chore: drop debian 10 and below support (#264)

Currently, the only LTS Debian are 11 and 12
We only support CIS for LTS debian

Co-authored-by: Damien Cavagnini <damien.cavagnini@corp.ovh.com>

tests/docker/Dockerfile.debian10

@@ -1,22 +0,0 @@
-FROM debian:buster
-
-LABEL vendor="OVH"
-LABEL project="debian-cis"
-LABEL url="https://github.com/ovh/debian-cis"
-LABEL description="This image is used to run tests"
-
-RUN groupadd -g 500 secaudit && useradd  -u 500 -g 500 -s /bin/bash secaudit && install -m 700 -o secaudit -g secaudit -d /home/secaudit
-
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server sudo syslog-ng net-tools auditd
-
-COPY --chown=500:500 . /opt/debian-cis/
-
-COPY debian/default /etc/default/cis-hardening
-RUN sed -i 's#cis-hardening#debian-cis#' /etc/default/cis-hardening
-
-COPY cisharden.sudoers /etc/sudoers.d/secaudit
-RUN sed -i 's#cisharden#secaudit#' /etc/sudoers.d/secaudit
-
-
-ENTRYPOINT ["/opt/debian-cis/tests/launch_tests.sh"]
-

tests/hardening/acc_logindefs_sha512.sh

@@ -36,35 +36,4 @@ test_audit() {
     register_test contain "is present in /etc/login.defs"
     run sha512pass "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
-    # DEB_MAJ_VER cannot be overwritten here;
-    # therefore we need to trick get_debian_major_version
-    ORIGINAL_DEB_VER="$(cat /etc/debian_version)"
-    echo "sid" >/etc/debian_version
-
-    describe Running on blank host as sid
-    register_test retvalshouldbe 0
-    register_test contain "(SHA512|yescrypt|YESCRYPT)"
-    # shellcheck disable=2154
-    run blanksid "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
-
-    cp /etc/login.defs /tmp/login.defs.bak
-    sed -ir 's/ENCRYPT_METHOD[[:space:]]\+.*/ENCRYPT_METHOD MD5/' /etc/login.defs
-
-    describe Fail: wrong hash function configuration as sid
-    register_test retvalshouldbe 1
-    register_test contain "(SHA512|yescrypt|YESCRYPT)"
-    run wrongconfsid "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
-
-    describe Correcting situation as sid
-    sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
-    "${CIS_CHECKS_DIR}/${script}.sh" || true
-
-    describe Checking resolved state as sid
-    register_test retvalshouldbe 0
-    register_test contain "(SHA512|yescrypt|YESCRYPT)"
-    run sha512passsid "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
-
-    # Cleanup
-    echo -n "$ORIGINAL_DEB_VER" >/etc/debian_version
-    unset ORIGINAL_DEB_VER
 }

tests/hardening/acc_pam_sha512.sh

@@ -21,35 +21,6 @@ test_audit() {
     describe Checking resolved state
     register_test retvalshouldbe 0
     register_test contain "is present in /etc/pam.d/common-password"
-    run solvedsid "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
-    # DEB_MAJ_VER cannot be overwritten here;
-    # therefore we need to trick get_debian_major_version
-    ORIGINAL_DEB_VER="$(cat /etc/debian_version)"
-    echo "sid" >/etc/debian_version
-
-    describe Running on blank host as sid
-    register_test retvalshouldbe 0
-    register_test contain "(sha512|yescrypt)"
-    run blanksid "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
-
-    describe Tests purposely failing as sid
-    sed -i '/pam_unix.so/ s/sha512/sha256/' "/etc/pam.d/common-password"   # Debian 10
-    sed -i '/pam_unix.so/ s/yescrypt/sha256/' "/etc/pam.d/common-password" # Debian 11+
-    register_test retvalshouldbe 1
-    register_test contain "is not present"
-    run noncompliantsid "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
-
-    describe correcting situation as sid
-    sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
-    "${CIS_CHECKS_DIR}/${script}.sh" --apply || true
-
-    describe Checking resolved state as sid
-    register_test retvalshouldbe 0
-    register_test contain "is present in /etc/pam.d/common-password"
-    run solvedsid "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
-
-    # Cleanup
-    echo -n "$ORIGINAL_DEB_VER" >/etc/debian_version
-    unset ORIGINAL_DEB_VER
 }