------------------
- touch /.unconfigured ?
- - smolt ID
- - Spacewalk / RHN ID
+ - other Spacewalk / RHN IDs (?)
- Kerberos keys
- Puppet registration
- user accounts
. install a firstboot script virt-sysprep --script=/tmp/foo.sh
. run an external shell script
. run external guestfish script virt-sysprep --fish=/tmp/foo.fish
- - log files (thanks Steve Grubb)
- . as well as the obvious log files, also
- utmp/wtmp/btmp/tallylog and pam_faillock's data files
- - RNG seed (Steve Grubb)
+ . rm /var/cache/apt/archives/*
+ - /var/run/* and pam_faillock's data files
- homedirs/.ssh directory, especially /root/.ssh (Steve Grubb)
- if drives are encrypted, then dm-crypt key should be changed
and drives all re-encrypted
may have picked up some certificates or things. This is an area
that you would want to look into.
- secure erase of inodes etc using scrub (Steve Grubb)
- - touch /.autorelabel if we create any new files (thanks Dan Berrange)
- - should we use guestmount instead of guestfish
- and would that make it easier to run the tool inside VMs?
+ - other directories that could require cleaning include:
+ /var/cache/gdm/*
+ /var/lib/fprint/*
+ /var/run/*
+ /var/lib/AccountService/users/*
+ /var/lib/sss/db/*
+ /var/lib/samba/*
+ /var/lib/samba/*/*
+ (thanks Marko Myllynen, James Antill)