File config.sh of Package SLES15-SP5-SAP-Hardened-BYOS

Overview Repositories Revisions Requests Users Attributes Meta

File config.sh of Package SLES15-SP5-SAP-Hardened-BYOS

#!/bin/bash
#================
# FILE          : config.sh
#----------------
# PROJECT       : SUSE Public Cloud recipes
# COPYRIGHT     : (c) 2023 SUSE LLC. All rights reserved
#               : 
# CONTACT       : Public Cloud Team public-cloud-dev@susecloud.net
#               :
# BELONGS TO    : Operating System images
#               :
# DESCRIPTION   : OS configuration script
#               :
#               :
# STATUS        : Production
# GENERATED BY  : keg 1.1.0 on 2023-02-17 14:37:58
#----------------
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile

#======================================
# Fail build on error
#--------------------------------------
set -e

#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]..."

#======================================
# Setup the build keys
#--------------------------------------
suseImportBuildKey

# keg: included from common-sysconfig
baseUpdateSysConfig /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add"
baseUpdateSysConfig /etc/sysconfig/language INSTALLED_LANGUAGES ""
baseUpdateSysConfig /etc/sysconfig/language RC_LANG "C.UTF-8"
baseUpdateSysConfig /etc/sysconfig/security POLKIT_DEFAULT_PRIVS "restrictive"
baseUpdateSysConfig /etc/sysconfig/windowmanager DEFAULT_WM ""
baseUpdateSysConfig /etc/sysconfig/windowmanager INSTALL_DESKTOP_EXTENSIONS "no"

# keg: included from common-files
cat >> "/etc/profile" <<EOF
# yast in Public Cloud images fix
NCURSES_NO_UTF8_ACS=1
export NCURSES_NO_UTF8_ACS
EOF
cat >> "/etc/sysconfig/console" <<EOF
CONSOLE_ENCODING="UTF-8"
CONSOLE_FONT="lat9w-16.psfu"
CONSOLE_SCREENMAP="trivial"
EOF
cat >> "/etc/zypp/locks" <<EOF
type: package
match_type: glob
case_sensitive: on
solvable_name: plymouth*
EOF

# keg: included from sles4sap-variant
cat >> "/etc/os-release" <<EOF
VARIANT_ID="sles-sap-hardened"
EOF

# keg: included from common-config
# Start generate /etc/motd
#
source /etc/os-release

OS_PRETTY_NAME="$PRETTY_NAME"
OS_VERSION_MAJOR="${VERSION_ID%.*}"
ARCH="`uname -m`"

for suma_prod in /etc/products.d/SUSE-Manager-Server.prod /etc/products.d/SUSE-Manager-Proxy.prod
do
  if [[ -f $suma_prod ]]; then
     SUMA_VERSION=`sed -n -r -e '/<version>/s/( *<version>)([^<]*)(.*)/\2/p' $suma_prod`
     break
  fi
done

test -f etc/products.d/SLES_SAP.prod && OS_PRETTY_NAME="$OS_PRETTY_NAME for SAP Applications"

get_motd_includes()
{
    if [ -d /etc/motd.d ]; then
        for inc in `ls /etc/motd.d` ; do
            echo "r /etc/motd.d/${inc}"
        done
    fi
}

test -f /etc/motd-caption && cap_replace="r /etc/motd-caption"

motd_func="\
s/{OS_PRETTY_NAME}/$OS_PRETTY_NAME/g
s/{OS_VERSION_MAJOR}/$OS_VERSION_MAJOR/g
s/{ARCH}/$ARCH/g
s/{SUMA_VERSION}/$SUMA_VERSION/g
/{CAPTION}/{
$cap_replace
d
}
/{INCLUDES}/{
`get_motd_includes`
d
}"

for motd in /etc/motd* ; do
    test -f $motd || continue
    sed -i -e "$motd_func" $motd
done

test -d /etc/motd.d && rm -r /etc/motd.d
test -f /etc/motd-caption && rm /etc/motd-caption
#
# End generate /etc/motd

[ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs

# Generation of the iscsi config file moved to %post of the package
# This implies that all instances have the same iscsi initiator name as the
# file is generated during image build. We do not want this (bsc#1202540)
rm -rf /etc/iscsi/initiatorname.iscsi

sed -i -e 's/^root:[^:]*:/root:*:/' /etc/shadow

prodfiles=(`grep -l '<codestream>' /etc/products.d/*prod`)
for p in $prodfiles ; do
  grep -q '<flavor>extension</flavor>' $p || prodfile="$prodfile $p"
done
if [[ ${#prodfile[*]} -ne 1 ]]; then
    echo "No base product package installed or base product ambiguous." >&2
    false
else
    ln -sf `basename "${prodfile[0]}"` /etc/products.d/baseproduct
fi

sed -i -e 's/# download.use_deltarpm = true/download.use_deltarpm = false/' \
    /etc/zypp/zypp.conf

