From 89cf484cb91cfc6a79f0d4e4dcfa596616589e92 Mon Sep 17 00:00:00 2001
From: "kevin.tanguy" <kevin.tanguy@ovh.net>
Date: Wed, 14 Aug 2019 10:36:25 +0200
Subject: [PATCH] fix(99.4): do not stderr iptables warning on buster

---
 bin/hardening/99.4_net_fw_default_policy_drop.sh | 2 +-
 debian/changelog                                 | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/bin/hardening/99.4_net_fw_default_policy_drop.sh b/bin/hardening/99.4_net_fw_default_policy_drop.sh
index 1f2c184..d683e4e 100755
--- a/bin/hardening/99.4_net_fw_default_policy_drop.sh
+++ b/bin/hardening/99.4_net_fw_default_policy_drop.sh
@@ -26,7 +26,7 @@ audit () {
     if [ "$FNRET" != 0 ]; then
         crit "$PACKAGE is not installed!"
     else
-        ipt=$($SUDO_CMD $PACKAGE -nL  || true )
+        ipt=$($SUDO_CMD $PACKAGE -nL 2>/dev/null || true )
         if [[ -z $ipt ]]; then
             crit "Empty return from $PACKAGE command. Aborting..."
             return
diff --git a/debian/changelog b/debian/changelog
index f04f1f8..5d74a3f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cis-hardening (1.2-5) unstable; urgency=medium
+
+  * fix(99.4): do not stderr iptables warning on buster
+
+ -- Kevin Tanguy <kevin.tanguy@ovh.net>  Wed, 14 Aug 2019 10:34:15 +0200
+
 cis-hardening (1.2-4) unstable; urgency=medium
 
   * changelog: update changelog