Typos

README.md

@@ -133,9 +133,9 @@ configuration file.
 - Force kernel panics on "oopses" to potentially indicate and thwart certain
   kernel exploitation attempts.
 
-- Provide option to modify machine check exception handler.
+- Provide the option to modify machine check exception handler.
 
-- Provide option to disable support for all x86 processes and syscalls to reduce
+- Provide the option to disable support for all x86 processes and syscalls to reduce
   attack surface (when using Linux kernel version >= 6.7).
 
 - Enable strict IOMMU translation to protect against DMA attacks and disable
@@ -147,7 +147,7 @@ configuration file.
 - Obtain more entropy at boot from RAM as the runtime memory allocator is
   being initialized.
 
-- Provide option to disable the entire IPv6 stack to reduce attack surface.
+- Provide the option to disable the entire IPv6 stack to reduce attack surface.
 
 Disallow sensitive kernel information leaks in the console during boot. See
 the `/etc/default/grub.d/41_quiet_boot.cfg` configuration file.

debian/security-misc.maintscript

@@ -47,7 +47,7 @@ rm_conffile /etc/sysctl.d/30_security-misc.conf
 rm_conffile /etc/sysctl.d/30_silent-kernel-printk.conf
 rm_conffile /etc/sysctl.d/30_security-misc_kexec-disable.conf
 
-## moved to etc/permission-hardener.d
+## moved to /etc/permission-hardener.d
 rm_conffile /etc/permission-hardening.d/25_default_passwd.conf
 rm_conffile /etc/permission-hardening.d/25_default_sudo.conf
 rm_conffile /etc/permission-hardening.d/25_default_whitelist_bubblewrap.conf

etc/default/grub.d/40_kernel_hardening.cfg

@@ -195,6 +195,6 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX extra_latent_entropy"
 ## https://www.kernel.org/doc/html/latest/networking/ipv6.html
 ## https://wiki.archlinux.org/title/IPv6#Disable_IPv6
 ##
-## Enabling makes redundant many network hardening sysctl's in usr/lib/sysctl.d/990-security-misc.conf.
+## Enabling makes redundant many network hardening sysctl's in /usr/lib/sysctl.d/990-security-misc.conf.
 ##
 #ipv6.disable=1