Merge remote-tracking branch 'ArrayBolt3/arraybolt3/usrmerge'

usr/lib/permission-hardener.d/25_default_sudo.conf

@@ -17,4 +17,3 @@
 ## compromised network-facing daemon (such as web servers, time synchronization daemons,
 ## etc.) running as its own user from exploiting sudo to escalate privileges.
 #/usr/bin/sudo 4750 root sudo
-#/bin/sudo 4750 root sudo

usr/lib/permission-hardener.d/25_default_whitelist_bubblewrap.conf

@@ -6,4 +6,3 @@
 ## configuration. When security-misc is updated, this file may be overwritten.
 
 /usr/bin/bwrap exactwhitelist
-/bin/bwrap exactwhitelist

usr/lib/permission-hardener.d/25_default_whitelist_mount.conf

@@ -8,14 +8,10 @@
 ## https://forums.whonix.org/t/disable-suid-binaries/7706/61
 ## Protect from 'chmod -x' (and SUID removal).
 ## SUID will be removed below in separate step.
-/bin/mount exactwhitelist
 /usr/bin/mount exactwhitelist
-/bin/umount exactwhitelist
 /usr/bin/umount exactwhitelist
 
 ## Remove SUID from 'mount' but keep executable.
 ## https://forums.whonix.org/t/disable-suid-binaries/7706/61
-/bin/mount 755 root root
 /usr/bin/mount 755 root root
-/bin/umount 755 root root
 /usr/bin/umount 755 root root

usr/lib/permission-hardener.d/25_default_whitelist_passwd.conf

@@ -14,4 +14,3 @@
 /usr/bin/passwd exactwhitelist
 /bin/passwd exactwhitelist
 /usr/bin/passwd 0755 root root
-/bin/passwd 0755 root root

usr/lib/permission-hardener.d/25_default_whitelist_policykit.conf

@@ -6,9 +6,7 @@
 ## configuration. When security-misc is updated, this file may be overwritten.
 
 /usr/bin/pkexec exactwhitelist
-/bin/pkexec exactwhitelist
 /usr/bin/pkexec.security-misc-orig exactwhitelist
-/bin/pkexec.security-misc-orig exactwhitelist
 
 ## TODO: research
 ## match both:

usr/lib/permission-hardener.d/25_default_whitelist_sudo.conf

@@ -6,4 +6,3 @@
 ## configuration. When security-misc is updated, this file may be overwritten.
 
 /usr/bin/sudo exactwhitelist
-/bin/sudo exactwhitelist