Debian 9 文件系统 CIS-CAT 强化问题

我正在执行 CIS-CAT 扫描，我对扫描仪设计不良的结果提出质疑。现在我正在运行 Debian 9，扫描仪并未正式支持该操作系统，但我可以让它运行，并且我已经实现了 95% 的要求，并且可以使用以下命令成功扫描：

sudo ./CIS-CAT.sh -f -D ignore.platform.mismatch=true -D include.csv.remediation=true -csv

/bin 具有 drwxr-x--x 的权限，他们希望我删除其他人的执行权限，但是如果我"chmod o-x /bin"作为普通用户无法执行标准命令，那么"ls" 是否有其他方法可以解决此问题？

Same thing with the following:
/dev
/var/cache/man
/run/systemd
/run/dbus
/run/sshd

具有 drwxr-xr-x 权限。CIS-CAT 希望我删除其他读取和执行权限，但其权限在重启时会被重置。

扫描结果如下：

File:   /usr/sbin
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    false
the file's Other Execute to be set to false false
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /bin
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    false
the file's Other Execute to be set to false true
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /dev
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    true
the file's Other Execute to be set to false true
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /usr/games
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    false
the file's Other Execute to be set to false false
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /var/cache/man
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    true
the file's Other Execute to be set to false true
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /var/spool/lpd
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /var/mail
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    false
the file's Other Execute to be set to false false
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /var/spool/news
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /var/spool/uucp
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /bin
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    false
the file's Other Execute to be set to false true
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /var/www
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /var/backups
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    false
the file's Other Execute to be set to false false
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /var/list
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /run/ircd
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /var/lib/gnats
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /nonexistent
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /run/systemd
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    true
the file's Other Execute to be set to false true
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /run/systemd/netif
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    true
the file's Other Execute to be set to false true
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /run/systemd/resolve
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /run/systemd
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    true
the file's Other Execute to be set to false true
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /nonexistent
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /var/spool/exim4
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    false
the file's Other Execute to be set to false false
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /run/dbus
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    true
the file's Other Execute to be set to false true
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /run/sshd
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    true
the file's Other Execute to be set to false true
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /home/UserName
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    false
the file's Other Execute to be set to false false
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false
File:   /nonexistent
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /home/ntp
CIS-CAT expected any number of matching file items to be collected, and found 0 items.
File:   /home/esets
CIS-CAT Expected... CIS-CAT Collected...
the file's Other Read to be set to false    false
the file's Other Execute to be set to false false
the file's Other Write to be set to false   false
the file's Group Write to be set to false   false