V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-13 19:51:43 +01:00
parent f222665cad
commit ad4c56fdb5
24 changed files with 52 additions and 137 deletions
--- a/func/cdi_1000_helper/1080_helper_chroot.sh
+++ b/func/cdi_1000_helper/1080_helper_chroot.sh
@@ -136,7 +136,11 @@ chroot_script() {
    if [[ "${VAR_CHROOT_DEBUG}" == "true" ]]; then
-      if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then dump_vars_exiting; fi
+      if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then\
        dump_vars_exiting
      fi
      case "${VAR_IN_DIALOG_WR}" in
        box   ) dialog_box_cleaner   ;;
@@ -230,7 +234,11 @@ chroot_stdin() {
    if [[ "${VAR_CHROOT_DEBUG}" == "true" ]]; then
-      if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then dump_vars_exiting; fi
+      if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then
        dump_vars_exiting
      fi
      case "${VAR_IN_DIALOG_WR}" in
        box   ) dialog_box_cleaner   ;;
--- a/func/cdi_4100_base/4110_update_sources.sh
+++ b/func/cdi_4100_base/4110_update_sources.sh
@@ -41,8 +41,6 @@ update_sources() {
  # shellcheck disable=SC2312
  chroot_script "${var_target}" "
    apt-get update 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  do_log "info" "file_only" "4110() Sources lists: updated successfully."
@@ -53,8 +51,6 @@ update_sources() {
    chroot_script "${var_target}" "
      export INITRD=No
      apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
      RC=( \${PIPESTATUS[@]} )
      echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
    "
    do_log "info" "file_only" "4110() The update policy was set at installation time to: '${apt_updates_policy}'."
@@ -63,8 +59,6 @@ update_sources() {
    chroot_script "${var_target}" "
      export INITRD=No
      apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
      RC=( \${PIPESTATUS[@]} )
      echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
    "
    # shellcheck disable=SC2016
--- a/func/cdi_4100_base/4140_installation_microcode.sh
+++ b/func/cdi_4100_base/4140_installation_microcode.sh
@@ -57,8 +57,6 @@ installation_microcode() {
      chroot_script "${TARGET}" "
        export INITRD=No
        apt-get install -y --no-install-recommends --no-install-suggests ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
        RC=( \${PIPESTATUS[@]} )
        echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
      "
    else
@@ -66,8 +64,6 @@ installation_microcode() {
      chroot_script "${TARGET}" "
        export INITRD=No
        apt-get install -y --no-install-recommends --no-install-suggests --only-upgrade ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
        RC=( \${PIPESTATUS[@]} )
        echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
      "
    fi
--- a/func/cdi_4100_base/4145_installation_firmware.sh
+++ b/func/cdi_4100_base/4145_installation_firmware.sh
@@ -295,8 +295,6 @@ installation_firmware() {
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-recommends --no-install-suggests ${ary_pkgs_resolved[*]} 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  guard_dir && return 0
--- a/func/cdi_4100_base/4150_installation_chrony.sh
+++ b/func/cdi_4100_base/4150_installation_chrony.sh
@@ -50,8 +50,6 @@ installation_chrony() {
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-recommends --no-install-suggests chrony 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  if [[ ! -e "${TARGET}/etc/systemd/system/multi-user.target.wants/chrony.service" ]]; then
@@ -72,8 +70,6 @@ installation_chrony() {
  do_log "debug" "file_only" "4150() Executing: [chroot_script ${TARGET} chronyd -Q -f /etc/chrony/chrony.conf]."
  chroot_script "${TARGET}" "
    chronyd -Q -f /etc/chrony/chrony.conf 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  do_log "info" "file_only" "4150() Chrony NTPsec client installed."
