Skip to content

Debian 12 (Bookworm) Walkthrough

Vagrant VM: debian12 | Box: debian/bookworm64 | IP: 192.168.56.12 | Family: Debian

Supported Tools

Tool Status Notes
OpenSCAP ✅ Supported Packages: openscap-utils, ssg-debderived, ssg-debian
Lynis ✅ Supported Package: lynis
USG ❌ Not available Ubuntu-only tool
CIS-CAT Lite ✅ Supported Downloaded from CIS Workbench

VM Setup

cd cis_hardening_tool
vagrant up debian12
vagrant ssh debian12

Running the Tool

sudo cis-hardening-tool --version
sudo cis-hardening-tool doctor
sudo cis-hardening-tool tools install --yes
sudo cis-hardening-tool scan --tools lynis,openscap --non-interactive --export pdf --output /tmp/debian12_report.pdf

Platform-Specific Notes

  • OpenSCAP: Uses openscap-utils (not openscap-scanner) on Debian 12
  • SSG Content: /usr/share/xml/scap/ssg/content/ssg-debian12-ds.xml
  • USG: Automatically skipped (Ubuntu-only distribution requirement)
  • Debian 11 vs 12: OpenSCAP is unavailable on Debian 11, but supported on Debian 12
  • Python: Ships with Python 3.11

Capturing Screenshots

VBoxManage controlvm "$(cat .vagrant/machines/debian12/virtualbox/id)" screenshotpng walkthroughs/platforms/debian/screenshots/debian12_console.png