From 0d78ecaee37536379ad2f230f45904f57425cb19 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Tue, 16 Jan 2024 09:26:21 -0500 Subject: [PATCH] README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fec808e..e47754f 100644 --- a/README.md +++ b/README.md @@ -436,8 +436,8 @@ include but are not limited to: ##### permission-hardener ##### `permission-hardener` removes SUID / SGID bits from non-essential binaries as -these are often used in privilege escalation attacks. It runs at package -installation and upgrade time. +these are often used in privilege escalation attacks. It is enabled by default +and applied at security-misc package installation and upgrade time. There is also an optional systemd unit which does the same at boot time that can be enabled by running `systemctl enable permission-hardener.service` as