--- a/func/cdi_4100_base/4160_installation_eza.sh
+++ b/func/cdi_4100_base/4160_installation_eza.sh
@@ -51,8 +51,6 @@ EOF
    export INITRD=No
    apt-get update
    apt-get install -y --no-install-recommends --no-install-suggests eza 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  guard_dir && return 0
--- a/func/cdi_4100_base/4170_installation_lynis.sh
+++ b/func/cdi_4100_base/4170_installation_lynis.sh
@@ -51,8 +51,6 @@ EOF
    export INITRD=No
    apt-get update
    apt-get install -y --no-install-recommends --no-install-suggests lynis 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  guard_dir && return 0
--- a/func/cdi_4200_boot/4220_installation_cryptsetup.sh
+++ b/func/cdi_4200_boot/4220_installation_cryptsetup.sh
@@ -30,12 +30,14 @@ installation_cryptsetup() {
  chroot_logger "${TARGET}${var_logfile}"
-  chroot_script "${TARGET}" '
+  chroot_script "${TARGET}" "
    export INITRD=No
-    apt-get install -y --no-install-recommends --no-install-suggests cryptsetup cryptsetup-initramfs 2>&1 | tee -a '"${var_logfile}"'
+    apt-get install -y --no-install-recommends --no-install-suggests cryptsetup cryptsetup-initramfs 2>&1 | tee -a ${var_logfile}
-    echo ExitCode: $? >> '"${var_logfile}"'
+  "
  '
  guard_dir && return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f installation_cryptsetup
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/func/cdi_4200_boot/4230_installation_grub.sh
+++ b/func/cdi_4200_boot/4230_installation_grub.sh
@@ -79,8 +79,6 @@ installation_grub() {
          chroot_script "${TARGET}" "
            export INITRD=No
            apt-get install -y --no-install-recommends grub2-common grub-efi-amd64 grub-efi-amd64-bin 2>&1 | tee -a ${var_logfile}
            RC=( \${PIPESTATUS[@]} )
            echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
          "
          ;;
@@ -88,8 +86,6 @@ installation_grub() {
          chroot_script "${TARGET}" "
            export INITRD=No
            apt-get install -y --no-install-recommends grub2-common grub-efi-arm64 grub-efi-arm64-bin 2>&1 | tee -a ${var_logfile}
            RC=( \${PIPESTATUS[@]} )
            echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
          "
          ;;
@@ -104,8 +100,6 @@ installation_grub() {
      chroot_script "${TARGET}" "
        export INITRD=No
        apt-get install -y --no-install-recommends grub2-common grub-pc grub-pc-bin 2>&1 | tee -a ${var_logfile}
        RC=( \${PIPESTATUS[@]} )
        echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
      "
    fi
--- a/func/cdi_4300_network/4300_installation_network.sh
+++ b/func/cdi_4300_network/4300_installation_network.sh
@@ -46,22 +46,16 @@ installation_network() {
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get purge -y dhcpcd isc-dhcp-client 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-suggests dhcpcd-base ifupdown 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  chroot_script "${TARGET}" "
    export INITRD=No
    systemctl disable systemd-networkd NetworkManager 2>/dev/null | tee -a ${var_logfile} || true
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  mkdir -p "${TARGET}/etc/network/interfaces.d"
@@ -233,8 +227,6 @@ EOF
  ### Check dhcpcd connectivity.
  chroot_script "${TARGET}" "
    dhcpcd -T ${VAR_FINAL_NIC} | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  guard_dir && return 0
--- a/func/cdi_4300_network/4305_installation_netsec.sh
+++ b/func/cdi_4300_network/4305_installation_netsec.sh
@@ -30,8 +30,6 @@ installation_netsec() {
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-suggests fail2ban ufw 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  guard_dir && return 0
--- a/func/cdi_4300_network/4311_dropbear_initramfs.sh
+++ b/func/cdi_4300_network/4311_dropbear_initramfs.sh
@@ -29,29 +29,25 @@ dropbear_initramfs() {
  chroot_logger "${TARGET}${var_logfile}"
-  chroot_script "${TARGET}" '
+  chroot_script "${TARGET}" "
    export INITRD=No
-    apt-get install -y --no-install-recommends --no-install-suggests dropbear-initramfs dropbear-bin 2>&1 | tee -a '"${var_logfile}"'
+    apt-get install -y --no-install-recommends --no-install-suggests dropbear-initramfs dropbear-bin 2>&1 | tee -a ${var_logfile}
-    echo ExitCode: $? >> '"${var_logfile}"'
+  "
  '
-  chroot_script "${TARGET}" '
+  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get purge -y dropbear dropbear-run || true
-    echo ExitCode: $? >> '"${var_logfile}"'
+  "
  '
-  chroot_script "${TARGET}" '
+  chroot_script "${TARGET}" "
    export INITRD=No
-    apt-get install -y --no-install-recommends --no-install-suggests gpgv 2>&1 | tee -a '"${var_logfile}"'
+    apt-get install -y --no-install-recommends --no-install-suggests gpgv 2>&1 | tee -a ${var_logfile}
-    echo ExitCode: $? >> '"${var_logfile}"'
+  "
  '
-  chroot_script "${TARGET}" '
+  chroot_script "${TARGET}" "
    export INITRD=No
-    apt-mark hold dropbear dropbear-initramfs 2>&1 | tee -a '"${var_logfile}"'
+    apt-mark hold dropbear dropbear-initramfs 2>&1 | tee -a ${var_logfile}
-    echo ExitCode: $? >> '"${var_logfile}"'
+  "
  '
  mv "${TARGET}/usr/sbin/dropbear" "${TARGET}/usr/sbin/dropbear.trixie"
  install -D -m 0755 -o root -g root "${DIR_TMP}/build/dropbear-2025.88/dropbear" "${TARGET}/usr/sbin/"
@@ -59,9 +55,11 @@ dropbear_initramfs() {
  for var_file in dbclient dropbearconvert dropbearkey; do
    mv "${TARGET}/usr/bin/${var_file}" "${TARGET}/usr/bin/${var_file}.trixie"
    install -D -m 0755 -o root -g root "${DIR_TMP}/build/dropbear-2025.88/${var_file}" "${TARGET}/usr/bin/"
    do_log "debug" "file_only" "4311() Installation [${var_file}] successful."