sed -i -e 's/latest,latest-1,running/latest,running/' /etc/zypp/zypp.conf

# keg: included from hardened-config
# run sap image hardening script
HARDENING_RULES=" \
xccdf_org.ssgproject.content_rule_aide_check_audit_tools \
xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking \
xccdf_org.ssgproject.content_rule_aide_verify_acls \
xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes \
xccdf_org.ssgproject.content_rule_sudo_add_use_pty \
xccdf_org.ssgproject.content_rule_sudo_custom_logfile \
xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated \
xccdf_org.ssgproject.content_rule_banner_etc_issue \
xccdf_org.ssgproject.content_rule_banner_etc_motd \
xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue \
xccdf_org.ssgproject.content_rule_file_owner_etc_issue \
xccdf_org.ssgproject.content_rule_display_login_attempts \
xccdf_org.ssgproject.content_rule_pam_disable_automatic_configuration \
xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember \
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faildelay_delay \
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2 \
xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_dcredit \
xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_difok \
xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_lcredit \
xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_minlen \
xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ocredit \
xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_retry \
xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit \
xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_commonauth \
xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth \
xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction \
xccdf_org.ssgproject.content_rule_smartcard_configure_ca \
xccdf_org.ssgproject.content_rule_smartcard_configure_cert_checking \
xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration \
xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs \
xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs \
xccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing \
xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing \
xccdf_org.ssgproject.content_rule_no_direct_root_logins \
xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs \
xccdf_org.ssgproject.content_rule_accounts_tmout \
xccdf_org.ssgproject.content_rule_file_permissions_home_directories \
xccdf_org.ssgproject.content_rule_audit_rules_enable_syscall_auditing \
xccdf_org.ssgproject.content_rule_audit_rules_immutable \
xccdf_org.ssgproject.content_rule_audit_rules_mac_modification \
xccdf_org.ssgproject.content_rule_audit_rules_media_export \
xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification \
xccdf_org.ssgproject.content_rule_audit_rules_session_events \
xccdf_org.ssgproject.content_rule_audit_rules_session_events_btmp \
xccdf_org.ssgproject.content_rule_audit_rules_session_events_utmp \
xccdf_org.ssgproject.content_rule_audit_rules_session_events_wtmp \
xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function \
xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions \
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group \
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow \
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd \
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd \
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount \
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount2 \
xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl \
xccdf_org.ssgproject.content_rule_audit_rules_execution_chmod \
xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl \
xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon \
xccdf_org.ssgproject.content_rule_audit_rules_execution_rm \
xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename \
xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat \
xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink \
xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat \
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat \
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate \
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open \
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at \
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat \
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename \
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat \
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat2 \
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate \
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink \
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat \
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete \
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit \
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init \
xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock \
xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog \
xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chfn \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passmass \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_agent \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix2_chkpwd \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd \
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usermod \
xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex \
xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime \
xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday \
xccdf_org.ssgproject.content_rule_audit_rules_time_stime \
xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime \
xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records \
xccdf_org.ssgproject.content_rule_auditd_data_disk_full_action \
xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action \
xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action \
xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left \
xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action \
xccdf_org.ssgproject.content_rule_journald_compress \
xccdf_org.ssgproject.content_rule_journald_storage \
xccdf_org.ssgproject.content_rule_ensure_logrotate_activated \
xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled \
xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled \
xccdf_org.ssgproject.content_rule_file_etc_security_opasswd \
xccdf_org.ssgproject.content_rule_file_permissions_backup_etc_shadow \
xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow \
xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs \
xccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled \
xccdf_org.ssgproject.content_rule_kernel_module_udf_disabled \
xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled \
xccdf_org.ssgproject.content_rule_disable_users_coredumps \
xccdf_org.ssgproject.content_rule_file_permissions_cron_d \
xccdf_org.ssgproject.content_rule_file_permissions_cron_daily \
xccdf_org.ssgproject.content_rule_file_permissions_cron_hourly \
xccdf_org.ssgproject.content_rule_file_permissions_cron_monthly \
xccdf_org.ssgproject.content_rule_file_permissions_cron_weekly \
xccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user \
xccdf_org.ssgproject.content_rule_file_permissions_sshd_config \
xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0 \
xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout \
xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding \
xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts \
xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding \
xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner \
xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time \
xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose \
xccdf_org.ssgproject.content_rule_sshd_set_max_sessions \
xccdf_org.ssgproject.content_rule_sshd_set_maxstartups \
xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers_ordered_stig \
xccdf_org.ssgproject.content_rule_sshd_use_approved_macs \
xccdf_org.ssgproject.content_rule_sshd_use_approved_macs_ordered_stig \
"
# remediate selected rules.
for RULE in ${HARDENING_RULES}; do
    oscap xccdf eval --remediate --profile pcs-hardening  --rule ${RULE}  /usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml || {
	echo "!!!FAILED: ${RULE}"
	/bin/fail
	}
done

