History rewrite

ansible/roles/clean/tasks/debian.yml

@@ -0,0 +1,81 @@
+---
+
+- name: Remove audit log files
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "/var/log/audit/audit.log"
+    - "/var/log/wtmp"
+    - "/var/log/lastlog"
+
+- name: Check to see if the /var/log/audit directory exists
+  ansible.builtin.stat:
+    path: "/var/log/audit"
+  register: audit_directory
+
+- name: Ensure /var/log/audit directory exists
+  ansible.builtin.file:
+    path: /var/log/audit
+    state: directory
+    mode: "0750"
+    owner: root
+    group: adm
+  when: audit_directory.stat.exists
+
+- name: Ensure /var/log/audit/audit.log exists
+  ansible.builtin.file:
+    path: /var/log/audit/audit.log
+    state: touch
+    mode: "0640"
+    owner: root
+    group: adm
+  when: audit_directory.stat.exists
+
+- name: Ensure wtmp and lastlog exist with the correct permissions
+  ansible.builtin.copy:
+    dest: "{{ item }}"
+    content: ""
+    mode: "0664"
+    owner: root
+    group: utmp
+  loop:
+    - "/var/log/wtmp"
+    - "/var/log/lastlog"
+
+- name: Cleaning persistent udev rules
+  ansible.builtin.file:
+    path: /etc/udev/rules.d/70-persistent-net.rules
+    state: absent
+
+- name: "Cleaning the /tmp directories"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "/tmp/*"
+    - "/var/tmp/*"
+
+- name: "Cleaning the SSH host keys."
+  shell: |
+    rm -f /etc/ssh/ssh_host_*
+
+- name: remove /etc/machine-id
+  file:
+    path: /etc/machine-id
+    state: absent
+
+- name: remove /var/lib/dbus/machine-id
+  file:
+    path: /var/lib/dbus/machine-id
+    state: absent
+
+- name: generate new machine-id
+  command: systemd-machine-id-setup
+
+- name: Cleaning the shell history
+  shell: |
+    unset HISTFILE
+    history -cw
+    echo > ~/.bash_history
+    rm -fr /root/.bash_history