  done
--- a/func/cdi_4300_network/4312_dropbear_setup.sh
+++ b/func/cdi_4300_network/4312_dropbear_setup.sh
@@ -39,7 +39,7 @@ guard_sourcing
 #######################################
 dropbear_setup() {
  ### Declare Arrays, HashMaps, and Variables.
-  declare     network_static_ipv4ntpserver_0="192.53.103.108" \
+  declare -r  network_static_ipv4ntpserver_0="192.53.103.108" \
              var_force_command_string='command="/usr/local/bin/unlock_wrapper.sh",no-agent-forwarding,no-port-forwarding,no-X11-forwarding '
  ### Prepare strong dropbear host keys.
--- a/func/cdi_4300_network/4320_update_initramfs.sh
+++ b/func/cdi_4300_network/4320_update_initramfs.sh
@@ -32,21 +32,15 @@ update_initramfs() {
  chroot_script "${TARGET}" "
    update-grub 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  chroot_script "${TARGET}" "
    depmod -a ${var_kernel} 2>&1 | tee -a ${var_logfile}
    update-initramfs -c -v -k all 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  chroot_script "${TARGET}" "
    update-grub 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  chmod 0400 "${TARGET}/boot/grub/grub.cfg"
--- a/func/cdi_4300_network/4330_installation_ssh.sh
+++ b/func/cdi_4300_network/4330_installation_ssh.sh
@@ -39,18 +39,6 @@ installation_ssh() {
  mkdir -p "${TARGET}/etc/systemd/system/ssh.service.d"
  cat << EOF >| "${TARGET}/etc/systemd/system/ssh.service.d/override.conf"
 [Unit]
 After=network-online.target
 Wants=network-online.target
 [Service]
 ### If anything named 'dropbear' survived, kill it before binding.
 ExecStartPre=/usr/bin/pkill -x dropbear || :
 Restart=on-failure
 RestartSec=3s
 EOF
  install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/banner" "${TARGET}/etc/"
  install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/motd" "${TARGET}/etc/"
  do_log "info" "file_only" "4420() Installed SSH '/etc/banner' and '/etc/motd'."
--- a/func/cdi_4400_hardening/4480_hardening_usb.sh
+++ b/func/cdi_4400_hardening/4480_hardening_usb.sh
@@ -31,8 +31,6 @@ hardening_usb() {
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-recommends --no-install-suggests usbguard 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
    touch /tmp/rules.conf
    usbguard generate-policy >| /tmp/rules.conf
--- a/func/cdi_4400_hardening/4490_hardening_virus.sh
+++ b/func/cdi_4400_hardening/4490_hardening_virus.sh
@@ -30,8 +30,6 @@ hardening_virus() {
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-recommends --no-install-suggests rkhunter 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  guard_dir && return 0
--- a/func/cdi_4500_user/4500_accounts_preparation.sh
+++ b/func/cdi_4500_user/4500_accounts_preparation.sh
@@ -31,8 +31,6 @@ accounts_preparation() {
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-recommends --no-install-suggests bash-completion fzf 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  mkdir -p "${TARGET}/etc/skel/.ciss"
--- a/func/cdi_4500_user/4510_accounts_hardening.sh
+++ b/func/cdi_4500_user/4510_accounts_hardening.sh
@@ -34,8 +34,6 @@ accounts_hardening() {
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-recommends --no-install-suggests ${ary_security_pkgs[*]} 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  ### Preparing 2fa hardening.
