elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-07-15 21:32:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: drop debian 10 and below support

Browse Source 
Currently, the only LTS Debian are 11 and 12
We only support CIS for LTS debian
This commit is contained in:
Damien Cavagnini
2025-07-03 13:14:10 +02:00
parent f2c6f36b94
commit 5ee187c7ca
18 changed files with 32 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bin/hardening/acc_shadow_sha512.sh
View File

@ -37,7 +37,7 @@ audit() {
pw_found+="$user "
ok "User $user has a disabled password."
# yescrypt: Check password against $y$<salt>$<base64>
elif [ "$DEB_MAJ_VER" -ge "11" ] && [[ $passwd =~ ^\$y\$[./A-Za-z0-9]+\$[./A-Za-z0-9]{,86}\$[./A-Za-z0-9]{43} ]]; then
elif [[ $passwd =~ ^\$y\$[./A-Za-z0-9]+\$[./A-Za-z0-9]{,86}\$[./A-Za-z0-9]{43} ]]; then
pw_found+="$user "
ok "User $user has suitable yescrypt hashed password."
# sha512: Check password against $6$<salt>$<base64>, see `man 3 crypt`
@ -46,11 +46,7 @@ audit() {
ok "User $user has suitable sha512crypt hashed password."
else
pw_found+="$user "
if [ "$DEB_MAJ_VER" -ge "11" ]; then
crit "User $user has a password that is not sha512crypt nor yescrypt hashed."
else
crit "User $user has a password that is not sha512crypt hashed."
fi
crit "User $user has a password that is not sha512crypt nor yescrypt hashed."
fi
done
if [[ -z "$users_reviewed" ]]; then