The IBM Aspera High-Speed Transfer Server must configure the SELinux context type to allow the "aspshell".

An XCCDF Rule

Description

<VulnDiscussion>Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-252631r831526_rule
Severity: Medium
References: CCI-002696
Updated: about 1 year ago

Configure the IBM Aspera HSTS SELinux context type for "aspshell" with the following commands:

$ sudo echo /bin/aspshell >> /etc/shells

$ sudo ln -s /opt/aspera/bin/aspshell /bin/aspshell
$ sudo semanage fcontext -a -t shell_exec_t "/opt/aspera/bin/aspshell"

$ sudo restorecon -v /opt/aspera/bin/aspshell

The IBM Aspera High-Speed Transfer Server must configure the SELinux context type to allow the "aspshell".

Description

Remediation - Manual Procedure