conf.d/7.2.5_ignore_broadcast_requests.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.2.5_ignore_broadcast_requests.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.2.6_enable_bad_error_message_protection.cfg b/etc/conf.d/7.2.6_enable_bad_error_message_protection.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.2.6_enable_bad_error_message_protection.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.2.7_enable_source_route_validation.cfg b/etc/conf.d/7.2.7_enable_source_route_validation.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.2.7_enable_source_route_validation.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.2.8_enable_tcp_syn_cookies.cfg b/etc/conf.d/7.2.8_enable_tcp_syn_cookies.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.2.8_enable_tcp_syn_cookies.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.3.1_disable_ipv6_router_advertisement.cfg b/etc/conf.d/7.3.1_disable_ipv6_router_advertisement.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.3.1_disable_ipv6_router_advertisement.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.3.2_disable_ipv6_redirect.cfg b/etc/conf.d/7.3.2_disable_ipv6_redirect.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.3.2_disable_ipv6_redirect.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.3.3_disable_ipv6.cfg b/etc/conf.d/7.3.3_disable_ipv6.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.3.3_disable_ipv6.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.4.1_install_tcp_wrapper.cfg b/etc/conf.d/7.4.1_install_tcp_wrapper.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.4.1_install_tcp_wrapper.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.4.2_hosts_allow.cfg b/etc/conf.d/7.4.2_hosts_allow.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.4.2_hosts_allow.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.4.3_hosts_allow_permissions.cfg b/etc/conf.d/7.4.3_hosts_allow_permissions.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.4.3_hosts_allow_permissions.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.4.4_hosts_deny.cfg b/etc/conf.d/7.4.4_hosts_deny.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.4.4_hosts_deny.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.4.5_hosts_deny_permissions.cfg b/etc/conf.d/7.4.5_hosts_deny_permissions.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.4.5_hosts_deny_permissions.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.5.1_disable_dccp.cfg b/etc/conf.d/7.5.1_disable_dccp.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.5.1_disable_dccp.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.5.2_disable_sctp.cfg b/etc/conf.d/7.5.2_disable_sctp.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.5.2_disable_sctp.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.5.3_disable_rds.cfg b/etc/conf.d/7.5.3_disable_rds.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.5.3_disable_rds.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.5.4_disable_tipc.cfg b/etc/conf.d/7.5.4_disable_tipc.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.5.4_disable_tipc.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.6_disable_wireless.cfg b/etc/conf.d/7.6_disable_wireless.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.6_disable_wireless.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/7.7_enable_firewall.cfg b/etc/conf.d/7.7_enable_firewall.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/7.7_enable_firewall.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.0_enable_auditd_kernel.cfg b/etc/conf.d/8.0_enable_auditd_kernel.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.0_enable_auditd_kernel.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.1.1_audit_log_storage.cfg b/etc/conf.d/8.1.1.1_audit_log_storage.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.1.1_audit_log_storage.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.1.2_halt_when_audit_log_full.cfg b/etc/conf.d/8.1.1.2_halt_when_audit_log_full.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.1.2_halt_when_audit_log_full.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.1.3_keep_all_audit_logs.cfg b/etc/conf.d/8.1.1.3_keep_all_audit_logs.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.1.3_keep_all_audit_logs.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.10_record_dac_edit.cfg b/etc/conf.d/8.1.10_record_dac_edit.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.10_record_dac_edit.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.11_record_failed_access_file.cfg b/etc/conf.d/8.1.11_record_failed_access_file.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.11_record_failed_access_file.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.12_record_privileged_commands.cfg b/etc/conf.d/8.1.12_record_privileged_commands.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.12_record_privileged_commands.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.13_record_successful_mount.cfg b/etc/conf.d/8.1.13_record_successful_mount.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.13_record_successful_mount.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.14_record_file_deletions.cfg b/etc/conf.d/8.1.14_record_file_deletions.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.14_record_file_deletions.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.15_record_sudoers_edit.cfg b/etc/conf.d/8.1.15_record_sudoers_edit.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.15_record_sudoers_edit.