Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-252645 | ASP4-TS-020290 | SV-252645r818105_rule | Medium |
Description |
---|
By restricting the default document root for the Aspera HSTS, this allows for explicit access to be defined on a per user basis. By default, all system users can establish a FASP connection and are only restricted by file permissions. |
STIG | Date |
---|---|
IBM Aspera Platform 4.2 Security Technical Implementation Guide | 2022-08-24 |
Check Text ( C-56101r818103_chk ) |
---|
Verify the Aspera High-Speed Transfer Server set the default docroot to an empty folder. Check that the default docroot points to an empty folder with the following command: $ sudo /opt/aspera/bin/asuserdata -a | grep absolute canonical_absolute: " absolute: " If the default docroot is set to " Review the default docroot file path from the previous command to ensure it is empty. $ sudo find If the command does not return " |
Fix Text (F-56051r818104_fix) |
---|
Configure the Aspera High-Speed Transfer Server to set the default docroot to an empty folder with the following command: $ sudo /opt/aspera/bin/asconfigurator -x "set_node_data;canonical_absolute, Restart the IBM Aspera Node service to activate the changes. $ sudo systemctl restart asperanoded.service |