sort -d

https://github.com/Kicksecure/security-misc/issues/190
2024-10-01 08:25:45 -04:00 · 2024-01-17 13:49:05 -05:00 · 2024-01-17 13:49:05 -05:00 · 071b984a1e
commit 071b984a1e
parent 011e55e3e5
1 changed files with 15 additions and 26 deletions
--- a/etc/permission-hardener.d/30_default.conf
+++ b/etc/permission-hardener.d/30_default.conf
@ -91,34 +91,23 @@
 ##
 ## Remove all SUID/SGID binaries/libraries.

-/usr/local/bin/ nosuid
-
-/usr/bin/ nosuid
-/usr/local/usr/bin/ nosuid
-
-/usr/local/sbin/ nosuid
-
-/usr/sbin/ nosuid
-/usr/local/usr/sbin/ nosuid
-
-/usr/local/lib/ nosuid
-
-/usr/local/lib32/ nosuid
-
-/usr/local/lib64/ nosuid
-
-/usr/lib/ nosuid
-/usr/local/usr/lib/ nosuid
-
-/usr/lib32/ nosuid
-/usr/local/usr/lib32/ nosuid
-
-/usr/lib64/ nosuid
-/usr/local/usr/lib64/ nosuid
-
-## https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706/68
 /opt/ nosuid
+/usr/bin/ nosuid
+/usr/lib32/ nosuid
+/usr/lib64/ nosuid
+/usr/lib/ nosuid
+/usr/local/bin/ nosuid
+/usr/local/lib32/ nosuid
+/usr/local/lib64/ nosuid
+/usr/local/lib/ nosuid
 /usr/local/opt/ nosuid
+/usr/local/sbin/ nosuid
+/usr/local/usr/bin/ nosuid
+/usr/local/usr/lib32/ nosuid
+/usr/local/usr/lib64/ nosuid
+/usr/local/usr/lib/ nosuid
+/usr/local/usr/sbin/ nosuid
+/usr/sbin/ nosuid

 ######################################################################
 # Capability Removal