2: check whether any files have been altered compared to repositories containing the packages containing the files. List files that do not belong to packages.
3: last time I looked into it new files have been ignored. Changes to directory content/structure in general should be monitoried.
@chrichri First, thanks for the recommendations. I have a couple clarifying questions:
For point 2: evaluate packages in which way?
For 3: currently we include all but files that begin with kexec* because they are used *by* PureBoot and some like HOTP counter change each boot, and others like the checksum file itself, have to be excluded.