fix: allow set-hardening-level option usage

Was broken since 2020, fixes #230
bump to 4.1.4
2025-07-16 13:52:17 +02:00 · 2024-02-01 14:57:33 +00:00 · 2024-01-18 09:16:00 +00:00 · 2024-01-10 17:07:02 +01:00 · 2023-12-27 13:42:10 +01:00 · 2023-12-27 10:27:06 +01:00
504 changed files with 2478 additions and 2328 deletions
--- a/.github/workflows/compile-manual.yml
+++ b/.github/workflows/compile-manual.yml
@ -7,7 +7,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Produce debian man
        run: 'docker run --rm --volume "`pwd`:/data" --user `id -u`:`id -g` pandoc/latex:2.6 MANUAL.md -s -t man > debian/cis-hardening.8'
      - uses: EndBug/add-and-commit@v9
--- a/.github/workflows/functionnal-tests.yml
+++ b/.github/workflows/functionnal-tests.yml
@ -8,13 +8,20 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Run the tests debian10
        run: ./tests/docker_build_and_run_tests.sh debian10
  functionnal-tests-docker-debian11:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Run the tests debian11
        run: ./tests/docker_build_and_run_tests.sh debian11
  functionnal-tests-docker-debian12:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Run the tests debian12
        run: ./tests/docker_build_and_run_tests.sh debian12
--- a/.github/workflows/pre-release.yml
+++ b/.github/workflows/pre-release.yml
@ -11,7 +11,7 @@ jobs:
    steps:
      # CHECKOUT CODE
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      # BUILD THE .DEB PACKAGE
      - name: Build
        run: |
@ -21,7 +21,7 @@ jobs:
          find ../ -name "*.deb" -exec mv {} cis-hardening.deb \;
      # DELETE THE TAG NAMED LATEST AND THE CORRESPONDING RELEASE
      - name: Delete the tag latest and the release latest
-        uses: dev-drprasad/delete-tag-and-release@v0.2.1
+        uses: dev-drprasad/delete-tag-and-release@v1.0.1
        with:
          delete_release: true
          tag_name: latest
@ -34,7 +34,7 @@ jobs:
      # GENERATE CHANGELOG CORRESPONDING TO COMMIT BETWEEN HEAD AND COMPUTED LAST TAG
      - name: Generate changelog
        id: changelog
-        uses: metcalfc/changelog-generator@v4.1.0
+        uses: metcalfc/changelog-generator@v4.2.0
        with:
          myToken: ${{ secrets.GITHUB_TOKEN }}
          head-ref: ${{ github.sha }}
--- a/.github/workflows/shellcheck_and_shellfmt.yml
+++ b/.github/workflows/shellcheck_and_shellfmt.yml
@ -8,9 +8,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Run the sh-checker
-        uses: luizm/action-sh-checker@v0.7.0
+        uses: luizm/action-sh-checker@v0.8.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Optional if sh_checker_comment is false.
          SHFMT_OPTS: -l -i 4 -w # Optional: pass arguments to shfmt.
@ -24,6 +24,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Run shellcheck
        run: ./shellcheck/docker_build_and_run_shellcheck.sh
--- a/.github/workflows/tagged-release.yml
+++ b/.github/workflows/tagged-release.yml
@ -15,7 +15,7 @@ jobs:
        run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
      # CHECKOUT CODE
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          ref: ${{ steps.vars.outputs.tag }}
      # GENERATE CHANGELOG CORRESPONDING TO ENTRY IN DEBIAN/CHANGELOG
@ -33,7 +33,7 @@ jobs:
          find ../ -name "*.deb" -exec mv {} cis-hardening.deb \;
      # DELETE THE TAG NAMED LATEST AND THE CORRESPONDING RELEASE
      - name: Delete the tag latest and the release latest
-        uses: dev-drprasad/delete-tag-and-release@v0.2.1
+        uses: dev-drprasad/delete-tag-and-release@v1.0.1
        with:
          delete_release: true
          tag_name: latest
--- a/MANUAL.md
+++ b/MANUAL.md
@ -4,7 +4,7 @@
 # NAME
-cis-hardening - CIS Debian 9/10 Hardening
+cis-hardening - CIS Debian 10/11/12 Hardening
 # SYNOPSIS
@ -12,7 +12,7 @@ cis-hardening - CIS Debian 9/10 Hardening
 # DESCRIPTION
-Modular Debian 9/10 security hardening scripts based on the CIS (https://www.cisecurity.org) recommendations.
+Modular Debian 10/11/12 security hardening scripts based on the CIS (https://www.cisecurity.org) recommendations.
 We use it at OVHcloud (https://www.ovhcloud.com) to harden our PCI-DSS infrastructure.
