From b5c885b0dfb4f1b67c1d4ea01792a9347d91817c Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 23 Jan 2014 15:49:08 +0100
Subject: Refine stage 4 blacklist: No backups, no shadow- group- and passwd-

---
 server/blacklists/essential/linux-base     | 6 ++++++
 server/blacklists/essential/linux-extended | 2 ++
 2 files changed, 8 insertions(+)

(limited to 'server')

diff --git a/server/blacklists/essential/linux-base b/server/blacklists/essential/linux-base
index f83ef1ac..c8f7c343 100644
--- a/server/blacklists/essential/linux-base
+++ b/server/blacklists/essential/linux-base
@@ -40,3 +40,9 @@
 - /bin/sh
 # This is where the bind-mount of mltk resides...
 - /export/build
+- /etc/group-
+- /etc/gshadow
+- /etc/gshadow-
+- /etc/passwd-
+- /etc/shadow-
+
diff --git a/server/blacklists/essential/linux-extended b/server/blacklists/essential/linux-extended
index 3aed0dac..143caadb 100644
--- a/server/blacklists/essential/linux-extended
+++ b/server/blacklists/essential/linux-extended
@@ -20,4 +20,6 @@
 - /usr/local/sbin/busybox
 # MOTD updater (tty/ssh login) pretty annoying as it tells you about available updates on ubuntu etc.
 - /etc/update-motd.d/**
+# Backups don't make sense
+- /var/backups/**
 
-- 
cgit v1.2.3-55-g7522