diff --git a/debian/security-misc.postinst b/debian/security-misc.postinst
index 0603717..5ee40c6 100644
--- a/debian/security-misc.postinst
+++ b/debian/security-misc.postinst
@@ -49,7 +49,9 @@ migrate_permission_hardener_state() {
    mkdir --parents '/var/lib/security-misc/do_once'
 
    mkdir --parents '/var/lib/permission-hardener-v2/existing_mode'
+   mkdir --parents '/var/lib/permission-hardener-v2/new_mode'
    cp --verbose '/usr/share/security-misc/permission-hardener-existing-mode-legacy-hardcoded' '/var/lib/permission-hardener-v2/existing_mode/statoverride'
+   cp --verbose '/usr/share/security-misc/permission-hardener-new-mode-legacy-hardcoded' '/var/lib/permission-hardener-v2/new_mode/statoverride'
 
    touch "/var/lib/security-misc/do_once/${FUNCNAME[0]}_version_1"
 }
diff --git a/usr/share/security-misc/permission-hardener-new-mode-legacy-hardcoded b/usr/share/security-misc/permission-hardener-new-mode-legacy-hardcoded
new file mode 100644
index 0000000..b8f0cf4
--- /dev/null
+++ b/usr/share/security-misc/permission-hardener-new-mode-legacy-hardcoded
@@ -0,0 +1,23 @@
+root root 700 /etc/cron.monthly
+root root 700 /etc/sudoers.d
+root shadow 744 /usr/bin/expiry
+root root 755 /usr/bin/umount
+root root 744 /usr/bin/gpasswd
+root root 700 /usr/lib/modules
+root root 744 /usr/bin/newgrp
+root root 700 /etc/cron.weekly
+root root 744 /usr/bin/su
+root root 700 /etc/cron.daily
+root root 644 /etc/motd
+root _ssh 744 /usr/bin/ssh-agent
+root root 700 /boot
+root shadow 744 /usr/bin/chage
+root root 744 /usr/lib/openssh/ssh-keysign
+root root 744 /usr/bin/chsh
+root root 755 /usr/bin/passwd
+root root 744 /usr/bin/chfn
+root root 600 /etc/permission-hardener.d
+root root 700 /usr/src
+root root 755 /usr/bin/mount
+root root 644 /etc/issue
+root root 700 /etc/cron.d