# keg: included from common-services
baseInsertService boot.device-mapper
baseInsertService haveged
baseInsertService sshd
baseRemoveService boot.efivars
baseRemoveService boot.lvm
baseRemoveService boot.md
baseRemoveService boot.multipath
baseRemoveService display-manager
baseRemoveService kbd

if [[ $kiwi_profiles = Azure ]]; then
    # keg: included from azure-cloud-netconfig
    baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"

# keg: included from azure-set-hostname
    baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "no"

# keg: included from azure-scripts
    # Implement password policy
    # Length: 6-72 characters long
    # Contain any combination of 3 of the following:
    #   - a lowercase character
    #   - an uppercase character
    #   - a number
    #   - a special character
    pwd_policy="minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3"
    sed -i -e "s/pam_cracklib.so/pam_cracklib.so $pwd_policy/" \
        /etc/pam.d/common-password-pc

sed -i -e 's/#ClientAliveInterval 0/ClientAliveInterval 180/' \
        /etc/ssh/sshd_config

# keg: included from azure-default-kernel-log-level
    # Keep the default kernel log level (bsc#1169201)
    sed -i -e 's/$klogConsoleLogLevel/#$klogConsoleLogLevel/' /etc/rsyslog.conf

# keg: included from azure-dhclient-timeout
    dc=/etc/dhclient.conf
    if grep -qE '^timeout' $dc ; then
        sed -r -i 's/^timeout.*/timeout 300;/' $dc
    else
        echo 'timeout 300;' >> $dc
    fi

# keg: included from azure-sshd-config
    sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \
        /etc/ssh/sshd_config

# keg: included from azure-waagent
    # Disable agent auto-update
    sed -i -e 's/AutoUpdate.Enabled=y/AutoUpdate.Enabled=n/' \
        /etc/waagent.conf

# Generate all supported SSH host key types
    sed -i -e 's/SshHostKeyPairType=rsa/SshHostKeyPairType=auto/' \
        /etc/waagent.conf

# Leave the ephemeral disk handling to cloud-init
    sed -i -e 's/ResourceDisk.Format=y/ResourceDisk.Format=n/' \
        /etc/waagent.conf

# keg: included from vm-services
    baseInsertService chronyd

# keg: included from azure-cloud-netconfig
    systemctl enable cloud-netconfig.timer

# keg: included from azure-services
    baseInsertService cloud-config
    baseInsertService cloud-final
    baseInsertService cloud-init
    baseInsertService cloud-init-local
    baseInsertService waagent

# keg: included from azure-regionsrv-timer
    systemctl enable regionsrv-enabler-azure.timer
fi

if [[ $kiwi_profiles = EC2 ]]; then
    # keg: included from ec2-cloud-netconfig
    baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"

# keg: included from ec2-set-hostname
    baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "no"

# keg: included from grub-root-label-workaround-bsc#1197616
    cat >> "/etc/default/grub" <<EOF
GRUB_CMDLINE_LINUX="root=LABEL=ROOT"
SUSE_REMOVE_LINUX_ROOT_PARAM=true
EOF

# keg: included from ec2-scripts
    # No Xen based instance types for ARM, no need for custom config
    if [ "`uname -m`" = "aarch64" ]; then
        rm -f /etc/dracut.conf.d/07-*.conf
    fi

sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \
        /etc/ssh/sshd_config

# Disable password based login via ssh
    sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/' \
        /etc/ssh/sshd_config

# keg: included from vm-services
    baseInsertService chronyd

# keg: included from ec2-services
    baseInsertService cloud-config
    baseInsertService cloud-final
    baseInsertService cloud-init
    baseInsertService cloud-init-local

# keg: included from ec2-cloud-netconfig
    systemctl enable cloud-netconfig.timer
fi

if [[ $kiwi_profiles = GCE ]]; then
    # keg: included from gce-sysconfig-netconfig
    baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"

# keg: included from gce-set-hostname
    baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "yes"

# keg: included from gce-config
    cat >> "/etc/boto.cfg" <<EOF
[Boto]
ca_certificates_file = system
EOF
    cat >> "/etc/boto.cfg.template" <<EOF
[Boto]
ca_certificates_file = system
EOF
    cat >> "/etc/default/instance_configs.cfg.distro" <<EOF
[InstanceSetup]
set_boto_config = false
EOF

# keg: included from gce-config
    sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \
        /etc/ssh/sshd_config

# Disable password based login via ssh
    sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/' \
        /etc/ssh/sshd_config

# keg: included from vm-services
    baseInsertService chronyd

# keg: included from gce-services
    baseInsertService google-guest-agent
    baseInsertService google-osconfig-agent
    systemctl enable google-oslogin-cache.timer
    baseInsertService google-shutdown-scripts
    baseInsertService google-startup-scripts
    baseInsertService rootgrow
fi

Places

File config.sh of Package SLES15-SP5-SAP-Hardened-BYOS

Places