remove unicode

README.md

@@ -93,7 +93,7 @@ disabled.
 Certain kernel modules are blacklisted to reduce attack surface via the
 `/etc/modprobe.d/30_security-misc.conf` configuration file.
 
-* Deactivates Netfilter's connection tracking helper — this module
+* Deactivates Netfilter's connection tracking helper - this module
 increases kernel attack surface by enabling superfluous functionality
 such as IRC parsing in the kernel. Hence, this feature is disabled.
 
@@ -133,7 +133,7 @@ such as IRC parsing in the kernel. Hence, this feature is disabled.
 
  p8022 - IEEE 802.2
 
- CAN — Controller Area Network
+ CAN - Controller Area Network
 
  ATM
 
@@ -225,14 +225,14 @@ could be used.
 ## Root access restrictions
 
 * `su` is restricted to only users within the group `sudo` which prevents
-users from using `su` to gain root access or to switch user accounts —
+users from using `su` to gain root access or to switch user accounts -
 `/usr/share/pam-configs/wheel-security-misc`
 (which results in a change in file `/etc/pam.d/common-auth`).
 
 * Add user `root` to group `sudo`. This is required due to the above restriction so
-that logging in from a virtual console is still possible — `debian/security-misc.postinst`
+that logging in from a virtual console is still possible - `debian/security-misc.postinst`
 
-* Abort login for users with locked passwords —
+* Abort login for users with locked passwords -
 `/usr/libexec/security-misc/pam-abort-on-locked-password`.
 
 * Logging into the root account from a virtual, serial, whatnot console is
@@ -353,10 +353,10 @@ See:
 ## Application-specific hardening
 
 * Enables "`apt-get --error-on=any`" which makes apt exit non-zero for
- transient failures. — `/etc/apt/apt.conf.d/40error-on-any`.
+ transient failures. - `/etc/apt/apt.conf.d/40error-on-any`.
-* Enables APT seccomp-BPF sandboxing — `/etc/apt/apt.conf.d/40sandbox`.
+* Enables APT seccomp-BPF sandboxing - `/etc/apt/apt.conf.d/40sandbox`.
 * Deactivates previews in Dolphin.
-* Deactivates previews in Nautilus —
+* Deactivates previews in Nautilus -
 `/usr/share/glib-2.0/schemas/30_security-misc.gschema.override`.
 * Deactivates thumbnails in Thunar.
 * Displays domain names in punycode (`network.IDN_show_punycode`) in

usr/libexec/security-misc/permission-hardening

@@ -437,7 +437,7 @@ set_file_perms() {
       if [ "$capability_from_config" = "none" ]; then
          ## https://forums.whonix.org/t/disable-suid-binaries/7706/45
          # sudo setcap -r /bin/ping 2>/dev/null
-         # Failed to set capabilities on file `/bin/ping' (No data available)
+         # Failed to set capabilities on file '/bin/ping' (No data available)
          # The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
          ## Therefore use echo_wrapper_ignore.
          echo_wrapper_ignore setcap -r "$fso"
@@ -465,9 +465,9 @@ parse_config_folder() {
   # Query contents of password and group databases only once and buffer them
   #
   # If we don't buffer we sometimes get incorrect results when checking for entries using
-  # `if getent passwd | grep -q '^root:'; …` since `grep` exits after the first match in
+  # 'if getent passwd | grep -q '^root:'; ...' since 'grep' exits after the first match in
-  # this case causing `getent` to receive SIGPIPE, which then fails the pipeline since
+  # this case causing 'getent' to receive SIGPIPE, which then fails the pipeline since
-  # `set -o pipefail` is set for this script.
+  # 'set -o pipefail' is set for this script.
   passwd_file_contents="$(getent passwd)"
   group_file_contents="$(getent group)"