README: Fix a few links

README.md

@@ -228,7 +228,7 @@ Kernel space:
 
 - Disable EFI persistent storage feature, preventing the kernel from writing crash logs and
   other persistent data to the EFI variable store.
-  
+
 Direct memory access:
 
 - Enable strict IOMMU translation to protect against some DMA attacks via the use
@@ -403,7 +403,7 @@ Miscellaneous modules:
 
 `/etc/kernel/postinst.d/30_remove-system-map`
 
-`/lib/systemd/system/remove-system-map.service`
+`/usr/lib/systemd/system/remove-system-map.service`
 
 `/usr/libexec/security-misc/remove-system.map`
 
@@ -412,21 +412,20 @@ Miscellaneous modules:
 
 `/etc/security/limits.d/30_security-misc.conf`
 
-`/etc/sysctl.d/30_security-misc.conf`
+`/usr/lib/sysctl.d/30_security-misc.conf`
 
-`/lib/systemd/coredump.conf.d/30_security-misc.conf`
+`/usr/lib/systemd/coredump.conf.d/30_security-misc.conf`
 
 - PStore is disabled as crash logs can contain sensitive system data such as
   kernel version, hostname, and users. See:
 
   `/usr/lib/systemd/pstore.conf.d/30_security-misc.conf`
 
-- An initramfs hook sets the sysctl values in `/etc/sysctl.conf` and
+- An initramfs hook sets the sysctl values in `/usr/lib/sysctl.d/` before init
-  `/etc/sysctl.d` before init is executed so sysctl hardening is enabled as
+  is executed so sysctl hardening is enabled as early as possible. This is
-  early as possible. This is implemented for `initramfs-tools` only because
+  implemented for `initramfs-tools` only because this is not needed for `dracut`
-  this is not needed for `dracut` as `dracut` does that by default, at
+  as `dracut` does that by default, at least on `systemd` enabled systems. Not 
-  least on `systemd` enabled systems. Not researched for non-`systemd` systems
+  researched for non-`systemd` systems by the author of this part of the readme.
-  by the author of this part of the readme.
 
 ## Network hardening