From f7fde60b67a7ef44658cde3b835565407aafd133 Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Wed, 15 Jan 2020 20:28:32 +0000
Subject: [PATCH 1/2] Process sysctl.conf too

---
 etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs b/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs
index 534d8a7..b3c6cb6 100755
--- a/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs
+++ b/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs
@@ -15,4 +15,5 @@ prereqs)
         ;;
 esac
 
+sysctl -p ${rootmnt}/etc/sysctl.conf
 sysctl -p ${rootmnt}/etc/sysctl.d/*.conf

From 1df48a226d83b98dadc8bfb8dbc479dd656e2313 Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Wed, 15 Jan 2020 20:30:17 +0000
Subject: [PATCH 2/2] Update control

---
 debian/control | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/debian/control b/debian/control
index e4dd75d..63f94aa 100644
--- a/debian/control
+++ b/debian/control
@@ -117,8 +117,9 @@ Description: enhances misc security settings
   * The vivid kernel module is blacklisted as it's only required for testing
  and has been the cause of multiple vulnerabilities.
  .
-  * An initramfs hook sets the sysctl values in /etc/sysctl.d before init
- is executed so sysctl hardening is enabled as early as possible.
+  * An initramfs hook sets the sysctl values in /etc/sysctl.conf and
+ /etc/sysctl.d before init is executed so sysctl hardening is enabled
+ as early as possible.
  .
   * The kernel panics on oopses to prevent it from continuing to run a flawed
  process and to deter brute forcing.