# stop salt minion
service salt-minion stop

# remove crontab persistence
crontab -l | sed '/54.36.185.99/d' | crontab -

# remove all the trash
rm /tmp/salt-minions
rm /tmp/salt-store
rm /var/tmp/salt-store
rm /etc/selinux/config
rm -rf /tmp/.ICE*
rm /root/.wget-hsts

# create apparmor profiles to prevent execution
echo 'profile salt-store /var/tmp/salt-store { }' | tee /etc/apparmor.d/salt-store
apparmor_parser -r -W /etc/apparmor.d/salt-store

echo 'profile salt-minions /tmp/salt-minions { }' | tee /etc/apparmor.d/salt-minions
apparmor_parser -r -W /etc/apparmor.d/salt-minions

# reenable nmi watchdog
sysctl kernel.nmi_watchdog=1
echo '1' >/proc/sys/kernel/nmi_watchdog
sed -i '/kernel.nmi_watchdog/d' /etc/sysctl.conf

# disable hugepages
sysctl -w vm.nr_hugepages=0

# enable apparmor
systemctl enable apparmor
systemctl start apparmor

# kill processes and reenabler
kill -9 $(ps faux | grep /tmp/.ICE | grep -v grep | awk '{print $2}')
killall -9 salt-minions
killall -9 salt-store

# fix syslog
touch /var/log/syslog
service rsyslog restart

# update minion
curl -L https://bootstrap.saltstack.com | sudo sh