cover more folders in /usr/local

2025-05-12 08:32:12 -04:00 · 2020-12-06 04:15:52 -05:00 · 2020-12-06 04:15:52 -05:00 · b2b614ed2a
commit b2b614ed2a
parent 5bd267d774
1 changed files with 17 additions and 10 deletions
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@ -81,28 +81,35 @@
 ## Remove all SUID/SGID binaries/libraries.

 /bin/ nosuid
-
-/usr/bin/ nosuid
 /usr/local/bin/ nosuid

-/sbin/ nosuid
+/usr/bin/ nosuid
+/usr/local/usr/bin/ nosuid

-/usr/sbin/ nosuid
+/sbin/ nosuid
 /usr/local/sbin/ nosuid

-/lib/ nosuid
-/lib32/ nosuid
-/lib64/ nosuid
+/usr/sbin/ nosuid
+/usr/local/usr/sbin/ nosuid

-/usr/lib/ nosuid
+/lib/ nosuid
 /usr/local/lib/ nosuid

-/usr/lib32/ nosuid
+/lib32/ nosuid
 /usr/local/lib32/ nosuid

-/usr/lib64/ nosuid
+/lib64/ nosuid
 /usr/local/lib64/ nosuid

+/usr/lib/ nosuid
+/usr/local/usr/lib/ nosuid
+
+/usr/lib32/ nosuid
+/usr/local/usr/lib32/ nosuid
+
+/usr/lib64/ nosuid
+/usr/local/usr/lib64/ nosuid
+
 ## https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706/68
 /opt/ nosuid
 /usr/local/opt/ nosuid