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.16_record_sudo_usage.cfg b/etc/conf.d/8.1.16_record_sudo_usage.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.16_record_sudo_usage.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.17_record_kernel_modules.cfg b/etc/conf.d/8.1.17_record_kernel_modules.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.17_record_kernel_modules.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.18_freeze_auditd_conf.cfg b/etc/conf.d/8.1.18_freeze_auditd_conf.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.18_freeze_auditd_conf.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.2_enable_auditd.cfg b/etc/conf.d/8.1.2_enable_auditd.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.2_enable_auditd.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.3_audit_bootloader.cfg b/etc/conf.d/8.1.3_audit_bootloader.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.3_audit_bootloader.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.4_record_date_time_edit.cfg b/etc/conf.d/8.1.4_record_date_time_edit.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.4_record_date_time_edit.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.5_record_user_group_edit.cfg b/etc/conf.d/8.1.5_record_user_group_edit.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.5_record_user_group_edit.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.6_record_network_edit.cfg b/etc/conf.d/8.1.6_record_network_edit.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.6_record_network_edit.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.7_record_mac_edit.cfg b/etc/conf.d/8.1.7_record_mac_edit.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.7_record_mac_edit.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.8_record_login_logout.cfg b/etc/conf.d/8.1.8_record_login_logout.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.8_record_login_logout.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.1.9_record_session_init.cfg b/etc/conf.d/8.1.9_record_session_init.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.1.9_record_session_init.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.2.1_install_syslog-ng.cfg b/etc/conf.d/8.2.1_install_syslog-ng.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.2.1_install_syslog-ng.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.2.2_enable_syslog-ng.cfg b/etc/conf.d/8.2.2_enable_syslog-ng.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.2.2_enable_syslog-ng.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.2.3_configure_syslog-ng.cfg b/etc/conf.d/8.2.3_configure_syslog-ng.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.2.3_configure_syslog-ng.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.2.4_set_logfile_perm.cfg b/etc/conf.d/8.2.4_set_logfile_perm.cfg
deleted file mode 100644
index 2b93105..0000000
--- a/etc/conf.d/8.2.4_set_logfile_perm.cfg
+++ /dev/null
@@ -1,3 +0,0 @@
-# Configuration for script of same name
-status=disabled
-SYSLOG_BASEDIR='/etc/syslog-ng'
diff --git a/etc/conf.d/8.2.5_syslog-ng_remote_host.cfg b/etc/conf.d/8.2.5_syslog-ng_remote_host.cfg
deleted file mode 100644
index 2b93105..0000000
--- a/etc/conf.d/8.2.5_syslog-ng_remote_host.cfg
+++ /dev/null
@@ -1,3 +0,0 @@
-# Configuration for script of same name
-status=disabled
-SYSLOG_BASEDIR='/etc/syslog-ng'
diff --git a/etc/conf.d/8.2.6_remote_syslog-ng_acl.cfg b/etc/conf.d/8.2.6_remote_syslog-ng_acl.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.2.6_remote_syslog-ng_acl.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.3.1_install_tripwire.cfg b/etc/conf.d/8.3.1_install_tripwire.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.3.1_install_tripwire.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.3.2_tripwire_cron.cfg b/etc/conf.d/8.3.2_tripwire_cron.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.3.2_tripwire_cron.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/8.4_configure_logrotate.cfg b/etc/conf.d/8.4_configure_logrotate.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/8.4_configure_logrotate.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.1.1_enable_cron.cfg b/etc/conf.d/9.1.1_enable_cron.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.1.1_enable_cron.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.1.2_crontab_perm_ownership.cfg b/etc/conf.d/9.1.2_crontab_perm_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.1.2_crontab_perm_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.1.3_cron_hourly_perm_ownership.cfg b/etc/conf.d/9.1.3_cron_hourly_perm_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.1.3_cron_hourly_perm_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.1.4_cron_daily_perm_ownership.cfg b/etc/conf.d/9.1.4_cron_daily_perm_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.1.4_cron_daily_perm_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.1.5_cron_weekly_perm_ownership.cfg b/etc/conf.d/9.1.5_cron_weekly_perm_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.1.5_cron_weekly_perm_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.1.6_cron_monthly_perm_ownership.cfg b/etc/conf.d/9.1.6_cron_monthly_perm_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.1.6_cron_monthly_perm_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.1.7_cron_d_perm_ownership.cfg b/etc/conf.d/9.1.7_cron_d_perm_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.1.7_cron_d_perm_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.1.8_cron_users.cfg b/etc/conf.d/9.1.8_cron_users.