@ -139,7 +139,7 @@ will create a timestamped backup in this directory.
 # COPYRIGHT
-Copyright 2020 OVHcloud
+Copyright 2023 OVHcloud
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-# :lock: CIS Debian 10/11 Hardening
+# :lock: CIS Debian 10/11/12 Hardening
 <p align="center">
@ -13,9 +13,12 @@
 ![License](https://img.shields.io/github/license/ovh/debian-cis)
 ---
-Modular Debian 10/11 security hardening scripts based on [cisecurity.org](https://www.cisecurity.org)
+Modular Debian 10/11/12 security hardening scripts based on [cisecurity.org](https://www.cisecurity.org)
 recommendations. We use it at [OVHcloud](https://www.ovhcloud.com) to harden our PCI-DSS infrastructure.
 NB : Although Debian 12 CIS Hardening guide is still in development, we do use this set of scripts
 in production at OVHcloud on Debian 12 Operating Systems.
 ```console
 $ bin/hardening.sh --audit-all
 [...]
@ -40,9 +43,11 @@ hardening [INFO] Treating /opt/cis-hardening/bin/hardening/6.2.19_check_duplicat
 ```console
 $ git clone https://github.com/ovh/debian-cis.git && cd debian-cis
 $ cp debian/default /etc/default/cis-hardening
-$ sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='$(pwd)'#" /etc/default/cis-hardening
+$ sed -i "s#CIS_LIB_DIR=.*#CIS_LIB_DIR='$(pwd)'/lib#" /etc/default/cis-hardening
-$ bin/hardening/1.1.1.1_disable_freevxfs.sh --audit-all
+$ sed -i "s#CIS_CHECKS_DIR=.*#CIS_CHECKS_DIR='$(pwd)'/bin/hardening#" /etc/default/cis-hardening
-hardening                 [INFO] Treating /opt/cis-hardening/bin/hardening/1.1.1.1_disable_freevxfs.sh
+$ sed -i "s#CIS_CONF_DIR=.*#CIS_CONF_DIR='$(pwd)'/etc#" /etc/default/cis-hardening
 $ sed -i "s#CIS_TMP_DIR=.*#CIS_TMP_DIR='$(pwd)'/tmp#" /etc/default/cis-hardening
 $ ./bin/hardening/1.1.1.1_disable_freevxfs.sh --audit
 1.1.1.1_disable_freevxfs  [INFO] Working on 1.1.1.1_disable_freevxfs
 1.1.1.1_disable_freevxfs  [INFO] [DESCRIPTION] Disable mounting of freevxfs filesystems.
 1.1.1.1_disable_freevxfs  [INFO] Checking Configuration
@ -241,6 +246,20 @@ built a secure environment. While we use it at OVHcloud to harden our PCI-DSS co
 infrastructure, we can not guarantee that it will work for you. It will not
 magically secure any random host.
 A word about numbering, implementation and sustainability over time of this repository:
 This project is born with the Debian 7 distribution in 2016. Over time, CIS Benchmark PDF
 has evolved, changing it's numbering, deleting obsolete checks.
 In order to keep retro-compatiblity with the last maintained Debian, the numbering
 has not been changed along with the PDF, because the configuration scripts are named after it.
 Changing the numbering might break automation for admins using it for years, and handling
 this issue without breaking anything would require a huge refactoring.
 As a consequence, please do not worry about numbering, the checks are there,
 but the numbering accross PDFs might differ.
 Please also note that all the check inside CIS Benchmark PDF might not be implemented
 in this set of scripts.
 We did choose the most relevant to us at OVHcloud, do not hesitate to make a
 Pull Request in order to add the missing script you might find relevant for you.
 Additionally, quoting the License:
 > THIS SOFTWARE IS PROVIDED BY OVH SAS AND CONTRIBUTORS ``AS IS'' AND ANY
@ -254,6 +273,7 @@ Additionally, quoting the License:
 > (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 > SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## :satellite: Reference
 - **Center for Internet Security**: https://www.cisecurity.org/
--- a/bin/hardening.sh
+++ b/bin/hardening.sh
@ -192,7 +192,7 @@ while [[ $# -gt 0 ]]; do
 done
 # if no RUN_MODE was passed, usage and quit
-if [ "$AUDIT" -eq 0 ] && [ "$AUDIT_ALL" -eq 0 ] && [ "$AUDIT_ALL_ENABLE_PASSED" -eq 0 ] && [ "$APPLY" -eq 0 ] && [ "$CREATE_CONFIG" -eq 0 ]; then
+if [ "$AUDIT" -eq 0 ] && [ "$AUDIT_ALL" -eq 0 ] && [ "$AUDIT_ALL_ENABLE_PASSED" -eq 0 ] && [ "$APPLY" -eq 0 ] && [ "$CREATE_CONFIG" -eq 0 ] && [ "$SET_HARDENING_LEVEL" -eq 0 ]; then
    usage
 fi
@ -201,21 +201,21 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ] || [ -z "${CIS_CONF_DIR}" ] || [ -z "${CIS_CHECKS_DIR}" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR, CIS_CONF_DIR, CIS_CHECKS_DIR variables, aborting."