--- a/func/cdi_4500_user/4520_accounts_setup.sh
+++ b/func/cdi_4500_user/4520_accounts_setup.sh
@@ -1348,7 +1348,6 @@ EOF
  chmod 0444 "${var_target}/etc/ciss/ssh_totp.prompt"
  do_log "info" "file_only" "4520() Written: [/etc/ciss/ssh_totp.prompt]."
  return 0
 }
--- a/func/cdi_4600_packages/4600_installation_packages.sh
+++ b/func/cdi_4600_packages/4600_installation_packages.sh
@@ -31,39 +31,21 @@ installation_packages() {
  if [[ "${VAR_APT_FULL_UPGRADE}" == "true" ]]; then
    chroot_script "${TARGET}" "
      export INITRD=No
-
+      apt-get update  -qq 2>&1 | tee -a ${var_logfile}
-      apt-get update        2>&1 | tee -a ${var_logfile}
+      apt-get upgrade -y  2>&1 | tee -a ${var_logfile}
      RC=( \${PIPESTATUS[@]} )
      echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
      apt-get upgrade    -y 2>&1 | tee -a ${var_logfile}
      RC=( \${PIPESTATUS[@]} )
      echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
    "
  fi
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-recommends --no-install-suggests ${ARY_PACKAGES[*]} 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get autoclean  -y 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
    apt-get autopurge  -y 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
    apt-get autoremove -y 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  guard_dir && return 0
--- a/func/cdi_4600_packages/4610_installation_security.sh
+++ b/func/cdi_4600_packages/4610_installation_security.sh
@@ -39,8 +39,6 @@ installation_security() {
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-recommends --no-install-suggests ${ary_fw[*]} 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
    if [[ ${VAR_SEC_FW} == apparmor ]]; then
      systemctl enable apparmor 2>&1 | tee -a ${var_logfile} || true
--- a/func/cdi_4600_packages/4620_installation_verification.sh
+++ b/func/cdi_4600_packages/4620_installation_verification.sh
@@ -34,8 +34,6 @@ install_verification() {
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-recommends --no-install-suggests auditd 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  rm -f "${TARGET}/etc/audit/rules.d/audit.rules"
@@ -340,8 +338,6 @@ EOF
  chroot_script "${TARGET}" "
    systemctl enable auditd.service 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  ### Validate and build audit rules now; fail early if syntax is wrong.
@@ -349,8 +345,6 @@ EOF
    if command -v augenrules >/dev/null 2>&1; then
      augenrules --load 2>&1 | tee -a ${var_logfile}
      RC=( \${PIPESTATUS[@]} )
      echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
    else
@@ -367,8 +361,7 @@ EOF
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-recommends --no-install-suggests aide aide-common 2>&1 | tee -a ${var_logfile}
-    RC=( \${PIPESTATUS[@]} )
+
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
    sed -i 's/Checksums = H/Checksums = sha512/' /etc/aide/aide.conf
    aideinit > /dev/null 2>> ${var_logfile}
  "
@@ -376,8 +369,7 @@ EOF
  chroot_script "${TARGET}" "
    export INITRD=No
    apt-get install -y --no-install-recommends --no-install-suggests debsums 2>&1 | tee -a ${var_logfile}
-    RC=( \${PIPESTATUS[@]} )
+
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
    if ! debsums -g >> ${var_logfile} 2>> ${var_logfile}; then
      printf 'Running debsums -g - encountered errors.' >> ${var_logfile}
    fi
@@ -385,8 +377,6 @@ EOF
  chroot_script "${TARGET}" "
    rkhunter --propupd 2>&1 | tee -a ${var_logfile}
    RC=( \${PIPESTATUS[@]} )
    echo ExitCode of PIPESTATUS[0]: \${RC[0]} >> ${var_logfile}
  "
  guard_dir && return 0
--- a/func/cdi_4600_packages/4630_auditing_packages.sh
+++ b/func/cdi_4600_packages/4630_auditing_packages.sh
@@ -29,70 +29,70 @@ auditing_packages() {
  chroot_script "${TARGET}" "