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.1.8_cron_users.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.2.1_enable_cracklib.cfg b/etc/conf.d/9.2.1_enable_cracklib.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.2.1_enable_cracklib.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.2.2_enable_lockout_failed_password.cfg b/etc/conf.d/9.2.2_enable_lockout_failed_password.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.2.2_enable_lockout_failed_password.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.2.3_limit_password_reuse.cfg b/etc/conf.d/9.2.3_limit_password_reuse.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.2.3_limit_password_reuse.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.3.10_disable_sshd_setenv.cfg b/etc/conf.d/9.3.10_disable_sshd_setenv.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.3.10_disable_sshd_setenv.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.3.11_sshd_ciphers.cfg b/etc/conf.d/9.3.11_sshd_ciphers.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.3.11_sshd_ciphers.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.3.12_sshd_idle_timeout.cfg b/etc/conf.d/9.3.12_sshd_idle_timeout.cfg
deleted file mode 100644
index 34efc50..0000000
--- a/etc/conf.d/9.3.12_sshd_idle_timeout.cfg
+++ /dev/null
@@ -1,5 +0,0 @@
-# Configuration for script of same name
-status=disabled
-# In seconds, value of ClientAliveInterval, ClientAliveCountMax bedoing set to 0
-# Settles sshd idle timeout
-SSHD_TIMEOUT=900 
diff --git a/etc/conf.d/9.3.13_sshd_limit_access.cfg b/etc/conf.d/9.3.13_sshd_limit_access.cfg
deleted file mode 100644
index 1fd153a..0000000
--- a/etc/conf.d/9.3.13_sshd_limit_access.cfg
+++ /dev/null
@@ -1,9 +0,0 @@
-# Configuration for script of same name
-status=disabled
-
-# Put here ssh user hardening list, there is a default in script to not break your configuration
-# However, it can erase current configuration
-ALLOWED_USERS=''
-ALLOWED_GROUPS=''
-DENIED_USERS=''
-DENIED_GROUPS=''
diff --git a/etc/conf.d/9.3.14_ssh_banner.cfg b/etc/conf.d/9.3.14_ssh_banner.cfg
deleted file mode 100644
index 91ec8ae..0000000
--- a/etc/conf.d/9.3.14_ssh_banner.cfg
+++ /dev/null
@@ -1,4 +0,0 @@
-# Configuration for script of same name
-status=disabled
-# Put here banner file, default to /etc/issue.net
-BANNER_FILE=""
diff --git a/etc/conf.d/9.3.1_sshd_protocol.cfg b/etc/conf.d/9.3.1_sshd_protocol.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.3.1_sshd_protocol.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.3.2_sshd_loglevel.cfg b/etc/conf.d/9.3.2_sshd_loglevel.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.3.2_sshd_loglevel.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.3.3_sshd_conf_perm_ownership.cfg b/etc/conf.d/9.3.3_sshd_conf_perm_ownership.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.3.3_sshd_conf_perm_ownership.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.3.4_disable_x11_forwarding.cfg b/etc/conf.d/9.3.4_disable_x11_forwarding.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.3.4_disable_x11_forwarding.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.3.5_sshd_maxauthtries.cfg b/etc/conf.d/9.3.5_sshd_maxauthtries.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.3.5_sshd_maxauthtries.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.3.6_enable_sshd_ignorerhosts.cfg b/etc/conf.d/9.3.6_enable_sshd_ignorerhosts.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.3.6_enable_sshd_ignorerhosts.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.3.7_disable_sshd_hostbasedauthentication.cfg b/etc/conf.d/9.3.7_disable_sshd_hostbasedauthentication.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.3.7_disable_sshd_hostbasedauthentication.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.3.8_disable_root_login.cfg b/etc/conf.d/9.3.8_disable_root_login.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.3.8_disable_root_login.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.3.9_disable_sshd_permitemptypasswords.cfg b/etc/conf.d/9.3.9_disable_sshd_permitemptypasswords.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.3.9_disable_sshd_permitemptypasswords.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.4_secure_tty.cfg b/etc/conf.d/9.4_secure_tty.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.4_secure_tty.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/9.5_restrict_su.cfg b/etc/conf.d/9.5_restrict_su.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/9.5_restrict_su.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/99.1_timeout_tty.cfg b/etc/conf.d/99.1_timeout_tty.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/99.1_timeout_tty.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/etc/conf.d/99.2_disable_usb_devices.cfg b/etc/conf.d/99.2_disable_usb_devices.cfg
deleted file mode 100644
index acee522..0000000
--- a/etc/conf.d/99.2_disable_usb_devices.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-# Configuration for script of same name
-status=disabled
diff --git a/lib/common.sh b/lib/common.sh
index e5d3734..9d819ba 100644
--- a/lib/common.sh
+++ b/lib/common.sh
@@ -46,9 +46,9 @@ _logger() {
     COLOR=$1
     shift
     test -z "$SCRIPT_NAME" && SCRIPT_NAME=$(basename $0)
-    SCRIPT_NAME=$(printf "%-25.25s" "$SCRIPT_NAME")
     builtin echo "$*" | /usr/bin/logger -t "[CIS_Hardening] $SCRIPT_NAME" -p "user.info"
-    cecho $COLOR "$SCRIPT_NAME $*"
+    SCRIPT_NAME_FIXEDLEN=$(printf "%-25.25s" "$SCRIPT_NAME")
+    cecho $COLOR "$SCRIPT_NAME_FIXEDLEN $*"
 }
 