    exit 128
 fi
 # shellcheck source=../etc/hardening.cfg
-[ -r "$CIS_ROOT_DIR"/etc/hardening.cfg ] && . "$CIS_ROOT_DIR"/etc/hardening.cfg
+[ -r "${CIS_CONF_DIR}"/hardening.cfg ] && . "${CIS_CONF_DIR}"/hardening.cfg
 if [ "$ASK_LOGLEVEL" ]; then LOGLEVEL=$ASK_LOGLEVEL; fi
 # shellcheck source=../lib/common.sh
-[ -r "$CIS_ROOT_DIR"/lib/common.sh ] && . "$CIS_ROOT_DIR"/lib/common.sh
+[ -r "${CIS_LIB_DIR}"/common.sh ] && . "${CIS_LIB_DIR}"/common.sh
 # shellcheck source=../lib/utils.sh
-[ -r "$CIS_ROOT_DIR"/lib/utils.sh ] && . "$CIS_ROOT_DIR"/lib/utils.sh
+[ -r "${CIS_LIB_DIR}"/utils.sh ] && . "${CIS_LIB_DIR}"/utils.sh
 # shellcheck source=../lib/constants.sh
-[ -r "$CIS_ROOT_DIR"/lib/constants.sh ] && . "$CIS_ROOT_DIR"/lib/constants.sh
+[ -r "${CIS_LIB_DIR}"/constants.sh ] && . "${CIS_LIB_DIR}"/constants.sh
 # If we're on a unsupported platform and there is no flag --allow-unsupported-distribution
 # print warning, otherwise quit
@ -257,7 +257,7 @@ fi
 # If --allow-service-list is specified, don't run anything, just list the supported services
 if [ "$ALLOW_SERVICE_LIST" = 1 ]; then
    declare -a HARDENING_EXCEPTIONS_LIST
-    for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do
+    for SCRIPT in $(find "${CIS_CHECKS_DIR}"/ -name "*.sh" | sort -V); do
        template=$(grep "^HARDENING_EXCEPTION=" "$SCRIPT" | cut -d= -f2)
        [ -n "$template" ] && HARDENING_EXCEPTIONS_LIST[${#HARDENING_EXCEPTIONS_LIST[@]}]="$template"
    done
@ -272,7 +272,7 @@ if [ -n "$SET_HARDENING_LEVEL" ] && [ "$SET_HARDENING_LEVEL" != 0 ]; then
        exit 1
    fi
-    for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do
+    for SCRIPT in $(find "${CIS_CHECKS_DIR}"/ -name "*.sh" | sort -V); do
        SCRIPT_BASENAME=$(basename "$SCRIPT" .sh)
        script_level=$(grep "^HARDENING_LEVEL=" "$SCRIPT" | cut -d= -f2)
        if [ -z "$script_level" ]; then
@ -281,7 +281,7 @@ if [ -n "$SET_HARDENING_LEVEL" ] && [ "$SET_HARDENING_LEVEL" != 0 ]; then
        fi
        wantedstatus=disabled
        [ "$script_level" -le "$SET_HARDENING_LEVEL" ] && wantedstatus=enabled
-        sed -i -re "s/^status=.+/status=$wantedstatus/" "$CIS_ROOT_DIR/etc/conf.d/$SCRIPT_BASENAME.cfg"
+        sed -i -re "s/^status=.+/status=$wantedstatus/" "${CIS_CONF_DIR}/conf.d/$SCRIPT_BASENAME.cfg"
    done
    echo "Configuration modified to enable scripts for hardening level at or below $SET_HARDENING_LEVEL"