    if ! dpkg --audit 2>&1 | tee -a ${var_logfile}; then
-      echo \"[dpkg --audit] failed with ExitCode: \$? \" >> ${var_logfile}
+      echo \"[dpkg --audit] failed.\" >> ${var_logfile}
    else
-      echo \"[dpkg --audit]  ExitCode: \$? \" >> ${var_logfile}
+      echo \"[dpkg --audit] successful.\" >> ${var_logfile}
    fi
    echo +++ >> ${var_logfile}
    if ! apt-get check 2>&1 | tee -a ${var_logfile}; then
-      echo \"[apt-get check] failed with ExitCode: \$? \" >> ${var_logfile}
+      echo \"[apt-get check] failed.\" >> ${var_logfile}
    else
-      echo \"[apt-get check] ExitCode: \$? \" >> ${var_logfile}
+      echo \"[apt-get check] successful.\" >> ${var_logfile}
    fi
    echo +++ >> ${var_logfile}
    ### Only log anomalies from dpkg -V (no output == OK)
    if ! dpkg -V 2>&1 | tee -a ${var_logfile}; then
-      echo \"[dpkg -V] failed with ExitCode: \$? \" >> ${var_logfile}
+      echo \"[dpkg -V] failed.\" >> ${var_logfile}
    else
-      echo \"[dpkg -V] ExitCode: \$? \" >> ${var_logfile}
+      echo \"[dpkg -V] successful.\" >> ${var_logfile}
    fi
    echo +++ >> ${var_logfile}
    ### Simulations (no changes)
    if ! apt-get -s autoremove --purge 2>&1 | tee -a ${var_logfile}; then
-      echo \"[apt-get -s autoremove --purge] failed with ExitCode: \$? \" >> ${var_logfile}
+      echo \"[apt-get -s autoremove --purge] failed.\" >> ${var_logfile}
    else
-      echo \"[apt-get -s autoremove --purge] ExitCode: \$? \" >> ${var_logfile}
+      echo \"[apt-get -s autoremove --purge] successful.\" >> ${var_logfile}
    fi
    echo +++ >> ${var_logfile}
    ### Residual configs & holds
    if ! apt-mark showhold 2>&1 | tee -a ${var_logfile}; then
-      echo \"[apt-mark showhold] failed with ExitCode: \$? \" >> ${var_logfile}
+      echo \"[apt-mark showhold] failed.\" >> ${var_logfile}
    else
-      echo \"[apt-mark showhold] ExitCode: \$? \" >> ${var_logfile}
+      echo \"[apt-mark showhold] successful.\" >> ${var_logfile}
    fi
    echo +++ >> ${var_logfile}
    ### Apt pinning
    if ! grep -R . /etc/apt/preferences.d/ 2>&1 | tee -a ${var_logfile}; then
-      echo \"[grep -R . /etc/apt/preferences.d/] failed with ExitCode: \$? \" >> ${var_logfile}
+      echo \"[grep -R . /etc/apt/preferences.d/] failed.\" >> ${var_logfile}
    else
-      echo \"[grep -R . /etc/apt/preferences.d/] ExitCode: \$? \" >> ${var_logfile}
+      echo \"[grep -R . /etc/apt/preferences.d/] successful.\" >> ${var_logfile}
    fi
    echo +++ >> ${var_logfile}
    ### Diversions, statoverrides, alternatives
    if ! dpkg-divert --list 2>&1 | tee -a ${var_logfile}; then
-      echo \"[dpkg-divert --list] failed with ExitCode: \$? \" >> ${var_logfile}
+      echo \"[dpkg-divert --list] failed.\" >> ${var_logfile}
    else
-      echo \"[dpkg-divert --list] ExitCode: \$? \" >> ${var_logfile}
+      echo \"[dpkg-divert --list] successful.\" >> ${var_logfile}
    fi
    echo +++ >> ${var_logfile}
    if ! dpkg-statoverride --list 2>&1 | tee -a ${var_logfile}; then
-      echo \"[dpkg-statoverride --list] failed with ExitCode: \$? \" >> ${var_logfile}
+      echo \"[dpkg-statoverride --list] failed.\" >> ${var_logfile}
    else
-      echo \"[dpkg-statoverride --list] ExitCode: \$? \" >> ${var_logfile}
+      echo \"[dpkg-statoverride --list] successful.\" >> ${var_logfile}
    fi
    echo +++ >> ${var_logfile}
    if ! update-alternatives --get-selections 2>&1 | tee -a ${var_logfile}; then
-      echo \"[update-alternatives --get-selections] failed with ExitCode: \$? \" >> ${var_logfile}
+      echo \"[update-alternatives --get-selections] failed.\" >> ${var_logfile}
    else
-      echo \"[update-alternatives --get-selections] ExitCode: \$? \" >> ${var_logfile}
+      echo \"[update-alternatives --get-selections] successful.\" >> ${var_logfile}
    fi
    echo +++ >> ${var_logfile}
  "