 cecho () {
@@ -72,7 +72,7 @@ ok () {
 }
 
 info () {
-    if [ $MACHINE_LOG_LEVEL -ge 4 ]; then _logger $BWHITE "[INFO] $*"; fi
+    if [ $MACHINE_LOG_LEVEL -ge 4 ]; then _logger ''      "[INFO] $*"; fi
 }
 
 debug () {
diff --git a/lib/main.sh b/lib/main.sh
index 7808f28..3d21668 100644
--- a/lib/main.sh
+++ b/lib/main.sh
@@ -3,37 +3,30 @@ SCRIPT_NAME=${LONG_SCRIPT_NAME%.sh}
 # Variable initialization, to avoid crash
 CRITICAL_ERRORS_NUMBER=0 # This will be used to see if a script failed, or passed
 status=""
+forcedstatus=""
 
 [ -r $CIS_ROOT_DIR/lib/constants.sh  ] && . $CIS_ROOT_DIR/lib/constants.sh
 [ -r $CIS_ROOT_DIR/etc/hardening.cfg ] && . $CIS_ROOT_DIR/etc/hardening.cfg
 [ -r $CIS_ROOT_DIR/lib/common.sh     ] && . $CIS_ROOT_DIR/lib/common.sh
 [ -r $CIS_ROOT_DIR/lib/utils.sh      ] && . $CIS_ROOT_DIR/lib/utils.sh
 
-# Source specific configuration file
-[ -r $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg ] && . $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg
-
 # Environment Sanitizing
 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
 
 info "Working on $SCRIPT_NAME"
 
-if [ -z $status ]; then
-    crit "Could not find status variable for $SCRIPT_NAME, considered as disabled"
-    exit 2
-fi
-
 # Arguments parsing
 while [[ $# > 0 ]]; do
     ARG="$1"
     case $ARG in
         --audit-all)
             debug "Audit all specified, setting status to audit regardless of configuration"
-            status=audit
+            forcedstatus=auditall
         ;;
         --audit)
-        if [ $status != 'disabled' -a $status != 'false' ]; then
+        if [ "$status" != 'disabled' -a "$status" != 'false' ]; then
             debug "Audit argument detected, setting status to audit"
-            status=audit
+            forcedstatus=audit
         else
             info "Audit argument passed but script is disabled"
         fi
@@ -45,6 +38,39 @@ while [[ $# > 0 ]]; do
     shift
 done
 
