Rule ID
SV-252631r831526_rule
Version
V1R3
CCIs
Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
Verify the IBM Aspera HSTS configures the SELinux context type for "aspshell" with the following commands: $ sudo ls -l /bin/aspshell lrwxrwxrwx. 1 root root 24 Sep 1 17:38 /bin/aspshell -> /opt/aspera/bin/aspshell If /bin/aspshell is not simlinked to /opt/aspera/bin/aspshell, this is a finding. $ sudo ls -Z /opt/aspera/bin/aspshell -rwxr-xr-x. root root system_u:object_r:shell_exec_t:S0 /bin/aspshell If the context type of "/opt/aspera/bin/aspshell" is not "shell_exec_t", this is a finding.
Configure the IBM Aspera HSTS SELinux context type for "aspshell" with the following commands: $ sudo echo /bin/aspshell >> /etc/shells $ sudo ln -s /opt/aspera/bin/aspshell /bin/aspshell $ sudo semanage fcontext -a -t shell_exec_t "/opt/aspera/bin/aspshell" $ sudo restorecon -v /opt/aspera/bin/aspshell