What are the steps to generalize an OpenBSD 6.1 host?

Question

What are the steps are needed to generalize OpenBSD so that it could be used as a template or virtual appliance without disclosing any information of the environment that baked it, or put the user of the template at risk (for example what happened to GitHub Enterprise)?

Using Atlassian Bamboo, I use packer to create a OpenBSD 6.1 VMware vSphere virtual machine template. Another downstream process specializes the OpenBSD template for a specific use.

Currently I'm doing the following to truncate the logs

cp /dev/null /var/log/authlog
cp /dev/null /var/log/daemon
cp /dev/null /var/log/failedlogin
cp /dev/null /var/log/ftpd
cp /dev/null /var/log/lastlog
cp /dev/null /var/log/lpd-errs
cp /dev/null /var/log/maillog
cp /dev/null /var/log/messages
cp /dev/null /var/log/pflog
cp /dev/null /var/log/rdist
cp /dev/null /var/log/wtmp
cp /dev/null /var/log/secure
cp /dev/null /var/log/xferlog

And the following to remove SSH keys and any tmp files.

rm -rf /tmp/*
rm -f /etc/ssh/*key*

Reset the hostname

echo 'localhost.localdomain' > /etc/myname

Answer 1

I am not allowed to comment. I would not consider this a reply as I just want to add some more items to what you have listed. I have no idea if there is more to look out for.

MAIL If you are doing unattended installation. There will be a report in the mail queue of the user account that you have created. Depending on your timing, mail reports about some system statistics will be sent daily to this account. Check /var/mail/... of a long running system.

/var/db Plenty of interesting things here. Past and current DHCP leases end up here, which is one of the most interesting aspects for me.

/var/backups Some of the files you have listed are covered by daily backups and the latest version is found here. See the crontab -e or /var/cron/tabs.

/var/run/dmesg.boot Latest copy of dmesg. Ignore unless you are doing live migrations or the like. See man dmesg(8).

I wonder if there are indicators to be found in the kernel as it is always unique upon system installation. I also don't know if it is trivial to hide system installation time.