move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS

usr/bin/pkexec.security-misc

@@ -122,7 +122,7 @@ else
    ## This is required for gdebi.
    ## REVIEW: is it ok that users can find out the PATH setting of root?
    ## lxqt-sudo does not clear environment variable PATH.
-   PATH="$(sudo --non-interactive /usr/lib/security-misc/echo-path)"
+   PATH="$(sudo --non-interactive /usr/libexec/security-misc/echo-path)"
    export PATH
    lxqt-sudo "$@" || { exit_code=$? ; true; };
 fi

usr/libexec/security-misc/pam_only_if_login

@@ -12,7 +12,7 @@ true "PAM_SERVICE: $PAM_SERVICE"
 if [ "$PAM_SERVICE" = "login" ]; then
    ## FIXME:
    ## Creates unwanted journal log entry.
-   ## pam_exec(login:account): /usr/lib/security-misc/pam_only_if_login failed: exit code 1
+   ## pam_exec(login:account): /usr/libexec/security-misc/pam_only_if_login failed: exit code 1
    exit 1
 else
    ## exit success so [success=1 default=ignore] will result in skipping the

usr/libexec/security-misc/pam_tally2_not_if_x

@@ -37,6 +37,6 @@ done
 ## next PAM module (the pam_tally2 module).
 ##
 ## Causes confusing error message:
-## pam_exec(sudo:auth): /usr/lib/security-misc/pam_tally2_not_if_x failed: exit code 1
+## pam_exec(sudo:auth): /usr/libexec/security-misc/pam_tally2_not_if_x failed: exit code 1
 ## https://github.com/linux-pam/linux-pam/issues/329
 exit 1

usr/libexec/security-misc/permission-hardening

@@ -10,7 +10,7 @@
 ## meld /var/lib/permission-hardening/existing_mode/statoverride /var/lib/permission-hardening/new_mode/statoverride
 
 ## To undo:
-## sudo /usr/lib/security-misc/permission-hardening-undo
+## sudo /usr/libexec/security-misc/permission-hardening-undo
 
 #set -x
 set -e

usr/libexec/security-misc/permission-lockdown

@@ -4,32 +4,32 @@
 ## See the file COPYING for copying conditions.
 
