---

- name: "Cleaning all audit logs."
  shell: |
    if [ -f /var/log/audit/audit.log ]; then
    cat /dev/null > /var/log/audit/audit.log
    fi
    if [ -f /var/log/wtmp ]; then
    cat /dev/null > /var/log/wtmp
    fi
    if [ -f /var/log/lastlog ]; then
    cat /dev/null > /var/log/lastlog
    fi

- name: "Cleaning persistent udev rules."
  shell: |
    if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
    rm /etc/udev/rules.d/70-persistent-net.rules
    fi

- name: "Cleaning the /tmp directories"
  shell: |
    rm -rf /tmp/*
    rm -rf /var/tmp/*
    rm -rf /var/cache/dnf/*

- name: "Cleaning the Red Hat Subscription Manager logs."
  shell: |
    rm -rf /var/log/rhsm/*
  when: "ansible_facts['distribution'] == 'RedHat'"

- name: "Cleaning the SSH host keys."
  shell: |
    rm -f /etc/ssh/ssh_host_*

- name: "Cleaning the machine-id."
  when: 'ansible_facts[''distribution_major_version''] <= "8"'
  shell: |
    truncate -s 0 /etc/machine-id
    rm /var/lib/dbus/machine-id
    ln -s /etc/machine-id /var/lib/dbus/machine-id

- name: "Cleaning the machine-id."
  when: 'ansible_facts[''distribution_major_version''] >= "9"'
  shell: |
    truncate -s 0 /etc/machine-id

- name: "Cleaning the shell history."
  shell: |
    unset HISTFILE
    history -cw
    echo > ~/.bash_history
    rm -fr /root/.bash_history

- name: "Running a sync."
  shell: |
    sync && sync

...