-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Debian11 #29
Debian11 #29
Conversation
thibaultserti
commented
Jan 21, 2021
- Add debian11 dockerfile
- Add debian11 workflow
- Fix small things to make checks pass on debian11
- fix [[: bullseye/sid: division by 0 (error token is "sid") #26
This may be a good idea to tell the user that they're running the script in a non-officially supported Debian version, as in "there's no official PDF for this version so we'll do our best to show you results that are not entirely stupid, but please take those with a grain of salt". Same stuff if somebody has the idea to run it under Ubuntu or any other Debian derivative. Most tests will still work, but might give a false sense of security because e.g. we're looking for a package that has a different name under Ubuntu, or because defaults under Ubuntu are different so more stuff should be looked after to be disabled etc. In other words, 100% compliance under Ubuntu (or any other non-Debian-9-10 distro) does NOT mean that the system is properly hardened.
... and maybe other ways :) |
5e5b645
to
325b9e5
Compare
|
6fe6f7b
to
160ef78
Compare
|
7c25029
to
44d3a73
Compare
2df4218
to
83e5972
Compare
aefdb96
to
742cfad
Compare
lib/constants.sh
Outdated
get_debian_major_version | ||
|
||
# shellcheck disable=SC2034 | ||
SMALLEST_SUPPORTED_DEBIAN_VERSION="$(cat "$CIS_ROOT_DIR"/debian/compat)" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are you sure about this ? can we find this information once the packet is deployed in production ? :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
indeed I thought it was a great idea but it's stupid because it's not present in the deb package ...