X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=TODO;h=bfc613649f7c9e13925a50b99e0d5eca8032c8bf;hb=dd73c50dc5439c3e16f1322dce69b1f17af485da;hp=8d5ed1d1addb6c8982de1e2d8cee04883b10745e;hpb=e6ed656c98f4c0781090a7ee4337267923754dbd;p=libguestfs.git

diff --git a/TODO b/TODO
index 8d5ed1d..bfc6136 100644
--- a/TODO
+++ b/TODO
@@ -537,8 +537,7 @@ virt-sysprep ideas
 ------------------
 
  - touch /.unconfigured ?
- - smolt ID
- - Spacewalk / RHN ID
+ - other Spacewalk / RHN IDs (?)
  - Kerberos keys
  - Puppet registration
  - user accounts
@@ -549,3 +548,26 @@ virt-sysprep ideas
    . install a firstboot script      virt-sysprep --script=/tmp/foo.sh
    . run an external shell script
    . run external guestfish script   virt-sysprep --fish=/tmp/foo.fish
+   . rm /var/cache/apt/archives/*
+ - /var/run/* and pam_faillock's data files
+ - homedirs/.ssh directory, especially /root/.ssh (Steve Grubb)
+ - if drives are encrypted, then dm-crypt key should be changed
+   and drives all re-encrypted
+ - /etc/pki
+   (Steve says ...)
+   Rpm uses nss. Nss sets up its crypto database in
+   /etc/pki. Depending on how long the machine ran before cloning, you
+   may have picked up some certificates or things. This is an area
+   that you would want to look into.
+ - secure erase of inodes etc using scrub (Steve Grubb)
+ - other directories that could require cleaning include:
+    /var/cache/gdm/*
+    /var/lib/fprint/*
+    /var/run/*
+    /var/spool/mail/*
+    /var/spool/cron/*
+    /var/lib/AccountService/users/*
+    /var/lib/sss/db/*
+    /var/lib/samba/*
+    /var/lib/samba/*/*
+  (thanks Marko Myllynen, James Antill)