+# Source specific configuration file
+if ! [ -r $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg ] ; then
+    # If it doesn't exist, create it with default values
+    echo "# Configuration for $SCRIPT_NAME, created from default values on `date`" > $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg
+    # If create_config is a defined function, execute it.
+    # Otherwise, just disable the test by default.
+    if type -t create_config | grep -qw function ; then
+        create_config >> $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg
+    else
+        echo "status=disabled" >> $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg
+    fi
+fi
+[ -r $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg ] && . $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg
+
+# Now check configured value for status, and potential cmdline parameter
+if [ "$forcedstatus" = "auditall" ] ; then
+    # We want to audit even disabled script, so override config value in any case
+    status=audit
+elif [ "$forcedstatus" = "audit" ] ; then
+    # We want to audit only enabled scripts
+    if [ "$status" != 'disabled' -a "$status" != 'false' ]; then
+        debug "Audit argument detected, setting status to audit"
+        status=audit
+    else
+        info "Audit argument passed but script is disabled"
+    fi
+fi
+
+if [ -z $status ]; then
+    crit "Could not find status variable for $SCRIPT_NAME, considered as disabled"
+    exit 2
+fi
+
 case $status in
     enabled | true )
         info "Checking Configuration"
diff --git a/lib/utils.sh b/lib/utils.sh
index 579b961..71278aa 100644
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -204,9 +204,17 @@ is_service_enabled() {
 #
 
 is_kernel_option_enabled() {
-    local KERNEL_OPTION=$1
-    RESULT=$(zgrep -i $KERNEL_OPTION /proc/config.gz | grep -vE "^#") || :
-    ANSWER=$(cut -d = -f 2 <<< $RESULT)
+    local KERNEL_OPTION="$1"
+    local MODULE_NAME=""
+    if [ $# -ge 2 ] ; then
+        MODULE_NAME="$2"
+    fi
+    if [ -r "/proc/config.gz" ] ; then
+        RESULT=$(zgrep "^$KERNEL_OPTION=" /proc/config.gz) || :
+    elif [ -r "/boot/config-$(uname -r)" ] ; then
+        RESULT=$(grep "^$KERNEL_OPTION=" "/boot/config-$(uname -r)") || :
+    fi
+    ANSWER=$(cut -d = -f 2 <<< "$RESULT")
     if [ "x$ANSWER" = "xy" ]; then
         debug "Kernel option $KERNEL_OPTION enabled"
         FNRET=0
@@ -217,6 +225,25 @@ is_kernel_option_enabled() {
         debug "Kernel option $KERNEL_OPTION not found"
         FNRET=2 # Not found
     fi
+
+    if [ "$FNRET" -ne 0 -a -n "$MODULE_NAME" -a -d "/lib/modules/$(uname -r)" ] ; then
+        # also check in modules, because even if not =y, maybe
+        # the admin compiled it separately later (or out-of-tree)
+        # as a module (regardless of the fact that we have =m or not)
+        debug "Checking if we have $MODULE_NAME.ko"
+        local modulefile=$(find "/lib/modules/$(uname -r)/" -type f -name "$MODULE_NAME.ko")
+        if [ -n "$modulefile" ] ; then
+            debug "We do have $modulefile!"
+            # ... but wait, maybe it's blacklisted? check files in /etc/modprobe.d/ for "blacklist xyz"
+            if grep -qRE "^\s*blacklist\s+$MODULE_NAME\s*$" /etc/modprobe.d/ ; then
+                debug "... but it's blacklisted!"
+                FNRET=1 # Not found (found but blacklisted)
+                # FIXME: even if blacklisted, it might be present in the initrd and
+                # be insmod from there... but painful to check :/ maybe lsmod would be enough ?
+            fi
+            FNRET=0 # Found!
+        fi
+    fi
 }
 
 #