 ## Doing this for all users would create many issues.
-# /usr/lib/security-misc/permission-lockdown: user: root | chmod o-rwx "/root"
-# /usr/lib/security-misc/permission-lockdown: user: daemon | chmod o-rwx "/usr/sbin"
-# /usr/lib/security-misc/permission-lockdown: user: bin | chmod o-rwx "/bin"
-# /usr/lib/security-misc/permission-lockdown: user: sys | chmod o-rwx "/dev"
-# /usr/lib/security-misc/permission-lockdown: user: sync | chmod o-rwx "/bin"
-# /usr/lib/security-misc/permission-lockdown: user: games | chmod o-rwx "/usr/games"
-# /usr/lib/security-misc/permission-lockdown: user: man | chmod o-rwx "/var/cache/man"
-# /usr/lib/security-misc/permission-lockdown: user: mail | chmod o-rwx "/var/mail"
-# /usr/lib/security-misc/permission-lockdown: user: proxy | chmod o-rwx "/bin"
-# /usr/lib/security-misc/permission-lockdown: user: backup | chmod o-rwx "/var/backups"
-# /usr/lib/security-misc/permission-lockdown: user: systemd-timesync | chmod o-rwx "/run/systemd"
-# /usr/lib/security-misc/permission-lockdown: user: systemd-network | chmod o-rwx "/run/systemd/netif"
-# /usr/lib/security-misc/permission-lockdown: user: messagebus | chmod o-rwx "/var/run/dbus"
-# /usr/lib/security-misc/permission-lockdown: user: tinyproxy | chmod o-rwx "/run/tinyproxy"
-# /usr/lib/security-misc/permission-lockdown: user: rtkit | chmod o-rwx "/proc"
-# /usr/lib/security-misc/permission-lockdown: user: colord | chmod o-rwx "/var/lib/colord"
-# /usr/lib/security-misc/permission-lockdown: user: Debian-exim | chmod o-rwx "/var/spool/exim4"
-# /usr/lib/security-misc/permission-lockdown: user: debian-tor | chmod o-rwx "/var/lib/tor"
-# /usr/lib/security-misc/permission-lockdown: user: stunnel4 | chmod o-rwx "/var/run/stunnel4"
-# /usr/lib/security-misc/permission-lockdown: user: iodine | chmod o-rwx "/var/run/iodine"
-# /usr/lib/security-misc/permission-lockdown: user: apt-cacher-ng | chmod o-rwx "/var/cache/apt-cacher-ng"
-# /usr/lib/security-misc/permission-lockdown: user: statd | chmod o-rwx "/var/lib/nfs"
-# /usr/lib/security-misc/permission-lockdown: user: timidity | chmod o-rwx "/etc/timidity"
-# /usr/lib/security-misc/permission-lockdown: user: uuidd | chmod o-rwx "/run/uuidd"
-# /usr/lib/security-misc/permission-lockdown: user: _rpc | chmod o-rwx "/run/rpcbind"
-# /usr/lib/security-misc/permission-lockdown: user: geoclue | chmod o-rwx "/var/lib/geoclue"
+# /usr/libexec/security-misc/permission-lockdown: user: root | chmod o-rwx "/root"
+# /usr/libexec/security-misc/permission-lockdown: user: daemon | chmod o-rwx "/usr/sbin"
+# /usr/libexec/security-misc/permission-lockdown: user: bin | chmod o-rwx "/bin"
+# /usr/libexec/security-misc/permission-lockdown: user: sys | chmod o-rwx "/dev"
+# /usr/libexec/security-misc/permission-lockdown: user: sync | chmod o-rwx "/bin"
+# /usr/libexec/security-misc/permission-lockdown: user: games | chmod o-rwx "/usr/games"
+# /usr/libexec/security-misc/permission-lockdown: user: man | chmod o-rwx "/var/cache/man"
+# /usr/libexec/security-misc/permission-lockdown: user: mail | chmod o-rwx "/var/mail"
+# /usr/libexec/security-misc/permission-lockdown: user: proxy | chmod o-rwx "/bin"
+# /usr/libexec/security-misc/permission-lockdown: user: backup | chmod o-rwx "/var/backups"
+# /usr/libexec/security-misc/permission-lockdown: user: systemd-timesync | chmod o-rwx "/run/systemd"
+# /usr/libexec/security-misc/permission-lockdown: user: systemd-network | chmod o-rwx "/run/systemd/netif"
+# /usr/libexec/security-misc/permission-lockdown: user: messagebus | chmod o-rwx "/var/run/dbus"
+# /usr/libexec/security-misc/permission-lockdown: user: tinyproxy | chmod o-rwx "/run/tinyproxy"
+# /usr/libexec/security-misc/permission-lockdown: user: rtkit | chmod o-rwx "/proc"
+# /usr/libexec/security-misc/permission-lockdown: user: colord | chmod o-rwx "/var/lib/colord"
+# /usr/libexec/security-misc/permission-lockdown: user: Debian-exim | chmod o-rwx "/var/spool/exim4"
+# /usr/libexec/security-misc/permission-lockdown: user: debian-tor | chmod o-rwx "/var/lib/tor"
+# /usr/libexec/security-misc/permission-lockdown: user: stunnel4 | chmod o-rwx "/var/run/stunnel4"
+# /usr/libexec/security-misc/permission-lockdown: user: iodine | chmod o-rwx "/var/run/iodine"
+# /usr/libexec/security-misc/permission-lockdown: user: apt-cacher-ng | chmod o-rwx "/var/cache/apt-cacher-ng"
+# /usr/libexec/security-misc/permission-lockdown: user: statd | chmod o-rwx "/var/lib/nfs"
+# /usr/libexec/security-misc/permission-lockdown: user: timidity | chmod o-rwx "/etc/timidity"
+# /usr/libexec/security-misc/permission-lockdown: user: uuidd | chmod o-rwx "/run/uuidd"
+# /usr/libexec/security-misc/permission-lockdown: user: _rpc | chmod o-rwx "/run/rpcbind"
+# /usr/libexec/security-misc/permission-lockdown: user: geoclue | chmod o-rwx "/var/lib/geoclue"
 
 home_folder_access_rights_lockdown() {
    shopt -s nullglob

usr/share/pam-configs/console-lockdown-security-misc

@@ -3,5 +3,5 @@ Default: no
 Priority: 280
 Account-Type: Primary
 Account:
-	[success=1 default=ignore]	pam_exec.so	seteuid quiet /usr/lib/security-misc/pam_only_if_login
+	[success=1 default=ignore]	pam_exec.so	seteuid quiet /usr/libexec/security-misc/pam_only_if_login
 	required	pam_access.so accessfile=/etc/security/access-security-misc.conf debug

usr/share/pam-configs/pam-abort-on-locked-password-security-misc

@@ -3,4 +3,4 @@ Default: yes
 Priority: 300
 Auth-Type: Primary
 Auth:
-	requisite	pam_exec.so	debug stdout seteuid /usr/lib/security-misc/pam-abort-on-locked-password
+	requisite	pam_exec.so	debug stdout seteuid /usr/libexec/security-misc/pam-abort-on-locked-password

usr/share/pam-configs/tally2-security-misc

@@ -3,8 +3,8 @@ Default: yes
 Priority: 290
 Auth-Type: Primary
 Auth:
-	optional	pam_exec.so	debug stdout seteuid /usr/lib/security-misc/pam_tally2-info
-	[success=1 default=ignore]	pam_exec.so	seteuid quiet /usr/lib/security-misc/pam_tally2_not_if_x
+	optional	pam_exec.so	debug stdout seteuid /usr/libexec/security-misc/pam_tally2-info
+	[success=1 default=ignore]	pam_exec.so	seteuid quiet /usr/libexec/security-misc/pam_tally2_not_if_x
 	requisite	pam_tally2.so even_deny_root deny=50 onerr=fail audit debug
 Account-Type: Primary
 Account: