Minor documentation changes and fixes

usr/lib/sysctl.d/30_security-misc_kexec-disable.conf

@@ -1,15 +1,16 @@
 ## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
 ## See the file COPYING for copying conditions.
 
+## NOTE:
+## Why is this in a dedicated config file?
+## Package ram-wipe requires kexec. However, ram-wipe could not ship a config
+## file /etc/sysctl.d/40_ram-wipe.conf which sets 'kernel.kexec_load_disabled=0'.
+## This is because once systemd-sysctl.service has set 'kernel.kexec_load_disabled=1'
+## it cannot be undone without reboot. This is a upstream Linux security feature.
+
 ## Disables kexec which can be used to replace the running kernel.
 ## Useful for live kernel patching without rebooting.
 ##
 ## https://en.wikipedia.org/wiki/Kexec
 ##
 kernel.kexec_load_disabled=1
-
-## Why is this in a dedicated config file?
-## Package ram-wipe requires kexec. However, ram-wipe could not ship a config
-## file /etc/sysctl.d/40_ram-wipe.conf which sets 'kernel.kexec_load_disabled=0'.
-## This is because once systemd-sysctl.service has set 'kernel.kexec_load_disabled=1'
-## it cannot be undone without reboot. This is a upstream Linux security feature.

usr/lib/sysctl.d/30_silent-kernel-printk.conf

@@ -1,14 +1,10 @@
 ## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
 ## See the file COPYING for copying conditions.
 
+## NOTE:
+## For higher verbosity, delete file /etc/default/grub.d/41_quiet.cfg.
+## Alternatively, install the debug-misc package which will undo these settings.
+
 ## Prevent kernel information leaks in the console during boot.
 ##
 kernel.printk = 3 3 3 3
-
-## NOTE:
-## For higher verbosity, the user might also want to delete file
-## /etc/default/grub.d/41_quiet.cfg
-## (or out-comment its settings).
-##
-## Alternatively, the user could consider to install the debug-misc package,
-## which will undo the settings found here.

usr/lib/sysctl.d/990-security-misc.conf

@@ -2,8 +2,8 @@
 ## See the file COPYING for copying conditions.
 
 ## NOTE:
-## This file has a strange name so that `/usr/lib/sysctl.d/99-protect-links.conf` is
-## first parsed and then followed by `/usr/lib/sysctl.d/990-security-misc.conf`.
+## This file has a strange name so that /usr/lib/sysctl.d/99-protect-links.conf is
+## first parsed and then followed by /usr/lib/sysctl.d/990-security-misc.conf.
 ## https://github.com/Kicksecure/security-misc/pull/135
 
 ## This configuration file is split into 5 sections:
@@ -39,9 +39,9 @@ kernel.dmesg_restrict=1
 
 ## Prevent kernel information leaks in the console during boot.
 ##
-## See `/usr/lib/sysctl.d/30_silent-kernel-printk.conf` for implementation.
+## See /usr/lib/sysctl.d/30_silent-kernel-printk.conf for implementation.
 ##
-#kernel.printk=3 3 3 3s
+#kernel.printk=3 3 3 3
 
 ## Restrict eBPF access to CAP_BPF and enable associated JIT compiler hardening.
 ##
@@ -71,7 +71,7 @@ vm.unprivileged_userfaultfd=0
 ##
 ## https://en.wikipedia.org/wiki/Kexec
 ##
-## See `/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf` for implementation.
+## See /usr/lib/sysctl.d/30_security-misc_kexec-disable.conf for implementation.
 ##
 #kernel.kexec_load_disabled=1
 
@@ -139,7 +139,7 @@ kernel.yama.ptrace_scope=2
 ##
 ## https://forums.whonix.org/t/automate-mmap-randomisation-to-fix-ppc64el/16514
 ##
-## See `/usr/libexec/security-misc/mmap-rnd-bits` for implementation.
+## See /usr/libexec/security-misc/mmap-rnd-bits for implementation.
 ##
 #vm.mmap_rnd_bits=32
 #vm.mmap_rnd_compat_bits=16
@@ -314,7 +314,7 @@ net.ipv4.tcp_timestamps=0
 ## Good for troubleshooting and diagnostics but not necessary by default.
 ## Known for causing performance issues especially on systems with multiple interfaces.
 ## 
-## https://wiki.archlinux.org/title/Sysctl#TCP_Selective_Acknowledgement
+## https://wiki.archlinux.org/title/Sysctl#Log_martian_packets
 ## https://github.com/Kicksecure/security-misc/issues/214
 ##
 ## The logging of martian packets is currently disabled.