From b2b614ed2a1a62ff4c917aba80eeef505810dbf8 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun, 6 Dec 2020 04:15:52 -0500
Subject: [PATCH] cover more folders in /usr/local

---
 etc/permission-hardening.d/30_default.conf | 27 ++++++++++++++--------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/etc/permission-hardening.d/30_default.conf b/etc/permission-hardening.d/30_default.conf
index 732b601..c447f93 100644
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@@ -81,28 +81,35 @@
 ## Remove all SUID/SGID binaries/libraries.
 
 /bin/ nosuid
-
-/usr/bin/ nosuid
 /usr/local/bin/ nosuid
 
-/sbin/ nosuid
+/usr/bin/ nosuid
+/usr/local/usr/bin/ nosuid
 
-/usr/sbin/ nosuid
+/sbin/ nosuid
 /usr/local/sbin/ nosuid
 
-/lib/ nosuid
-/lib32/ nosuid
-/lib64/ nosuid
+/usr/sbin/ nosuid
+/usr/local/usr/sbin/ nosuid
 
-/usr/lib/ nosuid
+/lib/ nosuid
 /usr/local/lib/ nosuid
 
-/usr/lib32/ nosuid
+/lib32/ nosuid
 /usr/local/lib32/ nosuid
 
-/usr/lib64/ nosuid
+/lib64/ nosuid
 /usr/local/lib64/ nosuid
 
+/usr/lib/ nosuid
+/usr/local/usr/lib/ nosuid
+
+/usr/lib32/ nosuid
+/usr/local/usr/lib32/ nosuid
+
+/usr/lib64/ nosuid
+/usr/local/usr/lib64/ nosuid
+
 ## https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706/68
 /opt/ nosuid
 /usr/local/opt/ nosuid