disable-common.inc: blacklist sudo/doas paths in /etc

Commands used to find the relevant paths in /etc:

    $ pacman -Qo /etc/* 2>/dev/null | grep sudo | LC_ALL=C sort
    /etc/pam.d/ is owned by sudo 1.9.14.p1-1
    /etc/sudo.conf is owned by sudo 1.9.14.p1-1
    /etc/sudo_logsrvd.conf is owned by sudo 1.9.14.p1-1
    /etc/sudoers is owned by sudo 1.9.14.p1-1
    /etc/sudoers.d/ is owned by sudo 1.9.14.p1-1

Environment: Artix Linux.

Also, add missing paths sudo/doas to etc/ids.config and jailcheck.

See also commit dbebd71db ("disable-common.inc: blacklist doas binary",
2022-10-05).

Relates to #5385.

Reported-by: Dieter Plaetinck <dieter@plaetinck.be>

1 files changed, 3 insertions, 0 deletions

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 4277100ce..ce4f08958 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -416,6 +416,7 @@ blacklist /tmp/ssh-*
 # top secret
 blacklist /.fscrypt
 blacklist /etc/davfs2/secrets
+blacklist /etc/doas.conf
 blacklist /etc/group+
 blacklist /etc/group-
 blacklist /etc/gshadow
@@ -428,6 +429,8 @@ blacklist /etc/shadow+
 blacklist /etc/shadow-
 blacklist /etc/ssh
 blacklist /etc/ssh/*
+blacklist /etc/sudo*.conf
+blacklist /etc/sudoers*
 blacklist /home/.ecryptfs
 blacklist /home/.fscrypt
 blacklist ${HOME}/*.kdb