chore: drop debian 10 and below support (#264)

Currently, the only LTS Debian are 11 and 12 We only support CIS for LTS debian Co-authored-by: Damien Cavagnini <damien.cavagnini@corp.ovh.com>
2025-07-15 21:32:17 +02:00 · 2025-07-04 14:18:56 +02:00
parent f2c6f36b94
commit ab0dba9f95
18 changed files with 32 additions and 156 deletions
--- a/bin/hardening/enable_lockout_failed_password.sh
+++ b/bin/hardening/enable_lockout_failed_password.sh
@ -59,23 +59,14 @@ apply() {
        ok "$PATTERN_AUTH is present in $FILE_AUTH"
    else
        warn "$PATTERN_AUTH is not present in $FILE_AUTH, adding it"
-        if [ 10 -ge "$DEB_MAJ_VER" ]; then
-            add_line_file_before_pattern "$FILE_AUTH" "auth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900" "# pam-auth-update(8) for details."
-        else
-            add_line_file_before_pattern "$FILE_AUTH" "auth required pam_faillock.so onerr=fail audit silent deny=5 unlock_time=900" "# pam-auth-update(8) for details."
-        fi
+        add_line_file_before_pattern "$FILE_AUTH" "auth required pam_faillock.so onerr=fail audit silent deny=5 unlock_time=900" "# pam-auth-update(8) for details."
    fi
    does_pattern_exist_in_file "$FILE_ACCOUNT" "$PATTERN_ACCOUNT"
    if [ "$FNRET" = 0 ]; then
        ok "$PATTERN_ACCOUNT is present in $FILE_ACCOUNT"
    else
        warn "$PATTERN_ACCOUNT is not present in $FILE_ACCOUNT, adding it"
-        if [ 10 -ge "$DEB_MAJ_VER" ]; then
-            add_line_file_before_pattern "$FILE_ACCOUNT" "account required pam_tally2.so" "# pam-auth-update(8) for details."
-        else
-            add_line_file_before_pattern "$FILE_ACCOUNT" "account required pam_faillock.so" "# pam-auth-update(8) for details."
-        fi
-
+        add_line_file_before_pattern "$FILE_ACCOUNT" "account required pam_faillock.so" "# pam-auth-update(8) for details."
    fi
 }