    exit 0
@ -293,13 +293,13 @@ if [ "$CREATE_CONFIG" = 1 ] && [ "$EUID" -ne 0 ]; then
 fi
 # Parse every scripts and execute them in the required mode
-for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do
+for SCRIPT in $(find "${CIS_CHECKS_DIR}"/ -name "*.sh" | sort -V); do
    if [ "${#TEST_LIST[@]}" -gt 0 ]; then
        # --only X has been specified at least once, is this script in my list ?
        SCRIPT_PREFIX=$(grep -Eo '^[0-9.]+' <<<"$(basename "$SCRIPT")")
        # shellcheck disable=SC2001
        SCRIPT_PREFIX_RE=$(sed -e 's/\./\\./g' <<<"$SCRIPT_PREFIX")
-        if ! grep -qwE "(^| )$SCRIPT_PREFIX_RE" <<<"${TEST_LIST[@]}"; then
+        if ! grep -qE "(^|[[:space:]])$SCRIPT_PREFIX_RE([[:space:]]|$)" <<<"${TEST_LIST[@]}"; then
            # not in the list
            continue
        fi
@ -307,19 +307,19 @@ for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do
    info "Treating $SCRIPT"
    if [ "$CREATE_CONFIG" = 1 ]; then
-        debug "$CIS_ROOT_DIR/bin/hardening/$SCRIPT --create-config-files-only"
+        debug "$SCRIPT --create-config-files-only"
        LOGLEVEL=$LOGLEVEL "$SCRIPT" --create-config-files-only "$BATCH_MODE"
    elif [ "$AUDIT" = 1 ]; then
-        debug "$CIS_ROOT_DIR/bin/hardening/$SCRIPT --audit $SUDO_MODE $BATCH_MODE"
+        debug "$SCRIPT --audit $SUDO_MODE $BATCH_MODE"
        LOGLEVEL=$LOGLEVEL "$SCRIPT" --audit "$SUDO_MODE" "$BATCH_MODE"
    elif [ "$AUDIT_ALL" = 1 ]; then
-        debug "$CIS_ROOT_DIR/bin/hardening/$SCRIPT --audit-all $SUDO_MODE $BATCH_MODE"
+        debug "$SCRIPT --audit-all $SUDO_MODE $BATCH_MODE"
        LOGLEVEL=$LOGLEVEL "$SCRIPT" --audit-all "$SUDO_MODE" "$BATCH_MODE"
    elif [ "$AUDIT_ALL_ENABLE_PASSED" = 1 ]; then
-        debug "$CIS_ROOT_DIR/bin/hardening/$SCRIPT --audit-all $SUDO_MODE $BATCH_MODE"
+        debug "$SCRIPT --audit-all $SUDO_MODE $BATCH_MODE"
        LOGLEVEL=$LOGLEVEL "$SCRIPT" --audit-all "$SUDO_MODE" "$BATCH_MODE"
    elif [ "$APPLY" = 1 ]; then
-        debug "$CIS_ROOT_DIR/bin/hardening/$SCRIPT"
+        debug "$SCRIPT"
        LOGLEVEL=$LOGLEVEL "$SCRIPT"
    fi
@ -332,8 +332,8 @@ for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do
        PASSED_CHECKS=$((PASSED_CHECKS + 1))
        if [ "$AUDIT_ALL_ENABLE_PASSED" = 1 ]; then
            SCRIPT_BASENAME=$(basename "$SCRIPT" .sh)
-            sed -i -re 's/^status=.+/status=enabled/' "$CIS_ROOT_DIR/etc/conf.d/$SCRIPT_BASENAME.cfg"
+            sed -i -re 's/^status=.+/status=enabled/' "${CIS_CONF_DIR}/conf.d/$SCRIPT_BASENAME.cfg"
-            info "Status set to enabled in $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_BASENAME.cfg"
+            info "Status set to enabled in ${CIS_CONF_DIR}/conf.d/$SCRIPT_BASENAME.cfg"
        fi
        ;;
    1)
--- a/bin/hardening/1.1.1.1_disable_freevxfs.sh
+++ b/bin/hardening/1.1.1.1_disable_freevxfs.sh
@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.1.2_disable_jffs2.sh
+++ b/bin/hardening/1.1.1.2_disable_jffs2.sh
@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.1.3_disable_hfs.sh
+++ b/bin/hardening/1.1.1.3_disable_hfs.sh
@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.1.4_disable_hfsplus.sh
+++ b/bin/hardening/1.1.1.4_disable_hfsplus.sh
@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.1.5_disable_squashfs.sh
+++ b/bin/hardening/1.1.1.5_disable_squashfs.sh
@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.1.6_disable_udf.sh
+++ b/bin/hardening/1.1.1.6_disable_udf.sh
@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.1.7_restrict_fat.sh
+++ b/bin/hardening/1.1.1.7_restrict_fat.sh
@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.1.8_disable_cramfs.sh
+++ b/bin/hardening/1.1.1.8_disable_cramfs.sh
@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.10_var_tmp_noexec.sh
+++ b/bin/hardening/1.1.10_var_tmp_noexec.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.11.1_var_log_noexec.sh
+++ b/bin/hardening/1.1.11.1_var_log_noexec.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.11.2_var_log_nosuid.sh
+++ b/bin/hardening/1.1.11.2_var_log_nosuid.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.11.3_var_log_nodev.sh
+++ b/bin/hardening/1.1.11.3_var_log_nodev.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.11_var_log_partition.sh
+++ b/bin/hardening/1.1.11_var_log_partition.sh
@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.12.1_var_log_audit_noexec.sh
+++ b/bin/hardening/1.1.12.1_var_log_audit_noexec.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.12.2_var_log_audit_nosuid.sh
+++ b/bin/hardening/1.1.12.2_var_log_audit_nosuid.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.12.3_var_log_audit_nodev.sh
+++ b/bin/hardening/1.1.12.3_var_log_audit_nodev.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.12_var_log_audit_partition.sh
+++ b/bin/hardening/1.1.12_var_log_audit_partition.sh
@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.13_home_partition.sh
+++ b/bin/hardening/1.1.13_home_partition.sh
@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.14.1_home_nosuid.sh
+++ b/bin/hardening/1.1.14.1_home_nosuid.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.14_home_nodev.sh
