minor

usr/lib/sysctl.d/30_silent-kernel-printk.conf

@@ -11,4 +11,4 @@ kernel.printk=3 3 3 3
 
 ## For Increased Log Verbosity:
 ## Adjust (or comment out) the kernel parameters in /etc/default/grub.d/41_quiet_boot.cfg.
-## Alternatively, installing the debug-misc package will undo these settings.
+## Alternatively, installing the debug-misc package will undo these settings.

usr/lib/sysctl.d/990-security-misc.conf

@@ -26,7 +26,7 @@
 ## https://wiki.archlinux.org/title/Security#Kernel_hardening
 
 ## Restrict kernel addresses via /proc and other interfaces regardless of user privileges.
-## Kernel pointers expose specific locations in kernel memory. 
+## Kernel pointers expose specific locations in kernel memory.
 ##
 ## https://kernsec.org/wiki/index.php/Bug_Classes/Kernel_pointer_leak
 ##
@@ -128,10 +128,10 @@ kernel.io_uring_disabled=2
 ##
 ## https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-userspace
 
-## Restrict usage of the ptrace() system call to only processes with CAP_SYS_PTRACE. 
+## Restrict usage of the ptrace() system call to only processes with CAP_SYS_PTRACE.
 ## Limit ptrace() as it enables programs to inspect and modify other active processes.
 ## Prevents native code debugging which some programs use as a method to detect tampering.
-## May cause breakages in 'anti-cheat' software and programs running under Proton/WINE. 
+## May cause breakages in 'anti-cheat' software and programs running under Proton/WINE.
 ##
 ## https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html#ptrace-scope
 ## https://en.wikipedia.org/wiki/Ptrace
@@ -139,7 +139,7 @@ kernel.io_uring_disabled=2
 ## https://github.com/GrapheneOS/os-issue-tracker/issues/651#issuecomment-917599928
 ## https://github.com/netblue30/firejail/issues/2860
 ##
-## It is possible to harden further by disabling ptrace() for all users, see documentation. 
+## It is possible to harden further by disabling ptrace() for all users, see documentation.
 ##
 kernel.yama.ptrace_scope=2
 
@@ -236,7 +236,7 @@ net.ipv4.tcp_syncookies=1
 
 ## Protect against TCP time-wait assassination hazards.
 ## Drops RST packets for sockets in the time-wait state.
-## 
+##
 ## https://tools.ietf.org/html/rfc1337
 ##
 net.ipv4.tcp_rfc1337=1
@@ -282,7 +282,7 @@ net.ipv6.icmp.echo_ignore_all=1
 ##
 net.ipv4.icmp_ignore_bogus_error_responses=1
 
-## Disable source routing which allows users redirect network traffic. 
+## Disable source routing which allows users redirect network traffic.
 ## Prevents man-in-the-middle attacks in which the traffic is redirected.
 ##
 ## https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-server_security-disable-source-routing
@@ -303,7 +303,7 @@ net.ipv6.conf.default.accept_ra=0
 ## Forward acknowledgements (FACKs) are a legacy option that will (eventually) be deprecated.
 ## Disabling can cause severe connectivity issues on networks with high latency or packet loss.
 ## Enabling on stable high-bandwidth networks can lead to reduced efficiency of TCP connections.
-##  
+##
 ## https://datatracker.ietf.org/doc/html/rfc2018
 ## https://datatracker.ietf.org/doc/html/rfc2883
 ## https://access.redhat.com/sites/default/files/attachments/20150325_network_performance_tuning.pdf
@@ -329,11 +329,11 @@ net.ipv4.tcp_timestamps=0
 ## Recommended to keep a (kernel dmesg) log of these to identify these suspicious packets.
 ## Good for troubleshooting and diagnostics but not necessary by default.
 ## Known for causing performance issues especially on systems with multiple interfaces.
-## 
+##
 ## https://wiki.archlinux.org/title/Sysctl#Log_martian_packets
 ## https://github.com/Kicksecure/security-misc/issues/214
 ##
-## The logging of martian packets is currently disabled. 
+## The logging of martian packets is currently disabled.
 ##
 #net.ipv4.conf.all.log_martians=1
 #net.ipv4.conf.default.log_martians=1