fix: invalid behavior on sid/alternative in 5.3.4/99.5.4.5.1

ovh · Feb 28, 2024 · b9d625b · b9d625b
1 parent 43fc23e
commit b9d625b
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/bin/hardening/5.3.4_acc_pam_sha512.sh b/bin/hardening/5.3.4_acc_pam_sha512.sh
@@ -67,7 +67,7 @@ check_config() {
 # We need to call this in the subs called by main.sh when it is sourced, otherwise it would
 # either be too soon (DEB_MAJ_VER not defined) or too late (test has already been run)
 _set_vars_jit() {
-    if [ "$DEB_MAJ_VER" -ge "11" ]; then
+    if [ "$DEB_MAJ_VER" = "sid" ] || [ "$DEB_MAJ_VER" -ge "11" ]; then
         CONF_LINE="^\s*password\s.+\s+pam_unix\.so\s+.*(sha512|yescrypt)" # https://github.com/ovh/debian-cis/issues/158
     else
         CONF_LINE="^\s*password\s.+\s+pam_unix\.so\s+.*sha512"

diff --git a/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh b/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh
@@ -63,7 +63,7 @@ check_config() {
 # We need to call this in the subs called by main.sh when it is sourced, otherwise it would
 # either be too soon (DEB_MAJ_VER not defined) or too late (test has already been run)
 _set_vars_jit() {
-    if [ "$DEB_MAJ_VER" -ge "11" ]; then
+    if [ "$DEB_MAJ_VER" = "sid" ] || [ "$DEB_MAJ_VER" -ge "11" ]; then
         CONF_LINE_REGEX="ENCRYPT_METHOD (SHA512|yescrypt|YESCRYPT)"
         CONF_LINE="ENCRYPT_METHOD YESCRYPT"
     else