+++ b/bin/hardening/1.1.14_home_nodev.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.15_run_shm_nodev.sh
+++ b/bin/hardening/1.1.15_run_shm_nodev.sh
@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.16_run_shm_nosuid.sh
+++ b/bin/hardening/1.1.16_run_shm_nosuid.sh
@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.17_run_shm_noexec.sh
+++ b/bin/hardening/1.1.17_run_shm_noexec.sh
@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.18_removable_device_nodev.sh
+++ b/bin/hardening/1.1.18_removable_device_nodev.sh
@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.19_removable_device_nosuid.sh
+++ b/bin/hardening/1.1.19_removable_device_nosuid.sh
@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.20_removable_device_noexec.sh
+++ b/bin/hardening/1.1.20_removable_device_noexec.sh
@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh
+++ b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh
@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.22_disable_automounting.sh
+++ b/bin/hardening/1.1.22_disable_automounting.sh
@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.23_disable_usb_storage.sh
+++ b/bin/hardening/1.1.23_disable_usb_storage.sh
@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.2_tmp_partition.sh
+++ b/bin/hardening/1.1.2_tmp_partition.sh
@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.3_tmp_nodev.sh
+++ b/bin/hardening/1.1.3_tmp_nodev.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.4_tmp_nosuid.sh
+++ b/bin/hardening/1.1.4_tmp_nosuid.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.5_tmp_noexec.sh
+++ b/bin/hardening/1.1.5_tmp_noexec.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.6.1_var_nodev.sh
+++ b/bin/hardening/1.1.6.1_var_nodev.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.6.2_var_nosuid.sh
+++ b/bin/hardening/1.1.6.2_var_nosuid.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.6_var_partition.sh
+++ b/bin/hardening/1.1.6_var_partition.sh
@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.7_var_tmp_partition.sh
+++ b/bin/hardening/1.1.7_var_tmp_partition.sh
@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.8_var_tmp_nodev.sh
+++ b/bin/hardening/1.1.8_var_tmp_nodev.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.1.9_var_tmp_nosuid.sh
+++ b/bin/hardening/1.1.9_var_tmp_nosuid.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.3.1_install_sudo.sh
+++ b/bin/hardening/1.3.1_install_sudo.sh
@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.3.2_pty_sudo.sh
+++ b/bin/hardening/1.3.2_pty_sudo.sh
@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.3.3_logfile_sudo.sh
+++ b/bin/hardening/1.3.3_logfile_sudo.sh
@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.4.1_install_tripwire.sh
+++ b/bin/hardening/1.4.1_install_tripwire.sh
@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.4.2_tripwire_cron.sh
+++ b/bin/hardening/1.4.2_tripwire_cron.sh
@ -68,17 +68,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.5.1_bootloader_ownership.sh
+++ b/bin/hardening/1.5.1_bootloader_ownership.sh
@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.5.2_bootloader_password.sh
+++ b/bin/hardening/1.5.2_bootloader_password.sh
@ -71,17 +71,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.5.3_root_password.sh
+++ b/bin/hardening/1.5.3_root_password.sh
@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.6.1_enable_nx_support.sh
+++ b/bin/hardening/1.6.1_enable_nx_support.sh
@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.6.2_enable_randomized_vm_placement.sh
+++ b/bin/hardening/1.6.2_enable_randomized_vm_placement.sh
@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.6.3.1_disable_apport.sh
+++ b/bin/hardening/1.6.3.1_disable_apport.sh
@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.6.3_disable_prelink.sh
+++ b/bin/hardening/1.6.3_disable_prelink.sh
@ -54,17 +54,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.6.4_restrict_core_dumps.sh
+++ b/bin/hardening/1.6.4_restrict_core_dumps.sh
@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.7.1.1_install_apparmor.sh
+++ b/bin/hardening/1.7.1.1_install_apparmor.sh
@ -54,17 +54,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.7.1.2_enable_apparmor.sh
+++ b/bin/hardening/1.7.1.2_enable_apparmor.sh
@ -118,17 +118,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh
+++ b/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh
@ -75,17 +75,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.7.1.4_enforcing_apparmor.sh
+++ b/bin/hardening/1.7.1.4_enforcing_apparmor.sh
@ -89,17 +89,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.8.1.1_remove_os_info_motd.sh
+++ b/bin/hardening/1.8.1.1_remove_os_info_motd.sh
@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.8.1.2_remove_os_info_issue.sh
+++ b/bin/hardening/1.8.1.2_remove_os_info_issue.sh
@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.8.1.3_remove_os_info_issue_net.sh
+++ b/bin/hardening/1.8.1.3_remove_os_info_issue_net.sh
@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.8.1.4_motd_perms.sh
+++ b/bin/hardening/1.8.1.4_motd_perms.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.8.1.5_etc_issue_perms.sh
