diff --git a/bundles/apt/items.py b/bundles/apt/items.py
index d148891..bfc8450 100644
--- a/bundles/apt/items.py
+++ b/bundles/apt/items.py
@@ -94,7 +94,6 @@ pkg_apt = {
     'lsof': {},
     'mailutils': {},
     'manpages': {},
-    'molly-guard': {},
     'moreutils': {},
     'mount': {},
     'mtr': {},
diff --git a/bundles/molly-guard/files/10-check-unattended-upgrades b/bundles/molly-guard/files/10-check-unattended-upgrades
new file mode 100644
index 0000000..6adafdb
--- /dev/null
+++ b/bundles/molly-guard/files/10-check-unattended-upgrades
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# Checks wether upgrade-and-reboot is currently running.
+
+if [[ -f "/var/lib/bundlewrap/soft-${node.name}/UNATTENDED" ]]
+then
+    echo "Sorry, can't $MOLLYGUARD_CMD now, upgrade-and-reboot is running"
+    exit 1
+fi
diff --git a/bundles/molly-guard/files/30-query-hostname b/bundles/molly-guard/files/30-query-hostname
new file mode 100644
index 0000000..3e4fc4c
--- /dev/null
+++ b/bundles/molly-guard/files/30-query-hostname
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# This script will ask for the bundlewrap node name. This replaces the
+# original script, which will ask for the hostname, which sometimes
+# is not enough to properly identify the system.
+
+NODE_NAME="${node.name}"
+
+# If this is not a terminal, do nothing
+test -t 0 || exit 0
+
+sigh()
+{
+    echo "Sorry, input does not match. Won't $MOLLYGUARD_CMD $NODE_NAME ..." >&2
+    exit 1
+}
+
+trap 'echo;sigh' 1 2 3 9 10 12 15
+
+echo -n "Please enter the bundlewrap node name of this System to $MOLLYGUARD_CMD: "
+read NODE_NAME_USER || :
+
+NODE_NAME_USER="$(echo "$NODE_NAME_USER" | tr '[:upper:]' '[:lower:]')"
+
+[ "$NODE_NAME_USER" = "$NODE_NAME" ] || sigh
+
+trap - 1 2 3 9 10 12 15
+
+exit 0
diff --git a/bundles/molly-guard/files/rc b/bundles/molly-guard/files/rc
new file mode 100644
index 0000000..4b6f808
--- /dev/null
+++ b/bundles/molly-guard/files/rc
@@ -0,0 +1 @@
+# currently unused
diff --git a/bundles/molly-guard/items.py b/bundles/molly-guard/items.py
new file mode 100644
index 0000000..e8d2b04
--- /dev/null
+++ b/bundles/molly-guard/items.py
@@ -0,0 +1,21 @@
+directories = {
+    '/etc/molly-guard/messages.d': {
+        'purge': True,
+    },
+    '/etc/molly-guard/run.d': {
+        'purge': True,
+    },
+}
+
+files = {
+    '/etc/molly-guard/rc': {},
+
+    '/etc/molly-guard/run.d/10-check-unattended-upgrades': {
+        'content_type': 'mako',
+        'mode': '0755',
+    },
+    '/etc/molly-guard/run.d/30-query-hostname': {
+        'content_type': 'mako',
+        'mode': '0755',
+    },
+}
diff --git a/bundles/molly-guard/metadata.py b/bundles/molly-guard/metadata.py
new file mode 100644
index 0000000..d8571e2
--- /dev/null
+++ b/bundles/molly-guard/metadata.py
@@ -0,0 +1,7 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'molly-guard': {},
+        },
+    },
+}
diff --git a/groups/os.py b/groups/os.py
index 85f794b..729a741 100644
--- a/groups/os.py
+++ b/groups/os.py
@@ -21,6 +21,7 @@ groups['linux'] = {
         'backup-client',
         'basic',
         'cron',
+        'molly-guard',
         'openssh',
         'postfix',
         'sshmon',