#!/bin/bash
set -eo pipefail

#### Update system
echo '> Update packages ...'
dnf update -y
dnf clean all

### Cleans all audit logs. ###
echo '> Cleaning all audit logs ...'

if [ -f /var/log/audit/audit.log ]; then
    cat /dev/null >/var/log/audit/audit.log
fi

if [ -f /var/log/wtmp ]; then
    cat /dev/null >/var/log/wtmp
fi

if [ -f /var/log/lastlog ]; then
    cat /dev/null >/var/log/lastlog
fi

### Cleans persistent udev rules. ###
echo '> Cleaning persistent udev rules ...'
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
    rm /etc/udev/rules.d/70-persistent-net.rules
fi

### Clean the /tmp directories. ###
echo '> Cleaning /tmp directories ...'
rm -rf /tmp/*
rm -rf /var/tmp/*
rm -rf /var/cache/dnf/*

### Clean the SSH keys. ###
echo '> Cleaning the SSH keys ...'
shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
rm -f /etc/ssh/ssh_config.d/allow-root-ssh.conf

### Clean the machine-id. ###
echo '> Cleaning the machine-id ...'
truncate -s 0 /etc/machine-id
rm -f /var/lib/dbus/machine-id
mkdir -p /var/lib/dbus
ln -s /etc/machine-id /var/lib/dbus/machine-id

### Clean the shell history. ###
echo '> Cleaning the shell history ...'
unset HISTFILE
history -cw
echo >~/.bash_history
rm -f /root/.bash_history

### Prepare cloud-init ###
echo '> Preparing cloud-init ...'
rm -f /etc/cloud/cloud-init.disabled

### Done. ###
echo '> Done.'