+++ b/bin/hardening/1.8.1.5_etc_issue_perms.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.8.1.6_etc_issue_net_perms.sh
+++ b/bin/hardening/1.8.1.6_etc_issue_net_perms.sh
@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.8.2_graphical_warning_banners.sh
+++ b/bin/hardening/1.8.2_graphical_warning_banners.sh
@ -37,17 +37,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/1.9_install_updates.sh
+++ b/bin/hardening/1.9_install_updates.sh
@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.1.1_disable_xinetd.sh
+++ b/bin/hardening/2.1.1_disable_xinetd.sh
@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.1.2_disable_bsd_inetd.sh
+++ b/bin/hardening/2.1.2_disable_bsd_inetd.sh
@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.1.1_use_time_sync.sh
+++ b/bin/hardening/2.2.1.1_use_time_sync.sh
@ -17,7 +17,7 @@ HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Ensure time synchronization is in use"
-PACKAGES="ntp chrony"
+PACKAGES="systemd-timesyncd ntp chrony"
 # This function will be called if the script status is on enabled / audit mode
 audit() {
@ -49,17 +49,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh
+++ b/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh
@ -44,17 +44,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.1.3_configure_chrony.sh
+++ b/bin/hardening/2.2.1.3_configure_chrony.sh
@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.1.4_configure_ntp.sh
+++ b/bin/hardening/2.2.1.4_configure_ntp.sh
@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.10_disable_http_server.sh
+++ b/bin/hardening/2.2.10_disable_http_server.sh
@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.11_disable_imap_pop.sh
+++ b/bin/hardening/2.2.11_disable_imap_pop.sh
@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.12_disable_samba.sh
+++ b/bin/hardening/2.2.12_disable_samba.sh
@ -71,17 +71,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.13_disable_http_proxy.sh
+++ b/bin/hardening/2.2.13_disable_http_proxy.sh
@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.14_disable_snmp_server.sh
+++ b/bin/hardening/2.2.14_disable_snmp_server.sh
@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.15_mta_localhost.sh
+++ b/bin/hardening/2.2.15_mta_localhost.sh
@ -23,7 +23,7 @@ HARDENING_EXCEPTION=mail
 audit() {
    is_pkg_installed net-tools
    if [ "$FNRET" != 0 ]; then
-        warn "netsat not installed, cannot execute check"
+        warn "netstat not installed, cannot execute check"
        exit 2
    else
        info "Checking netport ports opened"
@ -47,7 +47,7 @@ audit() {
 apply() {
    is_pkg_installed net-tools
    if [ "$FNRET" != 0 ]; then
-        warn "netsat not installed, cannot execute check"
+        warn "netstat not installed, cannot execute check"
        exit 2
    else
        info "Checking netport ports opened"
@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.16_disable_rsync.sh
+++ b/bin/hardening/2.2.16_disable_rsync.sh
@ -68,17 +68,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.17_disable_nis.sh
+++ b/bin/hardening/2.2.17_disable_nis.sh
@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.2_disable_xwindow_system.sh
+++ b/bin/hardening/2.2.2_disable_xwindow_system.sh
@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.3_disable_avahi_server.sh
+++ b/bin/hardening/2.2.3_disable_avahi_server.sh
@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.4_disable_print_server.sh
+++ b/bin/hardening/2.2.4_disable_print_server.sh
@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.5_disable_dhcp.sh
+++ b/bin/hardening/2.2.5_disable_dhcp.sh
@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.6_disable_ldap.sh
+++ b/bin/hardening/2.2.6_disable_ldap.sh
@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.7_disable_nfs_rpc.sh
+++ b/bin/hardening/2.2.7_disable_nfs_rpc.sh
@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.8_disable_dns_server.sh
+++ b/bin/hardening/2.2.8_disable_dns_server.sh
@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.2.9_disable_ftp.sh
+++ b/bin/hardening/2.2.9_disable_ftp.sh
@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.3.1_disable_nis.sh
+++ b/bin/hardening/2.3.1_disable_nis.sh
@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.3.2_disable_rsh_client.sh
+++ b/bin/hardening/2.3.2_disable_rsh_client.sh
@ -56,17 +56,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.3.3_disable_talk_client.sh
+++ b/bin/hardening/2.3.3_disable_talk_client.sh
@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.3.4_disable_telnet_client.sh
+++ b/bin/hardening/2.3.4_disable_telnet_client.sh
@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/2.3.5_disable_ldap_client.sh
+++ b/bin/hardening/2.3.5_disable_ldap_client.sh
@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/bin/hardening/3.1.1_disable_ipv6.sh
+++ b/bin/hardening/3.1.1_disable_ipv6.sh
@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then
    # shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
-if [ -z "$CIS_ROOT_DIR" ]; then
+if [ -z "$CIS_LIB_DIR" ]; then
    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-    echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_LIB_DIR variable, aborting."
    exit 128
 fi
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
+if [ -r "${CIS_LIB_DIR}"/main.sh ]; then
    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . "${CIS_LIB_DIR}"/main.sh
 else
-    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening"
    exit 128
 fi
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
thibault.dewailly	a08b71adae	fix: allow set-hardening-level option usage Was broken since 2020, fixes #230	2024-02-01 14:57:33 +00:00
thibault.dewailly	a45aa40ce4	bump to 4.1.4	2024-01-18 09:16:00 +00:00
lgaida	730ab47437	allow multiple users in 5.2.18 (#228 ) * allow multiple exception users for 99.5.2.4 * move clean up part of previous commit * split clean up part of previous commit * add tests for multiple allowed and denied ssh users * fix script to correctly set multiple allowed and denied ssh users * add cleanup resolved check to 5.2.18 * apply shellfmt to 5.2.18 --------- Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2024-01-10 17:07:02 +01:00
lgaida	5313799193	Allow multiple exception users to be defined for 99.5.2.4_ssh_keys_from (#221 ) * allow multiple exception users for 99.5.2.4	2023-12-27 13:42:10 +01:00
GoldenKiwi	73616af4eb	Syslog-ng fixes and enhancements (#226 ) * syslog-ng : fix remote host test and enhance Regex fixes #124 * enh: add test for 4.2.1.6	2023-12-27 10:27:06 +01:00
GoldenKiwi	c391723fe5	fix: Allow --only option to be called multiple times (#225 ) --only option was affected with a grep bug since 2017. the regex was not able to parse more than the first passed argument. fixes #224	2023-12-26 17:08:53 +01:00
GoldenKiwi	71019a5512	fix: update Readme to clarify project usage (#223 ) fixes: #219	2023-12-26 09:57:15 +01:00
GoldenKiwi	fb4df82fc4	fix: typo in README. Update example of --audit usage (#222 ) fixes #220 fixes #217	2023-12-26 09:19:55 +01:00
thibault.dewailly	c75244e3b2	bump to 4.1.3	2023-11-28 10:34:12 +00:00
Stéphane Lesimple	de295b3a77	Adapt all scripts to yescrypt (#216 ) * Revert "fix: clean obsolete check 99.5.4.5.1, now handled by 5.3.4 (#215)" This reverts commit `670c8c62f5`. We still want to verify the preexisting hashes in /etc/shadow, even if the PAM configuration is correct for new passwords (5.3.4). * Adapt 5.3.4, 99.5.4.5.1 and 99.5.4.5.2 to yescrypt	2023-11-21 17:43:31 +01:00
dependabot[bot]	693487c3a5	build(deps): bump metcalfc/changelog-generator from 4.1.0 to 4.2.0 (#214 ) Bumps [metcalfc/changelog-generator](https://github.com/metcalfc/changelog-generator) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/metcalfc/changelog-generator/releases) - [Changelog](https://github.com/metcalfc/changelog-generator/blob/main/release-notes.png) - [Commits](https://github.com/metcalfc/changelog-generator/compare/v4.1.0...v4.2.0) --- updated-dependencies: - dependency-name: metcalfc/changelog-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2023-11-14 15:44:50 +01:00
GoldenKiwi	670c8c62f5	fix: clean obsolete check 99.5.4.5.1, now handled by 5.3.4 (#215 ) Fixes #209	2023-11-14 12:03:58 +01:00
GoldenKiwi	0eb2e2ffde	enh: remove ssh system sandbox check (#213 ) UsePrivilegeSeparation option is deprecated. Since the oldest supported Debian distribution is Buster (10), we can safely remove this check Fixes #212	2023-11-13 08:53:12 +01:00
dependabot[bot]	d6c334182e	build(deps): bump luizm/action-sh-checker from 0.7.0 to 0.8.0 (#210 ) Bumps [luizm/action-sh-checker](https://github.com/luizm/action-sh-checker) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/luizm/action-sh-checker/releases) - [Commits](https://github.com/luizm/action-sh-checker/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: luizm/action-sh-checker dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-10 15:05:25 +01:00
thibault.dewailly	2188577fc9	feat: advertise Debian 12 compatibility in readme	2023-10-02 13:34:09 +00:00
thibault.dewailly	0f59f73297	bump to 4.1.2	2023-10-02 13:17:31 +00:00
GoldenKiwi	f888ce0d39	fix: root_dir is still /opt/cis-hardening for the moment (#208 )	2023-10-02 14:50:52 +02:00
thibault.dewailly	f6aa306127	bump to 4.1.1	2023-09-29 14:38:52 +00:00
GoldenKiwi	ceea343ad9	fix: debian12 functional test pass is now mandatory (#207 )	2023-09-29 16:34:25 +02:00
GoldenKiwi	2e53dfb573	feat: Officialize Debian 12 support (#206 ) * feat: Officialize Debian 12 support Functional tests now pass CIS Benchmark PDF for Debian 12 is not out yet, but the hardening points checked are still relevant in Debian 12. OVHcloud is now using it in critical production, hence making it officially supported --------- Co-authored-by: ThibaultDewailly <ThibaultDewailly@users.noreply.github.com>	2023-09-29 16:20:34 +02:00
P-EB	08aff5d3fc	Update the README to reflect on changes made in PR#204 (#205 )	2023-09-29 09:21:40 +02:00
P-EB	32886d3a3d	Replace CIS_ROOT_DIR by a more flexible system (#204 ) * Replace CIS_ROOT_DIR by a more flexible system * Try to adapt the logic change to the functional tests	2023-09-25 14:24:01 +02:00
GoldenKiwi	5370ec2ef6	feat: add nftables to firewall software allow list (#203 ) * feat: add nftables to firewall software allow list fixes #191 * fix: enhance 3.5.4.1.1_net_fw_default_policy_drop.sh iptables output check, disable associated test	2023-09-07 14:36:08 +02:00
dependabot[bot]	9d3fb18e6b	build(deps): bump actions/checkout from 3 to 4 (#202 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-05 17:07:12 +02:00
GoldenKiwi	6e79fcd00a	fix: correct debian version check on 5.2.15 configuration generation (#199 ) fixes #196	2023-09-01 08:34:28 +02:00
GoldenKiwi	27edec6d5f	fix: chore, debug logs print correctly now (#197 )	2023-08-31 14:40:27 +02:00
GoldenKiwi	f2cc14c383	fix: chore debian manual update (#198 ) * fix: chore debian manual update fixes #182 * Regenerate man pages (Github action) --------- Co-authored-by: ThibaultDewailly <ThibaultDewailly@users.noreply.github.com>	2023-08-31 14:34:59 +02:00
dependabot[bot]	46377fc255	build(deps): bump dev-drprasad/delete-tag-and-release (#184 ) Bumps [dev-drprasad/delete-tag-and-release](https://github.com/dev-drprasad/delete-tag-and-release) from 0.2.1 to 1.0.1. - [Release notes](https://github.com/dev-drprasad/delete-tag-and-release/releases) - [Commits](https://github.com/dev-drprasad/delete-tag-and-release/compare/v0.2.1...v1.0.1) --- updated-dependencies: - dependency-name: dev-drprasad/delete-tag-and-release dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2023-08-30 10:32:29 +02:00
Joseph	a468b29036	fix: added `systemd-timesyncd` to use_time_sync script (#189 ) (#190 ) Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2023-08-30 10:28:03 +02:00
JugeHuge	db9ff8a7fd	Update warn messages on 2.2.15_mta_localhost.sh (#193 ) warn messages had typo netsat as it should be netstat	2023-08-30 10:23:27 +02:00
Stéphane Lesimple	6135c3d0e5	fix: enhance test 99.1.3 speed for large /etc/sudoers.d folders (#188 ) Signed-off-by: Stephane Lesimple <stephane.lesimple@corp.ovh.com>	2023-07-18 17:28:35 +02:00
Tarik Megzari	a6ad528087	feat: Add experimental debian12 functionnal tests (#187 ) Signed-off-by: Tarik Megzari <tarik.megzari@ovhcloud.com> Co-authored-by: Tarik Megzari <tarik.megzari@ovhcloud.com>	2023-07-10 10:52:17 +02:00